how is the SSH key added to balenaCloud used?

could anyone tell what is the purpose of the public SSH key added to balenaCloud as described in
SSH access - Balena Documentation.

I’m trying to add an SSH public key to a productive device after it was provisioned but being told that the setup of the SSH key in balenaCloud could be wrong.

These SSH keys allow you to SSH into a production device through the Balena VPN. This is done with the balena CLI by running balena ssh <device-uuid>. Any public SSH keys added to Balena Cloud can then be used to authenticate your login to the specified device. The <device-uuid> can be found using balena devices. Also balena ssh also allows you to specify a container to ssh into as well with balena ssh <device-uuid> <container-name>.

Let me know if you have any other questions about this information!

thx a lot that helps me a lot, so get out of my mess

  1. add OpenSSH public key (not putty key) to Balena Cloud
  2. open balena-cli
  3. balena-cli -> login
  4. bash -x ./ of balena-io-playground/ssh-key-insert: Tooling to insert the relevant SSH keys into balena devices’ configuration. ( to add penSSH public key to device
  5. balena-cli -> logout
  6. open terminal of OS
  7. using OS’s ssh to login into production directly


If so, final question, where does balena-cli expect the private ssh-key to be stored using

  • Windows
  • Windows Subsystem Linux

as I cannot use the -i flag in case of balena-cli -> ssh so I have to store the key where it is expected what is properly not the case so that is why I get: Permission denied (publickey).
Warning: ssh process exited with non-zero code "255"

as mentioned in Balena ssh fails with Permission denied (publickey) - Product support / balenaOS - balenaForums