diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py
index c9e59d1690b..c01dd48c54c 100644
--- a/cloudinit/config/cc_ssh.py
+++ b/cloudinit/config/cc_ssh.py
@@ -187,8 +187,8 @@
     CONFIG_KEY_TO_FILE.update(
         {
             f"{k}_private": (KEY_FILE_TPL % k, 0o600),
-            f"{k}_public": (f"{KEY_FILE_TPL % k}.pub", 0o600),
-            f"{k}_certificate": (f"{KEY_FILE_TPL % k}-cert.pub", 0o600),
+            f"{k}_public": (f"{KEY_FILE_TPL % k}.pub", 0o644),
+            f"{k}_certificate": (f"{KEY_FILE_TPL % k}-cert.pub", 0o644),
         }
     )
     PRIV_TO_PUB[f"{k}_private"] = f"{k}_public"
diff --git a/tests/unittests/config/test_cc_ssh.py b/tests/unittests/config/test_cc_ssh.py
index 8f2ca8bfeec..cc4032de36c 100644
--- a/tests/unittests/config/test_cc_ssh.py
+++ b/tests/unittests/config/test_cc_ssh.py
@@ -330,17 +330,17 @@ def test_handle_ssh_keys_in_cfg(
                     mock.call(
                         "/etc/ssh/ssh_host_{}_key".format(key_type),
                         private_value,
-                        384,
+                        0o600,
                     ),
                     mock.call(
                         "/etc/ssh/ssh_host_{}_key.pub".format(key_type),
                         public_value,
-                        384,
+                        0o644,
                     ),
                     mock.call(
                         "/etc/ssh/ssh_host_{}_key-cert.pub".format(key_type),
                         cert_value,
-                        384,
+                        0o644,
                     ),
                     mock.call(
                         sshd_conf_fname,
diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers
index 77962d87e55..6833aa9a8b3 100644
--- a/tools/.github-cla-signers
+++ b/tools/.github-cla-signers
@@ -80,6 +80,7 @@ MarkMielke
 marlluslustosa
 matthewruffell
 maxnet
+Mazorius
 megian
 michaelrommel
 mitechie