diff --git a/confluent_server/confluent/plugins/shell/ssh.py b/confluent_server/confluent/plugins/shell/ssh.py
index cb25998f..4fc18116 100644
--- a/confluent_server/confluent/plugins/shell/ssh.py
+++ b/confluent_server/confluent/plugins/shell/ssh.py
@@ -42,7 +42,8 @@ class HostKeyHandler(paramiko.client.MissingHostKeyPolicy):
                     cfg[self.node]['pubkeys.addpolicy'] and
                     cfg[self.node]['pubkeys.addpolicy']['value'] == 'manual'):
                 raise cexc.PubkeyInvalid('New ssh key detected',
-                                         key, fingerprint, 'pubkeys.ssh')
+                                         key.asbytes(), fingerprint,
+                                         'pubkeys.ssh')
             auditlog = log.Logger('audit')
             auditlog.log({'node': self.node, 'event': 'sshautoadd',
                           'fingerprint': fingerprint})
@@ -51,8 +52,9 @@ class HostKeyHandler(paramiko.client.MissingHostKeyPolicy):
             return True
         elif cfg[self.node]['pubkeys.ssh']['value'] == fingerprint:
             return True
-        raise cexc.PubKeyInvalid(
-            'Mismatched SSH host key detected', key, fingerprint, 'pubkeys.ssh'
+        raise cexc.PubkeyInvalid(
+            'Mismatched SSH host key detected', key.asbytes(), fingerprint,
+                'pubkeys.ssh'
         )
 
 
diff --git a/confluent_server/confluent/util.py b/confluent_server/confluent/util.py
index 99d140c1..6c8f7422 100644
--- a/confluent_server/confluent/util.py
+++ b/confluent_server/confluent/util.py
@@ -93,6 +93,6 @@ class TLSCertVerifier(object):
             return True
         elif storedprint[self.node][self.fieldname]['value'] == fingerprint:
             return True
-        raise cexc.PubKeyInvalid(
+        raise cexc.PubkeyInvalid(
             'Mismatched certificate detected', certificate, fingerprint,
             self.fieldname)