I found a number of old posts that don't really provide a consistent answer about how to do this in Proxmox. What is the best/official way to add SSH public keys to Proxmox hosts for remote management? I see the symlink for /root/.ssh/authorized_keys and that's what has me asking the question.
Official way to set up SSH keys for Proxmox hosts in 2025
- Thread starter pugglewuggle
- Start date
for the root user, you can add them to /etc/pve/priv/authorized_keys . or you can use a non-root user (and sudo) and manage it however you want 
Thanks! Does Promox synchronize this between all hosts in a cluster or does it have to be set up on each host individually? Is there a recommended “normal” local authentication means for a whole cluster other than PAM that is not LDAP?
/etc/pve is synced across the cluster. the PAM logins are not. the PVE realm is, but that is just for authentication over the API, not for local logins.
Thank you! There was already a key there in /etc/pve/priv/authorized_keys ... can I just append it to the top or bottom of the existing key on a new line like normal?
For my reference, what other items/directories are synced across all hosts in the cluster? Is this accomplished by a different means than corosync?
yes, it's a regular authorized_keys file content-wise
everything in /etc/pve is synced via corosync/pmxcfs
some data outside of /etc/pve is distributed in the cluster as well via pmxcfs - e.g. the RRD data used for the summary graphs on the UI, but that is not synced up when a node has been offline for a while. some storage technologies obviously also sync things (stored data, but also potentially their configuration and internal state).