Yes, indeed the backdoor code checks, in the event of ssh authentication with a certificate, that it was signed with a specific ssh private key (their own CA), the corresponding public key being hardcoded in the backdoor code.
But this project xzbot demonstrates how to patch the corrupted liblzma to replace the key
lemmy.world