diff --git a/conf/config.defaults b/conf/config.defaults
index c05648d5..67b74f69 100644
--- a/conf/config.defaults
+++ b/conf/config.defaults
@@ -63,7 +63,7 @@ ECDSA = SHA256:L71Q91yHwmHPYYkJMDgj0xmUuw16qFOhJbBr1mzsiOI
 RSA = SHA256:Ju+yWiMb/2O+gKQ9RJCDqvRg7l+Q95KFAeqM5sr6l2s
 
 [auth]
-valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519
+valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ssh-ecdsa@openssh.com sk-ssh-ed25519@openssh.com
 username-regex = [a-zA-Z0-9]+[.\-_]?[a-zA-Z0-9]+$
 git-serve-cmd = /usr/local/bin/aurweb-git-serve
 ssh-options = restrict
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index df016c6d..0d021f99 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -875,10 +875,7 @@ function valid_pgp_fingerprint($fingerprint) {
  * @return bool True if the SSH public key is valid, otherwise false
  */
 function valid_ssh_pubkey($pubkey) {
-	$valid_prefixes = array(
-		"ssh-rsa", "ssh-dss", "ecdsa-sha2-nistp256",
-		"ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "ssh-ed25519"
-	);
+	$valid_prefixes = explode(' ', config_get('auth', 'valid-keytypes'));
 
 	$has_valid_prefix = false;
 	foreach ($valid_prefixes as $prefix) {