Docs Dashboard Developers
Menu

SSH keys

Register your public keys once per project and attach them to every VM you create. Keys can also be inlined per-VM at create time, but the registered path is easier to audit and reuse.

Register a key

Developers → SSH keys → Add key. Paste the contents of your public key file (e.g. ~/.ssh/id_ed25519.pub), give it a short id (the slug you'll see in the VM create picker) and a display name, save. The new key appears in the picker immediately.

Use a key on a new VM

On the VM create page, the SSH keys picker shows every registered key in the project. Tick the ones you want — all ticked keys are baked into the guest's ~/.ssh/authorized_keys at first boot. Multiple keys are fine; multi-developer access is the common pattern.

If a key you need isn't registered yet, the picker has an Add a new key shortcut that opens the same form inline without leaving the create flow.

Bulk-import from GitHub

If your team's SSH keys already live on GitHub, import them in one step: Developers → SSH keys → Import from GitHub. Type the GitHub username, optionally set a display-name prefix (github-octocat- by default), import. Every public key on that GitHub account is registered as a separate Metalhost SSH key; existing keys with the same material are skipped.

If you've linked your Metalhost account to GitHub via SSO, the importer can resolve your username automatically — leave the field blank and tick Use my linked GitHub identity.

List and delete

Developers → SSH keys lists every key in the project with its slug, display name, and fingerprint. Hover a row for a delete button.

Deleting a registered key only removes the resource — it has no effect on VMs that already have the key baked into authorized_keys. Rotate by logging into the VM and removing the line.

Best practice

  • Prefer ed25519 keys — faster, shorter, modern.
  • Register one key per device, not one shared key per team. Easier to revoke when a laptop is lost.
  • Keep the slug short and human-readable — you'll see it in pickers throughout the dashboard.
  • For CI, mint a dedicated key (slug: ci-deploy) and store its private half in your CI provider's secret manager.

What's next