diff --git a/Gemfile b/Gemfile
index c142265a402dc15b71a5168b8bc32dc7efdfe796..e388121df9b3fe9c96e13abb208eb784fec58362 100644
--- a/Gemfile
+++ b/Gemfile
@@ -466,16 +466,9 @@ gem 'sys-filesystem', '~> 1.4.3'
 # NTP client
 gem 'net-ntp'
 
-# SSH host key support
-gem 'net-ssh', '~> 6.0'
+# SSH keys support
 gem 'ssh_data', '~> 1.2'
 
-# Required for ED25519 SSH host key support
-group :ed25519 do
-  gem 'ed25519', '~> 1.2'
-  gem 'bcrypt_pbkdf', '~> 1.1'
-end
-
 # Spamcheck GRPC protocol definitions
 gem 'spamcheck', '~> 0.1.0'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 00efcd0ba66d500be23321c9cc083b3c2ac94251..ca223bb428d38fc89412cc00b5150569e75be452 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -137,7 +137,6 @@ GEM
     base32 (0.3.2)
     batch-loader (2.0.1)
     bcrypt (3.1.16)
-    bcrypt_pbkdf (1.1.0)
     benchmark (0.1.1)
     benchmark-ips (2.3.0)
     benchmark-memory (0.1.2)
@@ -308,7 +307,6 @@ GEM
     e2mmap (0.1.0)
     ecma-re-validator (0.3.0)
       regexp_parser (~> 2.0)
-    ed25519 (1.2.4)
     elasticsearch (6.8.2)
       elasticsearch-api (= 6.8.2)
       elasticsearch-transport (= 6.8.2)
@@ -1408,7 +1406,6 @@ DEPENDENCIES
   base32 (~> 0.3.0)
   batch-loader (~> 2.0.1)
   bcrypt (~> 3.1, >= 3.1.14)
-  bcrypt_pbkdf (~> 1.1)
   benchmark-ips (~> 2.3.0)
   benchmark-memory (~> 0.1)
   better_errors (~> 2.9.0)
@@ -1441,7 +1438,6 @@ DEPENDENCIES
   discordrb-webhooks (~> 3.4)
   doorkeeper (~> 5.5.0.rc2)
   doorkeeper-openid_connect (~> 1.7.5)
-  ed25519 (~> 1.2)
   elasticsearch-api (~> 6.8.2)
   elasticsearch-model (~> 6.1)
   elasticsearch-rails (~> 6.1)
@@ -1542,7 +1538,6 @@ DEPENDENCIES
   multi_json (~> 1.14.1)
   net-ldap (~> 0.16.3)
   net-ntp
-  net-ssh (~> 6.0)
   nokogiri (~> 1.12)
   oauth2 (~> 1.4)
   octokit (~> 4.15)
diff --git a/app/validators/x509_certificate_credentials_validator.rb b/app/validators/x509_certificate_credentials_validator.rb
index d2f18e956c333880165c3fdb311cfe1627322194..11b53d59c7d13e83a91144123adee459811ab2ff 100644
--- a/app/validators/x509_certificate_credentials_validator.rb
+++ b/app/validators/x509_certificate_credentials_validator.rb
@@ -41,7 +41,7 @@ def validate(record)
 
     return if private_key.nil? || certificate.nil?
 
-    unless certificate.public_key.fingerprint == private_key.public_key.fingerprint
+    unless certificate.check_private_key(private_key)
       record.errors.add(options[:pkey], _('private key does not match certificate.'))
     end
   end