diff --git a/confluent_server/confluent/config/attributes.py b/confluent_server/confluent/config/attributes.py
index 955e3416..3967240f 100644
--- a/confluent_server/confluent/config/attributes.py
+++ b/confluent_server/confluent/config/attributes.py
@@ -534,6 +534,13 @@ node = {
         'description': ('Password to use when connecting to the hardware '
                         'manager'),
     },
+    'ssh.trustnodes': {
+        'description': ('Nodes that are allowed to ssh into the node, '
+                        'expressed in noderange syntax.  This is used during '
+                        'deployment if the confluent SSH certificate '
+                        'authority is configured.  Default behavior is for '
+                        'all nodes to trust each other.'),
+    },
     'pubkeys.addpolicy': {
         'description': ('Policy to use when encountering unknown public '
                         'keys.  Choices are "automatic" to accept and '
diff --git a/confluent_server/confluent/selfservice.py b/confluent_server/confluent/selfservice.py
index fc8b9d3f..89542b8d 100644
--- a/confluent_server/confluent/selfservice.py
+++ b/confluent_server/confluent/selfservice.py
@@ -301,8 +301,8 @@ def get_cluster_list(nodename=None, cfg=None):
         cfg = configmanager.ConfigManager(None)
     nodes = None
     if nodename is not None:
-        sshpeers = cfg.get_node_attributes(nodename, 'ssh.peers')
-        sshpeers = sshpeers.get(nodename, {}).get('ssh.peers', {}).get(
+        sshpeers = cfg.get_node_attributes(nodename, 'ssh.trustnodes')
+        sshpeers = sshpeers.get(nodename, {}).get('ssh.trustnodes', {}).get(
             'value', None)
         if sshpeers:
             nodes = noderange.NodeRange(sshpeers, cfg).nodes