diff --git a/components/network/default.nix b/components/network/default.nix
index 45abac7..fd452b9 100644
--- a/components/network/default.nix
+++ b/components/network/default.nix
@@ -18,7 +18,6 @@ with types;
     ./tinc
     ./wifi.nix
     ./wireguard.nix
-    ./zerotier.nix # todo: sshd must be first managed by clan
   ];
 
   config = mkIf config.components.network.enable { };
diff --git a/components/network/sshd/default.nix b/components/network/sshd/default.nix
index 95bad56..f1801f3 100644
--- a/components/network/sshd/default.nix
+++ b/components/network/sshd/default.nix
@@ -39,6 +39,8 @@ in
 
   imports = [
     ./known-hosts-public.nix
+    ./known-hosts-manual.nix
+    ./known-hosts-zerotier.nix
   ];
 
   options.components.network.sshd = {
diff --git a/components/network/sshd/known-hosts-manual.nix b/components/network/sshd/known-hosts-manual.nix
new file mode 100644
index 0000000..bb49d5c
--- /dev/null
+++ b/components/network/sshd/known-hosts-manual.nix
@@ -0,0 +1,19 @@
+{ pkgs, config, lib, clanLib, ... }:
+with lib;
+let
+  publicKey = clanLib.readFact "ssh.id_ed25519.pub";
+in
+{
+  config = {
+
+    services.openssh.knownHosts = {
+      orbi = {
+        hostNames = [
+          "git.ingolf-wagner.de"
+          "95.216.66.212"
+        ];
+      };
+    };
+
+  };
+}
diff --git a/components/network/zerotier.nix b/components/network/sshd/known-hosts-zerotier.nix
similarity index 99%
rename from components/network/zerotier.nix
rename to components/network/sshd/known-hosts-zerotier.nix
index 6537bf9..e1bbeaf 100644
--- a/components/network/zerotier.nix
+++ b/components/network/sshd/known-hosts-zerotier.nix
@@ -3,7 +3,6 @@ let
   machines = clanLib.allMachineNames;
   publicKey = clanLib.readFact "ssh.id_ed25519.pub";
   tld = config.clan.static-hosts.topLevelDomain;
-
   knownHosts = lib.genAttrs machines
     (machine:
       {