SSH keys don't pass through from Balena UI to config.json (RPi 4)

Hi Balena,

We found that we were unable to establish a tunnel using the Balena CLI successfully to forward port 22222 as standard to localhost or SSH even though SSH keys were provided in the Balena UI prior to connecting.

The error received was "Permission denied (publickey).

To fix this we manually edited config.json in /mnt/boot/ and could then connect, however this was a manual process so can’t be repeated if keys need to be changed across fleets etc.

Is this a bug or should config.json have been updated automatically after provision of the keys in the Balena UI? It would appear so but we found it wasn’t the case.

Many thanks,


Hello @al2ka check this link SSH access - Balena Documentation

there are different options:

  1. using balena CLI (balena ssh)?
  2. using username instead of root?
  3. maybe preload images with the config.json already populated with the keys if any of the previous ones work?

Hi Marc,

Looks like this feature isn’t quite available via the Balena UI (adding SSH keys to config.json using keys added to Balena in the cloud via preferences).

Answer is here and a workaround is to use the Configurizer app -

1 Like

Thank you @al2ka to confirm that my solution does not work. I will read the proper solution and update docs (if needed).

Does this solution using configizer work for you?