diff --git a/core/startos/src/init.rs b/core/startos/src/init.rs
index 68a57fca9..62bbdc58b 100644
--- a/core/startos/src/init.rs
+++ b/core/startos/src/init.rs
@@ -15,6 +15,7 @@ use crate::db::model::ServerStatus;
 use crate::disk::mount::util::unmount;
 use crate::middleware::auth::LOCAL_AUTH_COOKIE_PATH;
 use crate::prelude::*;
+use crate::ssh::SSH_AUTHORIZED_KEYS_FILE;
 use crate::util::cpupower::{get_available_governors, get_preferred_governor, set_governor};
 use crate::util::Invoke;
 use crate::{Error, ARCH};
@@ -212,7 +213,7 @@ pub async fn init(cfg: &ServerConfig) -> Result<InitResult, Error> {
 
     crate::ssh::sync_keys(
         &peek.as_private().as_ssh_pubkeys().de()?,
-        "/home/start9/.ssh/authorized_keys",
+        SSH_AUTHORIZED_KEYS_FILE,
     )
     .await?;
     tracing::info!("Synced SSH Keys");
diff --git a/core/startos/src/ssh.rs b/core/startos/src/ssh.rs
index 8965c7edd..711d2ede9 100644
--- a/core/startos/src/ssh.rs
+++ b/core/startos/src/ssh.rs
@@ -14,7 +14,7 @@ use crate::prelude::*;
 use crate::util::clap::FromStrParser;
 use crate::util::serde::{display_serializable, HandlerExtSerde, WithIoFormat};
 
-static SSH_AUTHORIZED_KEYS_FILE: &str = "/home/start9/.ssh/authorized_keys";
+pub const SSH_AUTHORIZED_KEYS_FILE: &str = "/home/start9/.ssh/authorized_keys";
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
 pub struct SshKeys(BTreeMap<InternedString, WithTimeData<SshPubKey>>);
@@ -113,20 +113,26 @@ pub struct AddParams {
 pub async fn add(ctx: RpcContext, AddParams { key }: AddParams) -> Result<SshKeyResponse, Error> {
     let mut key = WithTimeData::new(key);
     let fingerprint = InternedString::intern(key.0.fingerprint_md5());
-    ctx.db
+    let (keys, res) = ctx
+        .db
         .mutate(move |m| {
             m.as_private_mut()
                 .as_ssh_pubkeys_mut()
                 .insert(&fingerprint, &key)?;
 
-            Ok(SshKeyResponse {
-                alg: key.0.keytype().to_owned(),
-                fingerprint,
-                hostname: key.0.comment.take().unwrap_or_default(),
-                created_at: key.created_at.to_rfc3339(),
-            })
+            Ok((
+                m.as_private().as_ssh_pubkeys().de()?,
+                SshKeyResponse {
+                    alg: key.0.keytype().to_owned(),
+                    fingerprint,
+                    hostname: key.0.comment.take().unwrap_or_default(),
+                    created_at: key.created_at.to_rfc3339(),
+                },
+            ))
         })
-        .await
+        .await?;
+    sync_keys(&keys, SSH_AUTHORIZED_KEYS_FILE).await?;
+    Ok(res)
 }
 
 #[derive(Deserialize, Serialize, Parser)]