I just happened across something nifty: you can use the VerifyHostKeyDNS option in your SSH configuration to fetch the host’s public key fingerprint over DNSSEC-secured DNS (with a “SSHFP” record type).
This is defined in RFC 4255, Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints if you’re looking for some light reading.
We’re now running on a faster virtual machine hosted in Boston, which seems to have excellent uptime. I’ve also taken this opportunity to upgrade to the latest WordPress. The main page is gone for now, but it avoids the total lunacy of a Ruby on Rails application running for the main page, with PHP for the rest of the (WordPress) site with about 100 lines of mod_rewrite insanity to glue it all together. It’s nice and simple now, like it should be.