diff --git a/playbooks/_common-setup.yml b/playbooks/_common-setup.yml
index 3e07e63..28f3591 100644
--- a/playbooks/_common-setup.yml
+++ b/playbooks/_common-setup.yml
@@ -24,4 +24,6 @@
 - import_playbook: resolvconf.yml
 - import_playbook: users.yml
 - import_playbook: exporters.yml
-- import_playbook: pmc314-ca.yml
\ No newline at end of file
+- import_playbook: pmc314-ca.yml
+
+- import_playbook: ssh-certs/deploy-user-certs.yml
diff --git a/playbooks/ssh-certs/deploy-host-certs.yml b/playbooks/ssh-certs/deploy-host-certs.yml
new file mode 100644
index 0000000..09efa94
--- /dev/null
+++ b/playbooks/ssh-certs/deploy-host-certs.yml
@@ -0,0 +1,59 @@
+- hosts: all
+  become: yes
+  vars:
+    # Имя провижнера на сервере step-ca, который имеет право подписывать хосты
+    step_host_provisioner: "ssh-host-provisioner"
+    # Путь к файлу с паролем от этого провижнера на вашей Ansible-машине
+    step_provisioner_password_file: "/etc/step-ca/host_provisioner_password.txt"
+
+  tasks:
+    - name: Создание временной папки на Ansible-машине для генерации ключей хоста
+      delegate_to: localhost
+      become: no
+      file:
+        path: "/tmp/ssh_host_certs/{{ inventory_hostname }}"
+        state: directory
+        mode: '0700'
+
+    - name: Удаленный выпуск Хост-сертификата силами step-ca
+      delegate_to: localhost
+      become: no
+      shell: >
+        step ssh certificate {{ inventory_hostname }} /tmp/ssh_host_certs/{{ inventory_hostname }}/ssh_host_ed25519_key.pub
+        --host --sign --provisioner "{{ step_host_provisioner }}" 
+        --password-file "{{ step_provisioner_password_file }}"
+        --principal "{{ inventory_hostname }}" --principal "{{ ansible_host }}"
+        --force
+
+    # step создаст два файла: сам публичный ключ и файл сертификата с суффиксом -cert.pub
+    # Нам нужно забрать получившийся сертификат и положить его на целевую ноду
+
+    - name: Копирование сгенерированного Хост-сертификата на целевую виртуалку
+      copy:
+        src: "/tmp/ssh_host_certs/{{ inventory_hostname }}/ssh_host_ed25519_key-cert.pub"
+        dest: /etc/ssh/ssh_host_ed25519_key-cert.pub
+        owner: root
+        group: root
+        mode: '0600'
+
+    - name: Настройка sshd_config для отдачи Хост-сертификата клиентам
+      blockinfile:
+        path: /etc/ssh/sshd_config
+        block: |
+          HostKey /etc/ssh/ssh_host_ed25519_key
+          HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
+        marker: "# {mark} ANSIBLE MANAGED HOST CERTIFICATE BLOCK #"
+      notify: Restart SSH
+
+    - name: Очистка временных файлов на Ansible-машине
+      delegate_to: localhost
+      become: no
+      file:
+        path: "/tmp/ssh_host_certs/{{ inventory_hostname }}"
+        state: absent
+
+  handlers:
+    - name: Restart SSH
+      service:
+        name: sshd
+        state: restarted
\ No newline at end of file
diff --git a/playbooks/deploy_ssh_user_certs.yml b/playbooks/ssh-certs/deploy-user-certs.yml
similarity index 100%
rename from playbooks/deploy_ssh_user_certs.yml
rename to playbooks/ssh-certs/deploy-user-certs.yml