Default behavior
On first VM creation, the CLI registers your ~/.ssh/id_rsa.pub and sets it as default. Your private key never leaves your machine.
Key types
Public keys (bring your own) — machine0 stores only the public half.
Managed keys (server-generated) — the server creates the keypair and returns the private key once. Saved locally with 0600 permissions. Required for MCP ssh_exec.
Managed private keys can only be downloaded once at creation time.
SSH users
| Image | Default user |
|---|
| Ubuntu | ubuntu |
| NixOS (provisioned) | nix |
In-browser terminal
For VMs created with a managed key, the web dashboard offers an in-browser
terminal. Click SSH on any running VM in the dashboard and a full-screen shell
opens at /machines/<name>/terminal. The browser connects over WebSocket; the
server uses the managed private key to bridge to the VM’s sshd. No local
SSH setup needed.
VMs created with a user-provided public key (the default) cannot use the
in-browser terminal — the server does not have the private key. Use
machine0 ssh <name> from your local terminal instead.
Sessions stay connected through long-running commands (the server sends a
4-minute keepalive frame) and auto-close after 30 minutes of inactivity.
Destroying the managed key via machine0 ssh-keys destroy or the dashboard
terminates any active terminal sessions using that key.
Commands
See CLI reference for key management commands.