diff --git a/src/main/java/de/tum/cit/aet/artemis/core/domain/User.java b/src/main/java/de/tum/cit/aet/artemis/core/domain/User.java
index 2ef2478cf295..c435194cdf40 100644
--- a/src/main/java/de/tum/cit/aet/artemis/core/domain/User.java
+++ b/src/main/java/de/tum/cit/aet/artemis/core/domain/User.java
@@ -156,23 +156,6 @@ public class User extends AbstractAuditingEntity implements Participant {
     @Column(name = "vcs_access_token_expiry_date")
     private ZonedDateTime vcsAccessTokenExpiryDate = null;
 
-    /**
-     * The actual full public ssh key of a user used to authenticate git clone and git push operations if available
-     */
-    @Nullable
-    @JsonIgnore
-    @Column(name = "ssh_public_key")
-    private final String sshPublicKey = null;
-
-    /**
-     * A hash of the public ssh key for fast comparison in the database (with an index)
-     */
-    @Nullable
-    @Size(max = 100)
-    @JsonIgnore
-    @Column(name = "ssh_public_key_hash")
-    private final String sshPublicKeyHash = null;
-
     @ElementCollection(fetch = FetchType.LAZY)
     @CollectionTable(name = "user_groups", joinColumns = @JoinColumn(name = "user_id"))
     @Column(name = "user_groups")
@@ -560,14 +543,4 @@ public void hasAcceptedIrisElseThrow() {
             throw new AccessForbiddenException("The user has not accepted the Iris privacy policy yet.");
         }
     }
-
-    @Nullable
-    public String getSshPublicKey() {
-        return sshPublicKey;
-    }
-
-    @Nullable
-    public @Size(max = 100) String getSshPublicKeyHash() {
-        return sshPublicKeyHash;
-    }
 }
diff --git a/src/main/java/de/tum/cit/aet/artemis/core/dto/UserDTO.java b/src/main/java/de/tum/cit/aet/artemis/core/dto/UserDTO.java
index 3d627425a8f7..1f5ea1e653b8 100644
--- a/src/main/java/de/tum/cit/aet/artemis/core/dto/UserDTO.java
+++ b/src/main/java/de/tum/cit/aet/artemis/core/dto/UserDTO.java
@@ -76,10 +76,6 @@ public class UserDTO extends AuditingEntityDTO {
 
     private ZonedDateTime vcsAccessTokenExpiryDate;
 
-    private String sshPublicKey;
-
-    private String sshKeyHash;
-
     private ZonedDateTime irisAccepted;
 
     public UserDTO() {
@@ -262,14 +258,6 @@ public ZonedDateTime getVcsAccessTokenExpiryDate() {
         return vcsAccessTokenExpiryDate;
     }
 
-    public String getSshPublicKey() {
-        return sshPublicKey;
-    }
-
-    public void setSshPublicKey(String sshPublicKey) {
-        this.sshPublicKey = sshPublicKey;
-    }
-
     @Override
     public String toString() {
         return "UserDTO{" + "login='" + login + '\'' + ", firstName='" + firstName + '\'' + ", lastName='" + lastName + '\'' + ", email='" + email + '\'' + ", imageUrl='"
@@ -293,12 +281,4 @@ public ZonedDateTime getIrisAccepted() {
     public void setIrisAccepted(ZonedDateTime irisAccepted) {
         this.irisAccepted = irisAccepted;
     }
-
-    public String getSshKeyHash() {
-        return sshKeyHash;
-    }
-
-    public void setSshKeyHash(String sshKeyHash) {
-        this.sshKeyHash = sshKeyHash;
-    }
 }
diff --git a/src/main/java/de/tum/cit/aet/artemis/core/repository/UserRepository.java b/src/main/java/de/tum/cit/aet/artemis/core/repository/UserRepository.java
index 5b66b31aee98..0d3280cf5d96 100644
--- a/src/main/java/de/tum/cit/aet/artemis/core/repository/UserRepository.java
+++ b/src/main/java/de/tum/cit/aet/artemis/core/repository/UserRepository.java
@@ -724,16 +724,6 @@ default Page<User> searchAllWithGroupsByLoginOrNameInCourseAndReturnPage(Pageabl
             """)
     void updateUserLanguageKey(@Param("userId") long userId, @Param("languageKey") String languageKey);
 
-    @Modifying
-    @Transactional // ok because of modifying query
-    @Query("""
-            UPDATE User user
-            SET user.sshPublicKeyHash = :sshPublicKeyHash,
-                user.sshPublicKey = :sshPublicKey
-            WHERE user.id = :userId
-            """)
-    void updateUserSshPublicKeyHash(@Param("userId") long userId, @Param("sshPublicKeyHash") String sshPublicKeyHash, @Param("sshPublicKey") String sshPublicKey);
-
     @Modifying
     @Transactional // ok because of modifying query
     @Query("""
@@ -1120,8 +1110,6 @@ default boolean isCurrentUser(String login) {
         return SecurityUtils.getCurrentUserLogin().map(currentLogin -> currentLogin.equals(login)).orElse(false);
     }
 
-    Optional<User> findBySshPublicKeyHash(String keyString);
-
     /**
      * Finds all users which a non-null VCS access token that expires before some given date.
      *
diff --git a/src/main/java/de/tum/cit/aet/artemis/core/web/AccountResource.java b/src/main/java/de/tum/cit/aet/artemis/core/web/AccountResource.java
index 997574c76da7..16c94629047c 100644
--- a/src/main/java/de/tum/cit/aet/artemis/core/web/AccountResource.java
+++ b/src/main/java/de/tum/cit/aet/artemis/core/web/AccountResource.java
@@ -2,19 +2,15 @@
 
 import static de.tum.cit.aet.artemis.core.config.Constants.PROFILE_CORE;
 
-import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.nio.file.Path;
-import java.security.GeneralSecurityException;
-import java.security.PublicKey;
 import java.time.ZonedDateTime;
 import java.util.Optional;
 
 import jakarta.validation.Valid;
 import jakarta.ws.rs.BadRequestException;
 
-import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Profile;
@@ -45,7 +41,6 @@
 import de.tum.cit.aet.artemis.core.service.user.UserCreationService;
 import de.tum.cit.aet.artemis.core.service.user.UserService;
 import de.tum.cit.aet.artemis.programming.service.localvc.LocalVCPersonalAccessTokenManagementService;
-import de.tum.cit.aet.artemis.programming.service.localvc.ssh.HashUtils;
 
 /**
  * REST controller for managing the current user's account.
@@ -128,50 +123,6 @@ public ResponseEntity<Void> changePassword(@RequestBody PasswordChangeDTO passwo
         return ResponseEntity.ok().build();
     }
 
-    /**
-     * PUT account/ssh-public-key : sets the ssh public key
-     *
-     * @param sshPublicKey the ssh public key to set
-     *
-     * @return the ResponseEntity with status 200 (OK), with status 404 (Not Found), or with status 400 (Bad Request)
-     */
-    @PutMapping("account/ssh-public-key")
-    @EnforceAtLeastStudent
-    public ResponseEntity<Void> addSshPublicKey(@RequestBody String sshPublicKey) throws GeneralSecurityException, IOException {
-
-        User user = userRepository.getUser();
-        log.debug("REST request to add SSH key to user {}", user.getLogin());
-        // Parse the public key string
-        AuthorizedKeyEntry keyEntry;
-        try {
-            keyEntry = AuthorizedKeyEntry.parseAuthorizedKeyEntry(sshPublicKey);
-        }
-        catch (IllegalArgumentException e) {
-            throw new BadRequestAlertException("Invalid SSH key format", "SSH key", "invalidKeyFormat", true);
-        }
-        // Extract the PublicKey object
-        PublicKey publicKey = keyEntry.resolvePublicKey(null, null, null);
-        String keyHash = HashUtils.getSha512Fingerprint(publicKey);
-        userRepository.updateUserSshPublicKeyHash(user.getId(), keyHash, sshPublicKey);
-        return ResponseEntity.ok().build();
-    }
-
-    /**
-     * PUT account/ssh-public-key : sets the ssh public key
-     *
-     * @return the ResponseEntity with status 200 (OK), with status 404 (Not Found), or with status 400 (Bad Request)
-     */
-    @DeleteMapping("account/ssh-public-key")
-    @EnforceAtLeastStudent
-    public ResponseEntity<Void> deleteSshPublicKey() {
-        User user = userRepository.getUser();
-        log.debug("REST request to remove SSH key of user {}", user.getLogin());
-        userRepository.updateUserSshPublicKeyHash(user.getId(), null, null);
-
-        log.debug("Successfully deleted SSH key of user {}", user.getLogin());
-        return ResponseEntity.ok().build();
-    }
-
     /**
      * PUT account/user-vcs-access-token : creates a vcsAccessToken for a user
      *
diff --git a/src/main/java/de/tum/cit/aet/artemis/core/web/open/PublicAccountResource.java b/src/main/java/de/tum/cit/aet/artemis/core/web/open/PublicAccountResource.java
index bd673ece51d4..543ad85964da 100644
--- a/src/main/java/de/tum/cit/aet/artemis/core/web/open/PublicAccountResource.java
+++ b/src/main/java/de/tum/cit/aet/artemis/core/web/open/PublicAccountResource.java
@@ -166,8 +166,6 @@ public ResponseEntity<UserDTO> getAccount() {
         // we set this value on purpose here: the user can only fetch their own information, make the token available for constructing the token-based clone-URL
         userDTO.setVcsAccessToken(user.getVcsAccessToken());
         userDTO.setVcsAccessTokenExpiryDate(user.getVcsAccessTokenExpiryDate());
-        userDTO.setSshPublicKey(user.getSshPublicKey());
-        userDTO.setSshKeyHash(user.getSshPublicKeyHash());
         log.info("GET /account {} took {}ms", user.getLogin(), System.currentTimeMillis() - start);
         return ResponseEntity.ok(userDTO);
     }
diff --git a/src/main/java/de/tum/cit/aet/artemis/programming/domain/UserSshPublicKey.java b/src/main/java/de/tum/cit/aet/artemis/programming/domain/UserSshPublicKey.java
new file mode 100644
index 000000000000..8348c7eb656c
--- /dev/null
+++ b/src/main/java/de/tum/cit/aet/artemis/programming/domain/UserSshPublicKey.java
@@ -0,0 +1,131 @@
+package de.tum.cit.aet.artemis.programming.domain;
+
+import java.time.ZonedDateTime;
+
+import jakarta.annotation.Nullable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Table;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
+
+import de.tum.cit.aet.artemis.core.domain.DomainObject;
+
+/**
+ * A public SSH key of a user.
+ */
+@Entity
+@Table(name = "user_public_ssh_key")
+@Cache(usage = CacheConcurrencyStrategy.NONSTRICT_READ_WRITE)
+public class UserSshPublicKey extends DomainObject {
+
+    /**
+     * The user who is owner of the public key
+     */
+    @NotNull
+    @Column(name = "user_id")
+    private long userId;
+
+    /**
+     * The label of the SSH key shwon in the UI
+     */
+    @Size(max = 50)
+    @Column(name = "label", length = 50)
+    private String label;
+
+    /**
+     * The actual full public ssh key of a user used to authenticate git clone and git push operations if available
+     */
+    @NotNull
+    @Column(name = "public_key")
+    private String publicKey;
+
+    /**
+     * A hash of the public ssh key for fast comparison in the database (with an index)
+     */
+    @Size(max = 100)
+    @Column(name = "key_hash")
+    private String keyHash;
+
+    /**
+     * The creation date of the public SSH key
+     */
+    @Column(name = "creation_date")
+    private ZonedDateTime creationDate = null;
+
+    /**
+     * The last used date of the public SSH key
+     */
+    @Nullable
+    @Column(name = "last_used_date")
+    private ZonedDateTime lastUsedDate = null;
+
+    /**
+     * The expiry date of the public SSH key
+     */
+    @Nullable
+    @Column(name = "expiry_date")
+    private ZonedDateTime expiryDate = null;
+
+    public @NotNull long getUserId() {
+        return userId;
+    }
+
+    public void setUserId(@NotNull long userId) {
+        this.userId = userId;
+    }
+
+    public @Size(max = 50) String getLabel() {
+        return label;
+    }
+
+    public void setLabel(@Size(max = 50) String label) {
+        this.label = label;
+    }
+
+    public String getPublicKey() {
+        return publicKey;
+    }
+
+    public void setPublicKey(String publicKey) {
+        this.publicKey = publicKey;
+    }
+
+    @Nullable
+    public @Size(max = 100) String getKeyHash() {
+        return keyHash;
+    }
+
+    public void setKeyHash(@Nullable @Size(max = 100) String keyHash) {
+        this.keyHash = keyHash;
+    }
+
+    public ZonedDateTime getCreationDate() {
+        return creationDate;
+    }
+
+    public void setCreationDate(ZonedDateTime creationDate) {
+        this.creationDate = creationDate;
+    }
+
+    @Nullable
+    public ZonedDateTime getLastUsedDate() {
+        return lastUsedDate;
+    }
+
+    public void setLastUsedDate(@Nullable ZonedDateTime lastUsedDate) {
+        this.lastUsedDate = lastUsedDate;
+    }
+
+    @Nullable
+    public ZonedDateTime getExpiryDate() {
+        return expiryDate;
+    }
+
+    public void setExpiryDate(@Nullable ZonedDateTime expiryDate) {
+        this.expiryDate = expiryDate;
+    }
+}
diff --git a/src/main/java/de/tum/cit/aet/artemis/programming/dto/UserSshPublicKeyDTO.java b/src/main/java/de/tum/cit/aet/artemis/programming/dto/UserSshPublicKeyDTO.java
new file mode 100644
index 000000000000..ecfeedab8126
--- /dev/null
+++ b/src/main/java/de/tum/cit/aet/artemis/programming/dto/UserSshPublicKeyDTO.java
@@ -0,0 +1,16 @@
+package de.tum.cit.aet.artemis.programming.dto;
+
+import java.time.ZonedDateTime;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+import de.tum.cit.aet.artemis.programming.domain.UserSshPublicKey;
+
+@JsonInclude(JsonInclude.Include.NON_EMPTY)
+public record UserSshPublicKeyDTO(Long id, String label, String publicKey, String keyHash, ZonedDateTime creationDate, ZonedDateTime lastUsedDate, ZonedDateTime expiryDate) {
+
+    public static UserSshPublicKeyDTO of(UserSshPublicKey userSshPublicKey) {
+        return new UserSshPublicKeyDTO(userSshPublicKey.getId(), userSshPublicKey.getLabel(), userSshPublicKey.getPublicKey(), userSshPublicKey.getKeyHash(),
+                userSshPublicKey.getCreationDate(), userSshPublicKey.getLastUsedDate(), userSshPublicKey.getExpiryDate());
+    }
+}
diff --git a/src/main/java/de/tum/cit/aet/artemis/programming/repository/UserSshPublicKeyRepository.java b/src/main/java/de/tum/cit/aet/artemis/programming/repository/UserSshPublicKeyRepository.java
new file mode 100644
index 000000000000..b177b7b72089
--- /dev/null
+++ b/src/main/java/de/tum/cit/aet/artemis/programming/repository/UserSshPublicKeyRepository.java
@@ -0,0 +1,27 @@
+package de.tum.cit.aet.artemis.programming.repository;
+
+import static de.tum.cit.aet.artemis.core.config.Constants.PROFILE_CORE;
+
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Repository;
+
+import de.tum.cit.aet.artemis.core.repository.base.ArtemisJpaRepository;
+import de.tum.cit.aet.artemis.programming.domain.UserSshPublicKey;
+
+@Profile(PROFILE_CORE)
+@Repository
+public interface UserSshPublicKeyRepository extends ArtemisJpaRepository<UserSshPublicKey, Long> {
+
+    List<UserSshPublicKey> findAllByUserId(Long userId);
+
+    Optional<UserSshPublicKey> findByKeyHash(String keyHash);
+
+    Optional<UserSshPublicKey> findByIdAndUserId(Long keyId, Long userId);
+
+    boolean existsByIdAndUserId(Long id, Long userId);
+
+    boolean existsByUserId(Long userId);
+}
diff --git a/src/main/java/de/tum/cit/aet/artemis/programming/service/UserSshPublicKeyService.java b/src/main/java/de/tum/cit/aet/artemis/programming/service/UserSshPublicKeyService.java
new file mode 100644
index 000000000000..232afd327663
--- /dev/null
+++ b/src/main/java/de/tum/cit/aet/artemis/programming/service/UserSshPublicKeyService.java
@@ -0,0 +1,139 @@
+package de.tum.cit.aet.artemis.programming.service;
+
+import static de.tum.cit.aet.artemis.core.config.Constants.PROFILE_CORE;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.PublicKey;
+import java.time.ZonedDateTime;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Service;
+
+import de.tum.cit.aet.artemis.core.domain.User;
+import de.tum.cit.aet.artemis.core.exception.AccessForbiddenException;
+import de.tum.cit.aet.artemis.core.exception.BadRequestAlertException;
+import de.tum.cit.aet.artemis.programming.domain.UserSshPublicKey;
+import de.tum.cit.aet.artemis.programming.dto.UserSshPublicKeyDTO;
+import de.tum.cit.aet.artemis.programming.repository.UserSshPublicKeyRepository;
+import de.tum.cit.aet.artemis.programming.service.localvc.ssh.HashUtils;
+
+@Profile(PROFILE_CORE)
+@Service
+public class UserSshPublicKeyService {
+
+    private final UserSshPublicKeyRepository userSshPublicKeyRepository;
+
+    public UserSshPublicKeyService(UserSshPublicKeyRepository userSshPublicKeyRepository) {
+        this.userSshPublicKeyRepository = userSshPublicKeyRepository;
+    }
+
+    /**
+     * Creates a new SSH public key for the specified user, ensuring that the key is unique
+     * based on its SHA-512 hash fingerprint. If the key already exists, an exception is thrown.
+     *
+     * @param user         the {@link User} for whom the SSH key is being created.
+     * @param keyEntry     the {@link AuthorizedKeyEntry} containing the SSH public key details, used to resolve the {@link PublicKey}.
+     * @param sshPublicKey the {@link UserSshPublicKey} object containing metadata about the SSH key such as the key itself, label, and expiry date.
+     */
+    public void createSshKeyForUser(User user, AuthorizedKeyEntry keyEntry, UserSshPublicKeyDTO sshPublicKey) throws GeneralSecurityException, IOException {
+        PublicKey publicKey = keyEntry.resolvePublicKey(null, null, null);
+        String keyHash = HashUtils.getSha512Fingerprint(publicKey);
+
+        if (userSshPublicKeyRepository.findByKeyHash(keyHash).isPresent()) {
+            throw new BadRequestAlertException("Key already exists", "SSH key", "keyAlreadyExists", true);
+        }
+
+        UserSshPublicKey newUserSshPublicKey = new UserSshPublicKey();
+        newUserSshPublicKey.setUserId(user.getId());
+        newUserSshPublicKey.setPublicKey(sshPublicKey.publicKey());
+        newUserSshPublicKey.setKeyHash(keyHash);
+        setLabelForKey(newUserSshPublicKey, sshPublicKey.label());
+        newUserSshPublicKey.setCreationDate(ZonedDateTime.now());
+        newUserSshPublicKey.setExpiryDate(sshPublicKey.expiryDate());
+        userSshPublicKeyRepository.save(newUserSshPublicKey);
+    }
+
+    /**
+     * Sets the label for the provided SSH public key. If the given label is null or empty,
+     * the label is extracted from the public key or defaults to a predefined value.
+     *
+     * @param newSshPublicKey the {@link UserSshPublicKey} for which the label is being set.
+     * @param label           the label to assign to the SSH key, or null/empty to use the default logic.
+     * @throws BadRequestAlertException if the key label is longer than 50 characters
+     */
+    private void setLabelForKey(UserSshPublicKey newSshPublicKey, String label) {
+        if (StringUtils.isBlank(label)) {
+            String[] parts = newSshPublicKey.getPublicKey().split("\\s+");
+
+            // we are only interested in the comment of the key. A typical key looks like this, the key prefix, the actual key and then the comment:
+            // ssh-rsa AAAAB3NzaC1yc2EAAAADAYVTLQ== comment
+            if (parts.length >= 3) {
+                label = String.join(" ", Arrays.copyOfRange(parts, 2, parts.length));
+            }
+            else {
+                label = "Key " + (userSshPublicKeyRepository.findAllByUserId(newSshPublicKey.getUserId()).size() + 1);
+            }
+        }
+        if (label.length() <= 50) {
+            newSshPublicKey.setLabel(label);
+        }
+        else {
+            throw new BadRequestAlertException("Key label is too long", "SSH key", "keyLabelTooLong", true);
+        }
+    }
+
+    /**
+     * Retrieves the SSH public key for the specified user by key ID.
+     *
+     * @param user  the {@link User} to whom the SSH key belongs.
+     * @param keyId the ID of the SSH key.
+     * @return the {@link UserSshPublicKey} if found and belongs to the user.
+     * @throws AccessForbiddenException if the key does not belong to the user, or does not exist
+     */
+    public UserSshPublicKey getSshKeyForUser(User user, Long keyId) {
+        Optional<UserSshPublicKey> userSshPublicKey = userSshPublicKeyRepository.findByIdAndUserId(keyId, user.getId());
+        return userSshPublicKey.orElseThrow(() -> new AccessForbiddenException("SSH key", keyId));
+    }
+
+    /**
+     * Retrieves all SSH public keys associated with the specified user.
+     *
+     * @param user the {@link User} whose SSH keys are to be retrieved.
+     * @return a list of {@link UserSshPublicKey} objects for the user.
+     */
+    public List<UserSshPublicKeyDTO> getAllSshKeysForUser(User user) {
+        return userSshPublicKeyRepository.findAllByUserId(user.getId()).stream().map(UserSshPublicKeyDTO::of).toList();
+    }
+
+    /**
+     * Deletes the specified SSH public key for the given user ID.
+     *
+     * @param userId the ID of the user.
+     * @param keyId  the ID of the SSH key to delete.
+     * @throws AccessForbiddenException if the key does not belong to the user.
+     */
+    public void deleteUserSshPublicKey(Long userId, Long keyId) {
+        if (userSshPublicKeyRepository.existsByIdAndUserId(keyId, userId)) {
+            userSshPublicKeyRepository.deleteById(keyId);
+        }
+        else {
+            throw new AccessForbiddenException("SSH key", keyId);
+        }
+    }
+
+    /**
+     * Returns whether the user of the specified id has stored SSH keys
+     *
+     * @param userId the ID of the user.
+     * @return true if the user has SSH keys, false if not
+     */
+    public boolean hasUserSSHkeys(Long userId) {
+        return userSshPublicKeyRepository.existsByUserId(userId);
+    }
+}
diff --git a/src/main/java/de/tum/cit/aet/artemis/programming/service/localvc/GitPublickeyAuthenticatorService.java b/src/main/java/de/tum/cit/aet/artemis/programming/service/localvc/GitPublickeyAuthenticatorService.java
index 4f0cad0aa4e9..3c9bc85f83a4 100644
--- a/src/main/java/de/tum/cit/aet/artemis/programming/service/localvc/GitPublickeyAuthenticatorService.java
+++ b/src/main/java/de/tum/cit/aet/artemis/programming/service/localvc/GitPublickeyAuthenticatorService.java
@@ -5,6 +5,7 @@
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.PublicKey;
+import java.time.ZonedDateTime;
 import java.util.Objects;
 import java.util.Optional;
 
@@ -13,11 +14,14 @@
 import org.apache.sshd.server.session.ServerSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Profile;
 import org.springframework.stereotype.Service;
 
 import de.tum.cit.aet.artemis.buildagent.dto.BuildAgentInformation;
 import de.tum.cit.aet.artemis.core.repository.UserRepository;
+import de.tum.cit.aet.artemis.programming.domain.UserSshPublicKey;
+import de.tum.cit.aet.artemis.programming.repository.UserSshPublicKeyRepository;
 import de.tum.cit.aet.artemis.programming.service.localci.SharedQueueManagementService;
 import de.tum.cit.aet.artemis.programming.service.localvc.ssh.HashUtils;
 import de.tum.cit.aet.artemis.programming.service.localvc.ssh.SshConstants;
@@ -32,41 +36,85 @@ public class GitPublickeyAuthenticatorService implements PublickeyAuthenticator
 
     private final Optional<SharedQueueManagementService> localCIBuildJobQueueService;
 
-    public GitPublickeyAuthenticatorService(UserRepository userRepository, Optional<SharedQueueManagementService> localCIBuildJobQueueService) {
+    private final UserSshPublicKeyRepository userSshPublicKeyRepository;
+
+    private final int AUTHENTICATION_FAILED_CODE = 10;
+
+    @Value("${server.url}")
+    private String artemisServerUrl;
+
+    public GitPublickeyAuthenticatorService(UserRepository userRepository, Optional<SharedQueueManagementService> localCIBuildJobQueueService,
+            UserSshPublicKeyRepository userSshPublicKeyRepository) {
         this.userRepository = userRepository;
         this.localCIBuildJobQueueService = localCIBuildJobQueueService;
+        this.userSshPublicKeyRepository = userSshPublicKeyRepository;
     }
 
     @Override
     public boolean authenticate(String username, PublicKey publicKey, ServerSession session) {
         String keyHash = HashUtils.getSha512Fingerprint(publicKey);
-        var user = userRepository.findBySshPublicKeyHash(keyHash);
-        if (user.isPresent()) {
-            try {
-                // Retrieve the stored public key string
-                String storedPublicKeyString = user.get().getSshPublicKey();
-
-                // Parse the stored public key string
-                AuthorizedKeyEntry keyEntry = AuthorizedKeyEntry.parseAuthorizedKeyEntry(storedPublicKeyString);
-                PublicKey storedPublicKey = keyEntry.resolvePublicKey(null, null, null);
-
-                // Compare the stored public key with the provided public key
-                if (Objects.equals(storedPublicKey, publicKey)) {
-                    log.debug("Found user {} for public key authentication", user.get().getLogin());
-                    session.setAttribute(SshConstants.USER_KEY, user.get());
-                    session.setAttribute(SshConstants.IS_BUILD_AGENT_KEY, false);
-                    return true;
-                }
-                else {
-                    log.warn("Public key mismatch for user {}", user.get().getLogin());
-                }
+        var userSshPublicKey = userSshPublicKeyRepository.findByKeyHash(keyHash);
+        return userSshPublicKey.map(sshPublicKey -> {
+            ZonedDateTime expiryDate = sshPublicKey.getExpiryDate();
+            if (expiryDate == null || expiryDate.isAfter(ZonedDateTime.now())) {
+                return authenticateUser(sshPublicKey, publicKey, session);
+            }
+            else {
+                disconnectBecauseKeyHasExpired(session);
+            }
+
+            return false;
+        }).orElseGet(() -> authenticateBuildAgent(publicKey, session));
+    }
+
+    /**
+     * Tries to authenticate a user by the provided key
+     *
+     * @param storedKey   The key stored in the Artemis database
+     * @param providedKey The key provided by the user for authentication
+     * @param session     The SSH server session
+     *
+     * @return true if the authentication succeeds, and false if it doesn't
+     */
+    private boolean authenticateUser(UserSshPublicKey storedKey, PublicKey providedKey, ServerSession session) {
+        try {
+            var user = userRepository.findById(storedKey.getUserId());
+            if (user.isEmpty()) {
+                return false;
+            }
+            // Retrieve and parse the stored public key string
+            AuthorizedKeyEntry keyEntry = AuthorizedKeyEntry.parseAuthorizedKeyEntry(storedKey.getPublicKey());
+            PublicKey storedPublicKey = keyEntry.resolvePublicKey(null, null, null);
+
+            // Compare the stored public key with the provided public key
+            if (Objects.equals(storedPublicKey, providedKey)) {
+                log.debug("Found user {} for public key authentication", user.get().getLogin());
+                session.setAttribute(SshConstants.USER_KEY, user.get());
+                session.setAttribute(SshConstants.IS_BUILD_AGENT_KEY, false);
+                return true;
             }
-            catch (Exception e) {
-                log.error("Failed to convert stored public key string to PublicKey object", e);
+            else {
+                log.warn("Public key mismatch for user {}", user.get().getLogin());
             }
         }
-        else if (localCIBuildJobQueueService.isPresent()
-                && localCIBuildJobQueueService.get().getBuildAgentInformation().stream().anyMatch(agent -> checkPublicKeyMatchesBuildAgentPublicKey(agent, publicKey))) {
+        catch (Exception e) {
+            log.error("Failed to convert stored public key string to PublicKey object", e);
+        }
+        return false;
+    }
+
+    /**
+     * Tries to authenticate a build agent by the provided key
+     *
+     * @param providedKey The key provided by the user for authentication
+     * @param session     The SSH server session
+     *
+     * @return true if the authentication succeeds, and false if it doesn't
+     */
+    private boolean authenticateBuildAgent(PublicKey providedKey, ServerSession session) {
+        if (localCIBuildJobQueueService.isPresent()
+                && localCIBuildJobQueueService.get().getBuildAgentInformation().stream().anyMatch(agent -> checkPublicKeyMatchesBuildAgentPublicKey(agent, providedKey))) {
+
             log.info("Authenticating as build agent");
             session.setAttribute(SshConstants.IS_BUILD_AGENT_KEY, true);
             return true;
@@ -74,6 +122,14 @@ else if (localCIBuildJobQueueService.isPresent()
         return false;
     }
 
+    /**
+     * Checks whether a provided key matches the build agents public key
+     *
+     * @param agent     The build agent which tires to be authenticated by Artemis
+     * @param publicKey The provided public key
+     *
+     * @return true if the build agents has this public key, and false if it doesn't
+     */
     private boolean checkPublicKeyMatchesBuildAgentPublicKey(BuildAgentInformation agent, PublicKey publicKey) {
         if (agent.publicSshKey() == null) {
             return false;
@@ -90,4 +146,25 @@ private boolean checkPublicKeyMatchesBuildAgentPublicKey(BuildAgentInformation a
 
         return agentPublicKey.equals(publicKey);
     }
+
+    /**
+     * Disconnects the client from the session and informs that the key used to authenticate with has expired
+     *
+     * @param session the session with the client
+     */
+    private void disconnectBecauseKeyHasExpired(ServerSession session) {
+        try {
+            var keyExpiredErrorMessage = String.format("""
+                    Keys expired.
+
+                    One of your SSH keys has expired. Renew it in the Artemis settings:
+                    %s/user-settings/ssh
+                    """, artemisServerUrl);
+
+            session.disconnect(AUTHENTICATION_FAILED_CODE, keyExpiredErrorMessage);
+        }
+        catch (IOException e) {
+            log.info("Failed to disconnect SSH client session {}", e.getMessage());
+        }
+    }
 }
diff --git a/src/main/java/de/tum/cit/aet/artemis/programming/web/localvc/ssh/SshPublicKeysResource.java b/src/main/java/de/tum/cit/aet/artemis/programming/web/localvc/ssh/SshPublicKeysResource.java
new file mode 100644
index 000000000000..8eb38fdfd263
--- /dev/null
+++ b/src/main/java/de/tum/cit/aet/artemis/programming/web/localvc/ssh/SshPublicKeysResource.java
@@ -0,0 +1,117 @@
+package de.tum.cit.aet.artemis.programming.web.localvc.ssh;
+
+import static de.tum.cit.aet.artemis.core.config.Constants.PROFILE_LOCALVC;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.List;
+
+import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Profile;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import de.tum.cit.aet.artemis.core.domain.User;
+import de.tum.cit.aet.artemis.core.exception.BadRequestAlertException;
+import de.tum.cit.aet.artemis.core.repository.UserRepository;
+import de.tum.cit.aet.artemis.core.security.annotations.EnforceAtLeastStudent;
+import de.tum.cit.aet.artemis.programming.domain.UserSshPublicKey;
+import de.tum.cit.aet.artemis.programming.dto.UserSshPublicKeyDTO;
+import de.tum.cit.aet.artemis.programming.service.UserSshPublicKeyService;
+
+@Profile(PROFILE_LOCALVC)
+@RestController
+@RequestMapping("api/ssh-settings/")
+public class SshPublicKeysResource {
+
+    private static final Logger log = LoggerFactory.getLogger(SshPublicKeysResource.class);
+
+    private final UserSshPublicKeyService userSshPublicKeyService;
+
+    private final UserRepository userRepository;
+
+    public SshPublicKeysResource(UserSshPublicKeyService userSshPublicKeyService, UserRepository userRepository) {
+        this.userSshPublicKeyService = userSshPublicKeyService;
+        this.userRepository = userRepository;
+    }
+
+    /**
+     * GET public-keys : retrieves all SSH keys of a user
+     *
+     * @return the ResponseEntity containing all public SSH keys of a user with status 200 (OK)
+     */
+    @GetMapping("public-keys")
+    @EnforceAtLeastStudent
+    public ResponseEntity<List<UserSshPublicKeyDTO>> getSshPublicKeys() {
+        User user = userRepository.getUser();
+        List<UserSshPublicKeyDTO> keys = userSshPublicKeyService.getAllSshKeysForUser(user);
+        return ResponseEntity.ok(keys);
+    }
+
+    /**
+     * GET public-key : gets the ssh public key
+     *
+     * @param keyId The id of the key that should be fetched
+     *
+     * @return the ResponseEntity containing the requested public SSH key of a user with status 200 (OK), or with status 403 (Access Forbidden) if the key does not exist or is not
+     *         owned by the requesting user
+     */
+    @GetMapping("public-key/{keyId}")
+    @EnforceAtLeastStudent
+    public ResponseEntity<UserSshPublicKeyDTO> getSshPublicKey(@PathVariable Long keyId) {
+        User user = userRepository.getUser();
+        UserSshPublicKey key = userSshPublicKeyService.getSshKeyForUser(user, keyId);
+        return ResponseEntity.ok(UserSshPublicKeyDTO.of(key));
+    }
+
+    /**
+     * POST public-key : creates a new ssh public key for a user
+     *
+     * @param sshPublicKey the ssh public key to create
+     *
+     * @return the ResponseEntity with status 200 (OK), or with status 400 (Bad Request) when the SSH key is malformed, the label is too long, or when a key with the same hash
+     *         already exists
+     */
+    @PostMapping("public-key")
+    @EnforceAtLeastStudent
+    public ResponseEntity<Void> addSshPublicKey(@RequestBody UserSshPublicKeyDTO sshPublicKey) throws GeneralSecurityException, IOException {
+        User user = userRepository.getUser();
+        log.debug("REST request to add SSH key to user {}", user.getLogin());
+        AuthorizedKeyEntry keyEntry;
+        try {
+            keyEntry = AuthorizedKeyEntry.parseAuthorizedKeyEntry(sshPublicKey.publicKey());
+        }
+        catch (IllegalArgumentException e) {
+            throw new BadRequestAlertException("Invalid SSH key format", "SSH key", "invalidKeyFormat", true);
+        }
+
+        userSshPublicKeyService.createSshKeyForUser(user, keyEntry, sshPublicKey);
+        return ResponseEntity.ok().build();
+    }
+
+    /**
+     * Delete - public-key : deletes the ssh public key by its keyId
+     *
+     * @param keyId The id of the key that should be deleted
+     *
+     * @return the ResponseEntity with status 200 (OK) when the deletion succeeded, or with status 403 (Access Forbidden) if the key does not belong to the user, or does not exist
+     */
+    @DeleteMapping("public-key/{keyId}")
+    @EnforceAtLeastStudent
+    public ResponseEntity<Void> deleteSshPublicKey(@PathVariable Long keyId) {
+        User user = userRepository.getUser();
+        log.debug("REST request to remove SSH key of user {}", user.getLogin());
+        userSshPublicKeyService.deleteUserSshPublicKey(user.getId(), keyId);
+
+        log.debug("Successfully deleted SSH key with id {} of user {}", keyId, user.getLogin());
+        return ResponseEntity.ok().build();
+    }
+}
diff --git a/src/main/resources/config/liquibase/changelog/20241105150000_changelog.xml b/src/main/resources/config/liquibase/changelog/20241105150000_changelog.xml
new file mode 100644
index 000000000000..0e7e5e68aac6
--- /dev/null
+++ b/src/main/resources/config/liquibase/changelog/20241105150000_changelog.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog https://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd">
+
+    <!-- Change Set for creating a new table for storing multiple public SSH keys of users -->
+    <changeSet id="20241105150000" author="entholzer">
+        <createTable tableName="user_public_ssh_key">
+            <column autoIncrement="true" name="id" type="bigint">
+                <constraints nullable="false" primaryKey="true"/>
+            </column>
+            <column name="user_id" type="bigint">
+                <constraints nullable="false"/>
+            </column>
+            <column name="label" type="VARCHAR(50)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="public_key" type="varchar(1000)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="key_hash" type="VARCHAR(100)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="creation_date" type="TIMESTAMP">
+                <constraints nullable="false"/>
+            </column>
+            <column name="last_used_date" type="TIMESTAMP">
+                <constraints nullable="true"/>
+            </column>
+            <column name="expiry_date" type="TIMESTAMP">
+                <constraints nullable="true"/>
+            </column>
+        </createTable>
+        <createIndex indexName="idx_user_public_ssh_key_user_id" tableName="user_public_ssh_key">
+            <column name="user_id"/>
+        </createIndex>
+        <createIndex indexName="idx_user_public_ssh_key_ssh_public_key_hash" tableName="user_public_ssh_key">
+            <column name="key_hash"/>
+        </createIndex>
+        <createIndex indexName="idx_user_public_ssh_key_expiry_date" tableName="user_public_ssh_key">
+            <column name="expiry_date"/>
+        </createIndex>
+    </changeSet>
+
+    <changeSet id="20241105150000_1" author="entholzer">
+        <sql>
+            INSERT INTO user_public_ssh_key (user_id, label, public_key, key_hash, creation_date, last_used_date, expiry_date)
+            SELECT id, 'Key 1', ssh_public_key, ssh_public_key_hash, CURRENT_TIMESTAMP, NULL, NULL
+            FROM jhi_user
+            WHERE ssh_public_key IS NOT NULL;
+        </sql>
+    </changeSet>
+
+    <changeSet id="20241105150000_2" author="entholzer">
+        <dropColumn tableName="jhi_user" columnName="ssh_public_key"/>
+        <dropColumn tableName="jhi_user" columnName="ssh_public_key_hash"/>
+    </changeSet>
+
+</databaseChangeLog>
\ No newline at end of file
diff --git a/src/main/resources/config/liquibase/master.xml b/src/main/resources/config/liquibase/master.xml
index e29f09657055..d331337ceef4 100644
--- a/src/main/resources/config/liquibase/master.xml
+++ b/src/main/resources/config/liquibase/master.xml
@@ -29,11 +29,12 @@
     <include file="classpath:config/liquibase/changelog/20240902175045_changelog.xml" relativeToChangelogFile="false"/>
     <include file="classpath:config/liquibase/changelog/20240924125742_changelog.xml" relativeToChangelogFile="false"/>
     <include file="classpath:config/liquibase/changelog/20240816150000_changelog.xml" relativeToChangelogFile="false"/>
-    <include file="classpath:config/liquibase/changelog/20241018120000_changelog.xml" relativeToChangelogFile="false"/>
     <include file="classpath:config/liquibase/changelog/20241010101010_changelog.xml" relativeToChangelogFile="false"/>
+    <include file="classpath:config/liquibase/changelog/20241018120000_changelog.xml" relativeToChangelogFile="false"/>
     <include file="classpath:config/liquibase/changelog/20241018053210_changelog.xml" relativeToChangelogFile="false"/>
     <include file="classpath:config/liquibase/changelog/20241023456789_changelog.xml" relativeToChangelogFile="false"/>
     <include file="classpath:config/liquibase/changelog/20241101121000_changelog.xml" relativeToChangelogFile="false"/>
+    <include file="classpath:config/liquibase/changelog/20241105150000_changelog.xml" relativeToChangelogFile="false"/>
     <include file="classpath:config/liquibase/changelog/20241112123600_changelog.xml" relativeToChangelogFile="false"/>
 
     <!-- NOTE: please use the format "YYYYMMDDhhmmss_changelog.xml", i.e. year month day hour minutes seconds and not something else! -->
diff --git a/src/main/webapp/app/core/auth/account.service.ts b/src/main/webapp/app/core/auth/account.service.ts
index a89944954c05..8745ae5357b9 100644
--- a/src/main/webapp/app/core/auth/account.service.ts
+++ b/src/main/webapp/app/core/auth/account.service.ts
@@ -30,7 +30,6 @@ export interface IAccountService {
     isAuthenticated: () => boolean;
     getAuthenticationState: () => Observable<User | undefined>;
     getImageUrl: () => string | undefined;
-    addSshPublicKey: (sshPublicKey: string) => Observable<void>;
 }
 
 @Injectable({ providedIn: 'root' })
@@ -325,28 +324,6 @@ export class AccountService implements IAccountService {
         this.prefilledUsernameValue = prefilledUsername;
     }
 
-    /**
-     * Sends the added SSH key to the server
-     *
-     * @param sshPublicKey
-     */
-    addSshPublicKey(sshPublicKey: string): Observable<void> {
-        if (this.userIdentity) {
-            this.userIdentity.sshPublicKey = sshPublicKey;
-        }
-        return this.http.put<void>('api/account/ssh-public-key', sshPublicKey);
-    }
-
-    /**
-     * Sends a request to the server to delete the user's current SSH key
-     */
-    deleteSshPublicKey(): Observable<void> {
-        if (this.userIdentity) {
-            this.userIdentity.sshPublicKey = undefined;
-        }
-        return this.http.delete<void>('api/account/ssh-public-key');
-    }
-
     /**
      * Sends a request to the server to delete the user's current vcsAccessToken
      */
diff --git a/src/main/webapp/app/core/user/user.model.ts b/src/main/webapp/app/core/user/user.model.ts
index f793581b21a3..52fa28f56ab9 100644
--- a/src/main/webapp/app/core/user/user.model.ts
+++ b/src/main/webapp/app/core/user/user.model.ts
@@ -15,8 +15,6 @@ export class User extends Account {
     public password?: string;
     public vcsAccessToken?: string;
     public vcsAccessTokenExpiryDate?: string;
-    public sshPublicKey?: string;
-    public sshKeyHash?: string;
     public irisAccepted?: dayjs.Dayjs;
 
     constructor(
@@ -38,7 +36,6 @@ export class User extends Account {
         imageUrl?: string,
         vcsAccessToken?: string,
         vcsAccessTokenExpiryDate?: string,
-        sshPublicKey?: string,
         irisAccepted?: dayjs.Dayjs,
     ) {
         super(activated, authorities, email, firstName, langKey, lastName, login, imageUrl);
@@ -52,7 +49,6 @@ export class User extends Account {
         this.password = password;
         this.vcsAccessToken = vcsAccessToken;
         this.vcsAccessTokenExpiryDate = vcsAccessTokenExpiryDate;
-        this.sshPublicKey = sshPublicKey;
         this.irisAccepted = irisAccepted;
     }
 }
diff --git a/src/main/webapp/app/entities/programming/user-ssh-public-key.model.ts b/src/main/webapp/app/entities/programming/user-ssh-public-key.model.ts
new file mode 100644
index 000000000000..4d53e9d2cef5
--- /dev/null
+++ b/src/main/webapp/app/entities/programming/user-ssh-public-key.model.ts
@@ -0,0 +1,13 @@
+import { BaseEntity } from 'app/shared/model/base-entity';
+import dayjs from 'dayjs/esm';
+
+export class UserSshPublicKey implements BaseEntity {
+    id: number;
+    label: string;
+    publicKey: string;
+    keyHash: string;
+    expiryDate?: dayjs.Dayjs;
+    lastUsedDate?: dayjs.Dayjs;
+    creationDate: dayjs.Dayjs;
+    hasExpired?: boolean;
+}
diff --git a/src/main/webapp/app/shared/components/code-button/code-button.component.html b/src/main/webapp/app/shared/components/code-button/code-button.component.html
index 80972a802a38..c8510599a4e6 100644
--- a/src/main/webapp/app/shared/components/code-button/code-button.component.html
+++ b/src/main/webapp/app/shared/components/code-button/code-button.component.html
@@ -14,9 +14,12 @@
         container="body"
     ></button>
     <ng-template #popContent>
-        @if (useSsh && !copyEnabled) {
+        @if (useSsh && !doesUserHaveSSHkeys) {
             <div class="alert alert-warning" [innerHTML]="sshKeyMissingTip"></div>
         }
+        @if (useSsh && areAnySshKeysExpired) {
+            <div class="alert alert-warning" [innerHTML]="sshKeysExpiredTip"></div>
+        }
         @if (useToken && tokenMissing) {
             <div class="alert alert-warning" [innerHTML]="tokenMissingTip"></div>
         }
diff --git a/src/main/webapp/app/shared/components/code-button/code-button.component.ts b/src/main/webapp/app/shared/components/code-button/code-button.component.ts
index 7e4e0d33e766..36046020db1b 100644
--- a/src/main/webapp/app/shared/components/code-button/code-button.component.ts
+++ b/src/main/webapp/app/shared/components/code-button/code-button.component.ts
@@ -16,6 +16,8 @@ import { isPracticeMode } from 'app/entities/participation/student-participation
 import { faCode, faExternalLink } from '@fortawesome/free-solid-svg-icons';
 import { IdeSettingsService } from 'app/shared/user-settings/ide-preferences/ide-settings.service';
 import { Ide } from 'app/shared/user-settings/ide-preferences/ide.model';
+import { SshUserSettingsService } from 'app/shared/user-settings/ssh-settings/ssh-user-settings.service';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
 
 @Component({
     selector: 'jhi-code-button',
@@ -50,12 +52,16 @@ export class CodeButtonComponent implements OnInit, OnChanges {
     gitlabVCEnabled = false;
     showCloneUrlWithoutToken = true;
     copyEnabled? = true;
+    doesUserHaveSSHkeys = false;
+    areAnySshKeysExpired = false;
 
     sshKeyMissingTip: string;
+    sshKeysExpiredTip: string;
     tokenMissingTip: string;
     tokenExpiredTip: string;
 
     user: User;
+    sshKeys?: UserSshPublicKey[];
     cloneHeadline: string;
     wasCopied = false;
     isTeamParticipation: boolean;
@@ -73,6 +79,7 @@ export class CodeButtonComponent implements OnInit, OnChanges {
     constructor(
         private translateService: TranslateService,
         private externalCloningService: ExternalCloningService,
+        private sshUserSettingsService: SshUserSettingsService,
         private accountService: AccountService,
         private profileService: ProfileService,
         private localStorage: LocalStorageService,
@@ -87,6 +94,7 @@ export class CodeButtonComponent implements OnInit, OnChanges {
         }
         this.user = user;
 
+        await this.checkForSshKeys();
         this.refreshTokenState();
 
         this.copyEnabled = true;
@@ -116,6 +124,7 @@ export class CodeButtonComponent implements OnInit, OnChanges {
                 this.sshSettingsUrl = profileInfo.sshKeysURL;
             }
             this.sshKeyMissingTip = this.formatTip('artemisApp.exerciseActions.sshKeyTip', this.sshSettingsUrl);
+            this.sshKeysExpiredTip = this.formatTip('artemisApp.exerciseActions.sshKeyExpiredTip', this.sshSettingsUrl);
 
             if (this.useSsh) {
                 this.useSshUrl();
@@ -152,7 +161,7 @@ export class CodeButtonComponent implements OnInit, OnChanges {
     public useSshUrl() {
         this.useSsh = true;
         this.useToken = false;
-        this.copyEnabled = this.useSsh && (!!this.user.sshPublicKey || this.gitlabVCEnabled);
+        this.copyEnabled = this.doesUserHaveSSHkeys || this.gitlabVCEnabled;
         this.storeToLocalStorage();
     }
 
@@ -347,4 +356,20 @@ export class CodeButtonComponent implements OnInit, OnChanges {
             this.user.vcsAccessToken = this.activeParticipation.vcsAccessToken;
         }
     }
+
+    /**
+     * Checks whether the user owns any SSH keys, and checks if any of them is expired
+     */
+    private async checkForSshKeys() {
+        this.sshKeys = await this.sshUserSettingsService.getCachedSshKeys();
+        if (this.sshKeys) {
+            const now = dayjs();
+            this.doesUserHaveSSHkeys = this.sshKeys.length > 0;
+            this.areAnySshKeysExpired = this.sshKeys.some((key) => {
+                if (key.expiryDate) {
+                    return dayjs(key.expiryDate).isBefore(now);
+                }
+            });
+        }
+    }
 }
diff --git a/src/main/webapp/app/shared/user-settings/ssh-settings/details/ssh-user-settings-key-details.component.html b/src/main/webapp/app/shared/user-settings/ssh-settings/details/ssh-user-settings-key-details.component.html
new file mode 100644
index 000000000000..d1ecbd74bbc3
--- /dev/null
+++ b/src/main/webapp/app/shared/user-settings/ssh-settings/details/ssh-user-settings-key-details.component.html
@@ -0,0 +1,138 @@
+@if (isLoading) {
+    <h1 jhiTranslate="artemisApp.userSettings.sshSettings"></h1>
+} @else {
+    @if (!isCreateMode) {
+        <h1 jhiTranslate="artemisApp.userSettings.sshSettingsPage.sshKeyDetails"></h1>
+    } @else {
+        <h1 jhiTranslate="artemisApp.userSettings.sshSettingsPage.addNewSshKey"></h1>
+    }
+
+    <div class="list-group d-block">
+        <!-- Viewing existing key and creating a new key -->
+        <div class="list-group-item">
+            <div class="d-flex flex-wrap">
+                <p>
+                    <span class="large-text" jhiTranslate="artemisApp.userSettings.sshSettingsPage.whatToUseSSHForInfo"></span>
+                    <jhi-documentation-link [documentationType]="documentationType" [displayString]="'artemisApp.userSettings.sshSettingsPage.learnMore'"> </jhi-documentation-link>
+                </p>
+            </div>
+
+            @if (isCreateMode) {
+                <div>
+                    <p class="large-text" jhiTranslate="artemisApp.userSettings.sshSettingsPage.key"></p>
+                </div>
+            } @else {
+                <div>
+                    <p class="large-text">{{ displayedKeyLabel }}</p>
+                </div>
+            }
+            <div>
+                <textarea class="form-control" rows="10" [readonly]="!isCreateMode" [(ngModel)]="displayedSshKey"></textarea>
+            </div>
+
+            <!-- input fields for key creation -->
+            @if (isCreateMode) {
+                <div class="d-flex flex-wrap mb-4">
+                    <p class="small-text">
+                        <span jhiTranslate="artemisApp.userSettings.sshSettingsPage.alreadyHaveKey"> </span>
+                        <code> {{ copyInstructions }} </code>
+                    </p>
+                </div>
+
+                <div class="mb-4">
+                    <p class="large-text" jhiTranslate="artemisApp.userSettings.sshSettingsPage.label"></p>
+                    <textarea class="form-control small-text-area" rows="1" [readonly]="!isCreateMode" [(ngModel)]="displayedKeyLabel" maxlength="50">></textarea>
+                    <p class="small-text">
+                        <span jhiTranslate="artemisApp.userSettings.sshSettingsPage.commentUsedAsLabel"> </span>
+                    </p>
+                </div>
+
+                <!-- Expiry date settings -->
+                <div>
+                    <span class="large-text" jhiTranslate="artemisApp.userSettings.sshSettingsPage.expiry.title"></span>
+                    <p jhiTranslate="artemisApp.userSettings.sshSettingsPage.expiry.info"></p>
+                </div>
+                <div>
+                    <label class="form-check-label">
+                        <input class="form-check-input" type="radio" name="activationOption" [(ngModel)]="selectedOption" value="doNotUseExpiration" />
+                        <span jhiTranslate="artemisApp.userSettings.sshSettingsPage.expiry.doNotExpire"></span>
+                    </label>
+                </div>
+                <div>
+                    <label class="form-check-label">
+                        <input class="form-check-input" type="radio" name="activationOption" [(ngModel)]="selectedOption" value="useExpiration" />
+                        <span jhiTranslate="artemisApp.userSettings.sshSettingsPage.expiry.expireAutomatically"></span>
+                    </label>
+                </div>
+
+                <!-- expiry date date picker -->
+                @if (selectedOption === 'useExpiration') {
+                    <div class="mt-4">
+                        <div class="col-sm-4">
+                            <jhi-date-time-picker
+                                labelName="{{ 'artemisApp.userSettings.sshSettingsPage.expiryDate' | artemisTranslate }}"
+                                [(ngModel)]="displayedExpiryDate"
+                                [shouldDisplayTimeZoneWarning]="false"
+                                [min]="currentDate"
+                                [requiredField]="true"
+                                (valueChange)="validateExpiryDate()"
+                                name="expiryDate"
+                                id="expiryDate"
+                            />
+                        </div>
+                    </div>
+                }
+            } @else {
+                <!-- View for viewing key details -->
+                @if (displayCreationDate) {
+                    <div class="text-and-date large-text mt-4">
+                        <div jhiTranslate="artemisApp.userSettings.sshSettingsPage.createdOn"></div>
+                        <div>
+                            {{ displayCreationDate | artemisDate: 'long-date' }}
+                        </div>
+                    </div>
+                }
+                @if (displayedLastUsedDate) {
+                    <div class="text-and-date large-text mt-2">
+                        <div jhiTranslate="artemisApp.userSettings.sshSettingsPage.lastUsedOn"></div>
+                        <div>
+                            {{ displayedLastUsedDate | artemisDate: 'long-date' }}
+                        </div>
+                    </div>
+                }
+                @if (displayedExpiryDate) {
+                    <div class="text-and-date large-text mt-2">
+                        <div jhiTranslate="artemisApp.userSettings.sshSettingsPage.expiresOn"></div>
+                        <div>
+                            {{ displayedExpiryDate | artemisDate: 'long-date' }}
+                        </div>
+                    </div>
+                }
+            }
+            <div class="col col-auto text-right mt-4">
+                @if (isCreateMode) {
+                    <div class="btn-group" role="group" aria-label="Actions">
+                        <jhi-button
+                            [disabled]="
+                                !(displayedSshKey && ((selectedOption === 'useExpiration' && displayedExpiryDate && isExpiryDateValid) || selectedOption !== 'useExpiration'))
+                            "
+                            [btnType]="ButtonType.PRIMARY"
+                            [btnSize]="ButtonSize.SMALL"
+                            [icon]="faSave"
+                            [title]="'artemisApp.userSettings.sshSettingsPage.saveSshKey'"
+                            (onClick)="saveSshKey()"
+                        />
+                    </div>
+                }
+                <div class="btn-group" role="group" aria-label="Actions">
+                    <jhi-button
+                        [btnType]="ButtonType.PRIMARY"
+                        [btnSize]="ButtonSize.SMALL"
+                        [title]="isCreateMode ? 'artemisApp.userSettings.sshSettingsPage.cancelSavingSshKey' : 'artemisApp.userSettings.sshSettingsPage.back'"
+                        (onClick)="goBack()"
+                    />
+                </div>
+            </div>
+        </div>
+    </div>
+}
diff --git a/src/main/webapp/app/shared/user-settings/ssh-settings/details/ssh-user-settings-key-details.component.ts b/src/main/webapp/app/shared/user-settings/ssh-settings/details/ssh-user-settings-key-details.component.ts
new file mode 100644
index 000000000000..459a0c2edc4e
--- /dev/null
+++ b/src/main/webapp/app/shared/user-settings/ssh-settings/details/ssh-user-settings-key-details.component.ts
@@ -0,0 +1,141 @@
+import { Component, OnDestroy, OnInit, inject } from '@angular/core';
+import { Subject, Subscription, concatMap, filter, tap } from 'rxjs';
+import { ActivatedRoute, Router } from '@angular/router';
+import { faEdit, faSave } from '@fortawesome/free-solid-svg-icons';
+import { DocumentationType } from 'app/shared/components/documentation-button/documentation-button.component';
+import { ButtonSize, ButtonType } from 'app/shared/components/button.component';
+import { AlertService } from 'app/core/util/alert.service';
+import { getOS } from 'app/shared/util/os-detector.util';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
+import dayjs from 'dayjs/esm';
+import { SshUserSettingsService } from 'app/shared/user-settings/ssh-settings/ssh-user-settings.service';
+
+@Component({
+    selector: 'jhi-account-information',
+    templateUrl: './ssh-user-settings-key-details.component.html',
+    styleUrls: ['../../user-settings.scss', '../ssh-user-settings.component.scss'],
+})
+export class SshUserSettingsKeyDetailsComponent implements OnInit, OnDestroy {
+    private sshUserSettingsService = inject(SshUserSettingsService);
+    readonly route = inject(ActivatedRoute);
+    readonly router = inject(Router);
+    readonly alertService = inject(AlertService);
+
+    readonly documentationType: DocumentationType = 'SshSetup';
+    readonly invalidKeyFormat = 'invalidKeyFormat';
+    readonly keyAlreadyExists = 'keyAlreadyExists';
+    readonly keyLabelTooLong = 'keyLabelTooLong';
+
+    protected readonly faEdit = faEdit;
+    protected readonly faSave = faSave;
+    protected readonly ButtonType = ButtonType;
+    protected readonly ButtonSize = ButtonSize;
+
+    subscription: Subscription;
+
+    // state change variables
+    isCreateMode = false; // true when creating new key, false when viewing existing key
+    isLoading = true;
+
+    copyInstructions = '';
+    selectedOption: string = 'doNotUseExpiration';
+
+    // Key details from input fields
+    displayedKeyLabel = '';
+    displayedSshKey = '';
+    displayedKeyHash = '';
+    displayedExpiryDate?: dayjs.Dayjs;
+    isExpiryDateValid = false;
+    displayCreationDate: dayjs.Dayjs;
+    displayedLastUsedDate?: dayjs.Dayjs;
+    currentDate: dayjs.Dayjs;
+
+    private dialogErrorSource = new Subject<string>();
+    dialogError$ = this.dialogErrorSource.asObservable();
+
+    ngOnInit() {
+        this.setMessageBasedOnOS(getOS());
+        this.currentDate = dayjs();
+
+        this.subscription = this.route.params
+            .pipe(
+                filter((params) => {
+                    const keyId = Number(params['keyId']);
+                    if (keyId) {
+                        this.isCreateMode = false;
+                        return true;
+                    } else {
+                        this.isLoading = false;
+                        this.isCreateMode = true;
+                        return false;
+                    }
+                }),
+                concatMap((params) => {
+                    return this.sshUserSettingsService.getSshPublicKey(Number(params['keyId']));
+                }),
+                tap((publicKey: UserSshPublicKey) => {
+                    this.displayedSshKey = publicKey.publicKey;
+                    this.displayedKeyLabel = publicKey.label;
+                    this.displayedKeyHash = publicKey.keyHash;
+                    this.displayCreationDate = publicKey.creationDate;
+                    this.displayedExpiryDate = publicKey.expiryDate;
+                    this.displayedLastUsedDate = publicKey.lastUsedDate;
+                    this.isLoading = false;
+                }),
+            )
+            .subscribe();
+    }
+
+    ngOnDestroy() {
+        this.subscription.unsubscribe();
+    }
+
+    saveSshKey() {
+        const newUserSshKey = {
+            label: this.displayedKeyLabel,
+            publicKey: this.displayedSshKey,
+            expiryDate: this.displayedExpiryDate,
+        } as UserSshPublicKey;
+        this.sshUserSettingsService.addNewSshPublicKey(newUserSshKey).subscribe({
+            next: () => {
+                this.alertService.success('artemisApp.userSettings.sshSettingsPage.saveSuccess');
+                this.goBack();
+            },
+            error: (error) => {
+                const errorKey = error.error.errorKey;
+                if ([this.invalidKeyFormat, this.keyAlreadyExists, this.keyLabelTooLong].indexOf(errorKey) > -1) {
+                    this.alertService.error(`artemisApp.userSettings.sshSettingsPage.${errorKey}`);
+                } else {
+                    this.alertService.error('artemisApp.userSettings.sshSettingsPage.saveFailure');
+                }
+            },
+        });
+    }
+
+    goBack() {
+        this.router.navigate(['/user-settings/ssh']);
+    }
+
+    validateExpiryDate() {
+        this.isExpiryDateValid = !!this.displayedExpiryDate?.isValid();
+    }
+
+    private setMessageBasedOnOS(os: string): void {
+        switch (os) {
+            case 'Windows':
+                this.copyInstructions = 'cat ~/.ssh/id_ed25519.pub | clip';
+                break;
+            case 'MacOS':
+                this.copyInstructions = 'pbcopy < ~/.ssh/id_ed25519.pub';
+                break;
+            case 'Linux':
+                this.copyInstructions = 'xclip -selection clipboard < ~/.ssh/id_ed25519.pub';
+                break;
+            case 'Android':
+                this.copyInstructions = 'termux-clipboard-set < ~/.ssh/id_ed25519.pub';
+                break;
+            default:
+                this.copyInstructions = 'Ctrl + C';
+        }
+    }
+}
diff --git a/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.html b/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.html
index 7372a07ac241..a5650cef05a9 100644
--- a/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.html
+++ b/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.html
@@ -1,10 +1,10 @@
-<h1 jhiTranslate="artemisApp.userSettings.sshSettings">
-    <!--SSH Settings-->
-</h1>
-@if (currentUser) {
+<!-- SSH Settings Title -->
+<h1 jhiTranslate="artemisApp.userSettings.sshSettingsPage.keysTablePageTitle"></h1>
+
+@if (!isLoading) {
     <div class="list-group d-block">
         <!-- Initial state: There are no keys -->
-        @if (keyCount === 0 && !showSshKey) {
+        @if (keyCount === 0) {
             <div class="list-group-item px-4 py-4">
                 <div class="mt-4"></div>
                 <h4 class="text-center mb-4 mt-8" jhiTranslate="artemisApp.userSettings.sshSettingsPage.noKeysHaveBeenAdded"></h4>
@@ -17,21 +17,16 @@ <h4 class="text-center mb-4 mt-8" jhiTranslate="artemisApp.userSettings.sshSetti
                 </div>
 
                 <div class="d-flex justify-content-center mb-4">
-                    <jhi-button
-                        [btnType]="ButtonType.PRIMARY"
-                        [btnSize]="ButtonSize.MEDIUM"
-                        [title]="'artemisApp.userSettings.sshSettingsPage.addNewSshKey'"
-                        (onClick)="showSshKey = !showSshKey"
-                    />
+                    <a class="btn btn-primary rounded-btn" [routerLink]="['add']">
+                        <span jhiTranslate="artemisApp.userSettings.sshSettingsPage.addNewSshKey"></span>
+                    </a>
                 </div>
             </div>
         }
 
         <!-- Initial state: There are keys -->
-        @if (keyCount > 0 && !showSshKey) {
-            <div class="list-group-item px-4 py-4">
-                <h4 jhiTranslate="artemisApp.userSettings.sshSettingsPage.keysTablePageTitle"></h4>
-
+        @if (keyCount > 0) {
+            <div class="list-group-item">
                 <div class="d-flex flex-wrap mt-4">
                     <p>
                         <span class="mt-4 font-medium" jhiTranslate="artemisApp.userSettings.sshSettingsPage.whatToUseSSHForInfo"> </span>
@@ -48,108 +43,72 @@ <h4 jhiTranslate="artemisApp.userSettings.sshSettingsPage.keysTablePageTitle"></
                         </tr>
                     </thead>
                     <tbody>
-                        <tr>
-                            <td class="container">
-                                <div jhiTranslate="artemisApp.userSettings.sshSettingsPage.keyName"></div>
-                                <div style="font-size: x-small">
-                                    {{ sshKeyHash }}
-                                </div>
-                            </td>
+                        @for (key of sshPublicKeys; track key; let i = $index) {
+                            <tr>
+                                <td class="container" style="max-width: 250px">
+                                    <div style="font-size: large">
+                                        {{ key.label }}
+                                    </div>
+                                    <div class="abbreviate-hash">
+                                        {{ key.keyHash }}
+                                    </div>
+                                    @if (key.expiryDate) {
+                                        <div class="text-and-date">
+                                            <div jhiTranslate="artemisApp.userSettings.sshSettingsPage.{{ key.hasExpired ? 'hasExpiredOn' : 'expiresOn' }}"></div>
+                                            <div>
+                                                {{ key.expiryDate | artemisDate: 'long-date' }}
+                                            </div>
+                                        </div>
+                                    }
+                                </td>
+
+                                <td class="container">
+                                    <div
+                                        ngbDropdown
+                                        container="body"
+                                        placement="bottom auto"
+                                        style="opacity: 1"
+                                        class="navbar-nav justify-content-end flex-grow-1 text-decoration-none pointer"
+                                    >
+                                        <div ngbDropdownToggle class="nav-item">
+                                            <div class="nav-link px-3">
+                                                <fa-icon style="opacity: 1" [fixedWidth]="true" [icon]="faEllipsis" class="ms-2 me-3" />
+                                            </div>
+                                        </div>
+                                        <div ngbDropdownMenu>
+                                            <a ngbDropdownItem class="d-flex align-items-center py-1 px-2" style="text-decoration: none" [routerLink]="['view', key.id]">
+                                                <div
+                                                    jhiTranslate="artemisApp.userSettings.sshSettingsPage.viewExistingSshKey"
+                                                    class="h6 fw-normal mb-0 course-title text-wrap"
+                                                ></div>
+                                            </a>
 
-                            <td class="container">
-                                <div class="vertical-center">
-                                    <div class="dropdown" tabindex="1">
-                                        <i class="db2" tabindex="1"></i>
-                                        <a class="dropbtn">
-                                            <fa-icon [icon]="faEllipsis"></fa-icon>
-                                        </a>
-                                        <div class="dropdown-content">
-                                            <button class="btn dropdown-button" (click)="showSshKey = !showSshKey">
-                                                <span jhiTranslate="artemisApp.userSettings.sshSettingsPage.viewExistingSshKey"></span>
-                                            </button>
                                             <button
                                                 jhiDeleteButton
-                                                class="btn dropdown-button"
-                                                [buttonSize]="ButtonSize.SMALL"
+                                                ngbDropdownItem
                                                 [renderButtonText]="false"
-                                                (delete)="deleteSshKey()"
+                                                (delete)="deleteSshKey(key)"
                                                 deleteQuestion="artemisApp.userSettings.sshSettingsPage.deleteSshKeyQuestion"
                                                 [dialogError]="dialogError$"
+                                                class="d-flex align-items-center py-1 px-2"
                                             >
-                                                <span jhiTranslate="artemisApp.userSettings.sshSettingsPage.deleteSshKey" class="ms-2"></span>
+                                                <div jhiTranslate="artemisApp.userSettings.sshSettingsPage.deleteSshKey" class="h6 fw-normal mb-0 course-title text-wrap"></div>
                                             </button>
                                         </div>
                                     </div>
-                                </div>
-                            </td>
-                        </tr>
+                                </td>
+                            </tr>
+                        }
                     </tbody>
                 </table>
-            </div>
-        }
-
-        <!-- Editing existing key and creating new key -->
-        @if (showSshKey) {
-            <div class="list-group-item">
-                @if (isKeyReadonly) {
-                    <h4 jhiTranslate="artemisApp.userSettings.sshSettingsPage.sshKeyDetails"></h4>
-                } @else {
-                    <h4 jhiTranslate="artemisApp.userSettings.sshSettingsPage.addNewSshKey"></h4>
-                }
-
-                <div class="d-flex flex-wrap">
-                    <p>
-                        <span style="font-size: medium" jhiTranslate="artemisApp.userSettings.sshSettingsPage.whatToUseSSHForInfo"> </span>
-                        <jhi-documentation-link [documentationType]="documentationType" [displayString]="'artemisApp.userSettings.sshSettingsPage.learnMore'">
-                        </jhi-documentation-link>
-                    </p>
-                </div>
-
-                <dd>
-                    <p style="font-size: smaller" jhiTranslate="artemisApp.userSettings.sshSettingsPage.key"></p>
-                    <textarea style="resize: none" class="form-control" rows="10" [readonly]="isKeyReadonly" [(ngModel)]="sshKey"></textarea>
-                </dd>
-
-                <div class="d-flex flex-wrap mb-4">
-                    <p>
-                        <span style="font-size: small" jhiTranslate="artemisApp.userSettings.sshSettingsPage.alreadyHaveKey"> </span>
-                        <code> {{ copyInstructions }} </code>
-                    </p>
-                </div>
-
-                @if (!isKeyReadonly) {
-                    <div class="col col-auto text-right">
-                        <div class="btn-group" role="group" aria-label="Actions">
-                            <jhi-button
-                                [disabled]="!sshKey"
-                                [btnType]="ButtonType.PRIMARY"
-                                [btnSize]="ButtonSize.SMALL"
-                                [icon]="faSave"
-                                [title]="'artemisApp.userSettings.sshSettingsPage.saveSshKey'"
-                                (onClick)="saveSshKey()"
-                            />
-                        </div>
-                        <div class="btn-group" role="group" aria-label="Actions">
-                            <jhi-button
-                                [btnType]="ButtonType.PRIMARY"
-                                [btnSize]="ButtonSize.SMALL"
-                                [title]="'artemisApp.userSettings.sshSettingsPage.cancelSavingSshKey'"
-                                (onClick)="cancelEditingSshKey()"
-                            />
-                        </div>
-                    </div>
-                } @else {
-                    <div class="col col-auto text-right">
-                        <div class="btn-group" role="group" aria-label="Actions">
-                            <jhi-button
-                                [btnType]="ButtonType.PRIMARY"
-                                [btnSize]="ButtonSize.SMALL"
-                                [title]="'artemisApp.userSettings.sshSettingsPage.back'"
-                                (onClick)="cancelEditingSshKey()"
-                            />
-                        </div>
+                <div class="d-flex justify-content-between align-items-center">
+                    <div></div>
+                    <div>
+                        <a class="btn rounded-btn btn-primary btn-sm" [routerLink]="['add']">
+                            <span class="jhi-btn__title" style="font-size: small" jhiTranslate="artemisApp.userSettings.sshSettingsPage.addNewSshKey"></span>
+                        </a>
                     </div>
-                }
+                </div>
             </div>
         }
     </div>
diff --git a/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.scss b/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.scss
index 8255e6ade0f4..42cced116319 100644
--- a/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.scss
+++ b/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.scss
@@ -1,11 +1,35 @@
 textarea {
-    width: 600px;
+    max-width: 600px;
+    width: 100%;
     height: 150px;
+    resize: none;
     font-size: small;
     font-family:
         Bitstream Vera Sans Mono,
         Courier New,
         monospace;
+    border-color: var(--border-color) !important;
+}
+
+.bold-text {
+    font-weight: bold;
+}
+
+.large-text {
+    font-size: large;
+}
+
+.small-text {
+    font-size: small;
+}
+
+.text-and-date {
+    display: flex;
+    gap: 5px;
+}
+
+.small-text-area {
+    height: 30px;
 }
 
 table {
@@ -27,6 +51,15 @@ td {
     border-radius: 0;
 }
 
+.rounded-btn {
+    border-radius: 2px;
+    border-top-width: 0;
+}
+
+.bottom-border {
+    border-bottom-width: 2px;
+}
+
 .container {
     position: relative;
 }
@@ -54,81 +87,30 @@ td {
     transform: translateY(-50%);
 }
 
-tbody tr:hover {
-    background-color: var(--ssh-key-table-hover-background);
+.abbreviate-hash {
+    font-size: x-small;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
 }
 
-/* dd container */
-.dropdown {
-    display: inline-block;
-    position: relative;
-    outline: none;
-    margin: 0;
+tbody tr:hover {
+    background-color: var(--ssh-key-settings-table-hover-background);
 }
 
-/* button */
-.dropbtn {
-    padding: 0;
-    color: grey;
-    cursor: pointer;
-    transition: 0.35s ease-out;
+a:link:hover {
+    text-decoration: none !important;
 }
 
-/* dd content */
-.dropdown .dropdown-content {
+.dropdown-content {
+    overflow-y: auto;
     position: absolute;
-    top: 50%;
-    min-width: 120%;
-    box-shadow: 0 8px 16px var(--ssh-key-settings-shadow);
-    z-index: 100000; // makes sure the drop down menu is always shown at the highest view plane
-    visibility: hidden;
-    opacity: 1;
-    transition: 0.35s ease-out;
-    width: 80px;
-}
-
-/* show dd content */
-.dropdown:focus .dropdown-content {
-    outline: none;
-    transform: translateY(20px);
-    visibility: visible;
-    opacity: 1;
-    background-color: var(--light);
-}
-
-/* mask to close menu by clicking on the button */
-.dropdown .db2 {
-    position: absolute;
-    top: 0;
-    right: 0;
-    bottom: 0;
-    left: 0;
-    opacity: 0;
-    cursor: pointer;
-    z-index: 10;
-    display: none;
-}
-
-.dropdown:focus .db2 {
-    display: inline-block;
-}
-
-.dropdown .db2:focus .dropdown-content {
-    outline: none;
-    visibility: hidden;
-    margin-right: 15px;
-    opacity: 0;
-}
-
-.dropdown-button {
-    margin: auto;
-    color: var(--ssh-key-settings-text-color);
     background-color: var(--dropdown-bg);
-    border-color: var(--dropdown-bg);
-    width: 80px;
+    border: 1px solid var(--border-color);
+    z-index: 3000;
+    border-radius: 4px;
 }
 
-.dropdown-button:hover {
-    background-color: var(--ssh-key-settings-dropdown-buttons-hover);
-    border-color: var(--ssh-key-settings-dropdown-buttons-hover);
+.dropdown-toggle::after {
+    display: none;
 }
diff --git a/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.ts b/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.ts
index 6fa6fbc9336e..5d59fb002954 100644
--- a/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.ts
+++ b/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.component.ts
@@ -1,94 +1,53 @@
-import { Component, OnInit } from '@angular/core';
-import { User } from 'app/core/user/user.model';
-import { AccountService } from 'app/core/auth/account.service';
-import { Subject, Subscription, tap } from 'rxjs';
-import { ProfileService } from 'app/shared/layouts/profiles/profile.service';
-import { PROFILE_LOCALVC } from 'app/app.constants';
+import { Component, OnDestroy, OnInit, inject } from '@angular/core';
+import { Subject, tap } from 'rxjs';
 import { faEdit, faEllipsis, faSave, faTrash } from '@fortawesome/free-solid-svg-icons';
 import { DocumentationType } from 'app/shared/components/documentation-button/documentation-button.component';
 import { ButtonSize, ButtonType } from 'app/shared/components/button.component';
 import { AlertService } from 'app/core/util/alert.service';
-import { getOS } from 'app/shared/util/os-detector.util';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
+import dayjs from 'dayjs/esm';
+import { SshUserSettingsService } from 'app/shared/user-settings/ssh-settings/ssh-user-settings.service';
 
 @Component({
     selector: 'jhi-account-information',
     templateUrl: './ssh-user-settings.component.html',
     styleUrls: ['../user-settings.scss', './ssh-user-settings.component.scss'],
 })
-export class SshUserSettingsComponent implements OnInit {
+export class SshUserSettingsComponent implements OnInit, OnDestroy {
+    private sshUserSettingsService = inject(SshUserSettingsService);
+    private alertService = inject(AlertService);
+
     readonly documentationType: DocumentationType = 'SshSetup';
-    currentUser?: User;
-    localVCEnabled = false;
-    sshKey = '';
-    sshKeyHash = '';
-    storedSshKey = '';
-    showSshKey = false;
-    keyCount = 0;
-    isKeyReadonly = true;
-    copyInstructions = '';
 
     readonly faEdit = faEdit;
     readonly faSave = faSave;
     readonly faTrash = faTrash;
     readonly faEllipsis = faEllipsis;
-
-    private authStateSubscription: Subscription;
+    protected readonly ButtonType = ButtonType;
+    protected readonly ButtonSize = ButtonSize;
     private dialogErrorSource = new Subject<string>();
 
-    dialogError$ = this.dialogErrorSource.asObservable();
+    sshPublicKeys: UserSshPublicKey[] = [];
+    keyCount = 0;
+    isLoading = true;
 
-    constructor(
-        private accountService: AccountService,
-        private profileService: ProfileService,
-        private alertService: AlertService,
-    ) {}
+    currentDate: dayjs.Dayjs;
+    dialogError$ = this.dialogErrorSource.asObservable();
 
     ngOnInit() {
-        this.profileService.getProfileInfo().subscribe((profileInfo) => {
-            this.localVCEnabled = profileInfo.activeProfiles.includes(PROFILE_LOCALVC);
-        });
-        this.setMessageBasedOnOS(getOS());
-        this.authStateSubscription = this.accountService
-            .getAuthenticationState()
-            .pipe(
-                tap((user: User) => {
-                    this.storedSshKey = user.sshPublicKey || '';
-                    this.sshKey = this.storedSshKey;
-                    this.sshKeyHash = user.sshKeyHash || '';
-                    this.currentUser = user;
-                    // currently only 0 or 1 key are supported
-                    this.keyCount = this.sshKey ? 1 : 0;
-                    this.isKeyReadonly = !!this.sshKey;
-                    return this.currentUser;
-                }),
-            )
-            .subscribe();
+        this.currentDate = dayjs();
+        this.refreshSshKeys();
     }
 
-    saveSshKey() {
-        this.accountService.addSshPublicKey(this.sshKey).subscribe({
-            next: () => {
-                this.alertService.success('artemisApp.userSettings.sshSettingsPage.saveSuccess');
-                this.showSshKey = false;
-                this.storedSshKey = this.sshKey;
-                this.keyCount = this.keyCount + 1;
-                this.isKeyReadonly = true;
-            },
-            error: () => {
-                this.alertService.error('artemisApp.userSettings.sshSettingsPage.saveFailure');
-            },
-        });
+    ngOnDestroy() {
+        this.dialogErrorSource.complete();
     }
 
-    deleteSshKey() {
-        this.showSshKey = false;
-        this.accountService.deleteSshPublicKey().subscribe({
+    deleteSshKey(key: UserSshPublicKey) {
+        this.sshUserSettingsService.deleteSshPublicKey(key.id).subscribe({
             next: () => {
                 this.alertService.success('artemisApp.userSettings.sshSettingsPage.deleteSuccess');
-                this.sshKey = '';
-                this.storedSshKey = '';
-                this.keyCount = this.keyCount - 1;
-                this.isKeyReadonly = false;
+                this.refreshSshKeys();
             },
             error: () => {
                 this.alertService.error('artemisApp.userSettings.sshSettingsPage.deleteFailure');
@@ -97,30 +56,26 @@ export class SshUserSettingsComponent implements OnInit {
         this.dialogErrorSource.next('');
     }
 
-    cancelEditingSshKey() {
-        this.showSshKey = !this.showSshKey;
-        this.sshKey = this.storedSshKey;
-    }
-
-    protected readonly ButtonType = ButtonType;
-    protected readonly ButtonSize = ButtonSize;
-
-    private setMessageBasedOnOS(os: string): void {
-        switch (os) {
-            case 'Windows':
-                this.copyInstructions = 'cat ~/.ssh/id_ed25519.pub | clip';
-                break;
-            case 'MacOS':
-                this.copyInstructions = 'pbcopy < ~/.ssh/id_ed25519.pub';
-                break;
-            case 'Linux':
-                this.copyInstructions = 'xclip -selection clipboard < ~/.ssh/id_ed25519.pub';
-                break;
-            case 'Android':
-                this.copyInstructions = 'termux-clipboard-set < ~/.ssh/id_ed25519.pub';
-                break;
-            default:
-                this.copyInstructions = 'Ctrl + C';
-        }
+    private refreshSshKeys() {
+        this.sshUserSettingsService
+            .getSshPublicKeys()
+            .pipe(
+                tap((publicKeys: UserSshPublicKey[]) => {
+                    this.sshPublicKeys = publicKeys;
+                    this.sshUserSettingsService.sshKeys = publicKeys;
+                    this.sshPublicKeys = this.sshPublicKeys.map((key) => ({
+                        ...key,
+                        hasExpired: key.expiryDate && dayjs().isAfter(dayjs(key.expiryDate)),
+                    }));
+                    this.keyCount = publicKeys.length;
+                    this.isLoading = false;
+                }),
+            )
+            .subscribe({
+                error: () => {
+                    this.isLoading = false;
+                    this.alertService.error('artemisApp.userSettings.sshSettingsPage.loadKeyFailure');
+                },
+            });
     }
 }
diff --git a/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.service.ts b/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.service.ts
new file mode 100644
index 000000000000..d20e1c72a2a8
--- /dev/null
+++ b/src/main/webapp/app/shared/user-settings/ssh-settings/ssh-user-settings.service.ts
@@ -0,0 +1,94 @@
+import { Injectable, inject } from '@angular/core';
+import { HttpClient, HttpResponse } from '@angular/common/http';
+import { Observable, lastValueFrom, of } from 'rxjs';
+import { catchError, map } from 'rxjs/operators';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
+
+export interface IASshUserSettingsService {
+    getCachedSshKeys: () => Promise<UserSshPublicKey[] | undefined>;
+    getSshPublicKeys: () => Observable<UserSshPublicKey[]>;
+    getSshPublicKey: (keyId: number) => Observable<UserSshPublicKey>;
+    addNewSshPublicKey: (userKey: UserSshPublicKey) => Observable<HttpResponse<UserSshPublicKey>>;
+    deleteSshPublicKey: (keyId: number) => Observable<void>;
+}
+
+@Injectable({ providedIn: 'root' })
+export class SshUserSettingsService implements IASshUserSettingsService {
+    private http = inject(HttpClient);
+
+    private userSshKeysValue?: UserSshPublicKey[];
+    private sshKeysRequest?: Promise<UserSshPublicKey[] | undefined>;
+
+    get sshKeys() {
+        return this.userSshKeysValue;
+    }
+
+    set sshKeys(sshKeys: UserSshPublicKey[] | undefined) {
+        this.userSshKeysValue = sshKeys;
+    }
+
+    /**
+     * Gets all ssh keys of a user from the server, but only if they have not yet been requested before, or aren't already present
+     */
+    getCachedSshKeys(): Promise<UserSshPublicKey[] | undefined> {
+        // check and see if we have retrieved the sshKeys data from the server already
+        // if we have, reuse it by immediately resolving
+        if (this.sshKeys) {
+            return Promise.resolve(this.sshKeys);
+        }
+
+        // If a request is already in progress, return the same promise
+        if (this.sshKeysRequest) {
+            return this.sshKeysRequest;
+        }
+
+        this.sshKeysRequest = lastValueFrom(
+            this.getSshPublicKeys().pipe(
+                map((keys: UserSshPublicKey[]) => {
+                    if (keys) {
+                        this.sshKeys = keys ? keys : undefined;
+                        this.sshKeysRequest = undefined;
+                        return this.sshKeys;
+                    }
+                    return this.sshKeys;
+                }),
+                catchError(() => {
+                    this.sshKeys = undefined;
+                    this.sshKeysRequest = undefined;
+                    return of(undefined);
+                }),
+            ),
+        );
+        return this.sshKeysRequest;
+    }
+
+    /**
+     * Retrieves all public SSH keys of a user
+     */
+    getSshPublicKeys(): Observable<UserSshPublicKey[]> {
+        return this.http.get<UserSshPublicKey[]>('api/ssh-settings/public-keys');
+    }
+
+    /**
+     * Retrieves a specific public SSH keys of a user
+     */
+    getSshPublicKey(keyId: number): Observable<UserSshPublicKey> {
+        return this.http.get<UserSshPublicKey>(`api/ssh-settings/public-key/${keyId}`);
+    }
+
+    /**
+     * Sends the added SSH key to the server
+     *
+     * @param userSshPublicKey The userSshPublicKey DTO containing the details for the new key which should be created
+     */
+    addNewSshPublicKey(userSshPublicKey: UserSshPublicKey): Observable<HttpResponse<UserSshPublicKey>> {
+        return this.http.post<UserSshPublicKey>('api/ssh-settings/public-key', userSshPublicKey, { observe: 'response' });
+    }
+
+    /**
+     * Sends a request to the server to delete the user's current SSH key
+     */
+    deleteSshPublicKey(keyId: number): Observable<void> {
+        return this.http.delete<void>(`api/ssh-settings/public-key/${keyId}`);
+    }
+}
diff --git a/src/main/webapp/app/shared/user-settings/user-settings.module.ts b/src/main/webapp/app/shared/user-settings/user-settings.module.ts
index cd87f408b5a9..11c876830750 100644
--- a/src/main/webapp/app/shared/user-settings/user-settings.module.ts
+++ b/src/main/webapp/app/shared/user-settings/user-settings.module.ts
@@ -12,6 +12,7 @@ import { ClipboardModule } from '@angular/cdk/clipboard';
 import { FormDateTimePickerModule } from 'app/shared/date-time-picker/date-time-picker.module';
 import { IdeSettingsComponent } from 'app/shared/user-settings/ide-preferences/ide-settings.component';
 import { DocumentationLinkComponent } from 'app/shared/components/documentation-link/documentation-link.component';
+import { SshUserSettingsKeyDetailsComponent } from 'app/shared/user-settings/ssh-settings/details/ssh-user-settings-key-details.component';
 
 @NgModule({
     imports: [RouterModule.forChild(userSettingsState), ArtemisSharedModule, ArtemisSharedComponentModule, ClipboardModule, FormDateTimePickerModule, DocumentationLinkComponent],
@@ -20,6 +21,7 @@ import { DocumentationLinkComponent } from 'app/shared/components/documentation-
         NotificationSettingsComponent,
         ScienceSettingsComponent,
         SshUserSettingsComponent,
+        SshUserSettingsKeyDetailsComponent,
         VcsAccessTokensSettingsComponent,
         IdeSettingsComponent,
     ],
diff --git a/src/main/webapp/app/shared/user-settings/user-settings.route.ts b/src/main/webapp/app/shared/user-settings/user-settings.route.ts
index 367c8322a632..41d8a2084df7 100644
--- a/src/main/webapp/app/shared/user-settings/user-settings.route.ts
+++ b/src/main/webapp/app/shared/user-settings/user-settings.route.ts
@@ -8,6 +8,7 @@ import { ScienceSettingsComponent } from 'app/shared/user-settings/science-setti
 import { SshUserSettingsComponent } from 'app/shared/user-settings/ssh-settings/ssh-user-settings.component';
 import { VcsAccessTokensSettingsComponent } from 'app/shared/user-settings/vcs-access-tokens-settings/vcs-access-tokens-settings.component';
 import { IdeSettingsComponent } from 'app/shared/user-settings/ide-preferences/ide-settings.component';
+import { SshUserSettingsKeyDetailsComponent } from 'app/shared/user-settings/ssh-settings/details/ssh-user-settings-key-details.component';
 
 export const userSettingsState: Routes = [
     {
@@ -52,6 +53,20 @@ export const userSettingsState: Routes = [
                     pageTitle: 'artemisApp.userSettings.categories.SSH_SETTINGS',
                 },
             },
+            {
+                path: 'ssh/add',
+                component: SshUserSettingsKeyDetailsComponent,
+                data: {
+                    pageTitle: 'artemisApp.userSettings.categories.SSH_SETTINGS',
+                },
+            },
+            {
+                path: 'ssh/view/:keyId',
+                component: SshUserSettingsKeyDetailsComponent,
+                data: {
+                    pageTitle: 'artemisApp.userSettings.categories.SSH_SETTINGS',
+                },
+            },
             {
                 path: 'vcs-token',
                 component: VcsAccessTokensSettingsComponent,
diff --git a/src/main/webapp/content/scss/themes/_dark-variables.scss b/src/main/webapp/content/scss/themes/_dark-variables.scss
index 1d9385aa67da..836772022df2 100644
--- a/src/main/webapp/content/scss/themes/_dark-variables.scss
+++ b/src/main/webapp/content/scss/themes/_dark-variables.scss
@@ -665,7 +665,7 @@ $iris-rate-background: var(--neutral-dark-l-15);
 $cropper-overlay-color: transparent;
 
 // Settings
-$ssh-key-table-hover-background: $gray-900;
+$ssh-key-settings-table-hover-background: $gray-900;
 $ssh-key-settings-dropdown-buttons: $gray-800;
 $ssh-key-settings-dropdown-buttons-hover: $gray-700;
 $ssh-key-settings-text-color: $white;
diff --git a/src/main/webapp/i18n/de/exercise-actions.json b/src/main/webapp/i18n/de/exercise-actions.json
index f2050c3aef59..f41f44c2913a 100644
--- a/src/main/webapp/i18n/de/exercise-actions.json
+++ b/src/main/webapp/i18n/de/exercise-actions.json
@@ -66,6 +66,7 @@
             "uploadFile": "Datei hochladen",
             "viewTeam": "Team",
             "sshKeyTip": "Um SSH zu nutzen, musst du {link:hier} einen SSH Schlüssel zu deinem Konto hinzufügen.",
+            "sshKeyExpiredTip": "Du hast abgelaufene SSH-Schlüssel. Möglicherweise musst du {link:hier} einen neuen SSH-Schlüssel zu deinem Konto hinzufügen.",
             "vcsTokenTip": "Um mit einem VCS-Zugriffstoken auf das Repository zuzugreifen, musst du {link:hier} ein neues hinzufügen.",
             "vcsTokenExpiredTip": "Dein VCS-Zugriffstoken ist abgelaufen. Erneuere es {link:hier}.",
             "startExerciseBeforeStartDate": "Du kannst vor dem Startdatum nicht an der Aufgabe teilnehmen.",
diff --git a/src/main/webapp/i18n/de/userSettings.json b/src/main/webapp/i18n/de/userSettings.json
index 0771455d4e2a..4d08bc1abb0d 100644
--- a/src/main/webapp/i18n/de/userSettings.json
+++ b/src/main/webapp/i18n/de/userSettings.json
@@ -22,7 +22,11 @@
                 "sshSettingsInfoText": "Hier kannst du einen öffentlichen SSH-Schlüssel festlegen, um Git-Repositories über SSH zu klonen. Weitere Einzelheiten findest du in der Dokumentation.",
                 "deleteSshKeyQuestion": "Möchtest du deinen öffentlichen SSH-Schlüssel wirklich löschen?",
                 "saveSshKey": "Speichern",
-                "saveFailure": "SSH-Schlüssel konnte nicht gespeichert werden. Stelle sicher, dass es ein gültiger und unterstützter Schlüssel im richtigen Format ist.",
+                "invalidKeyFormat": "SSH-Schlüssel konnte nicht gespeichert werden. Stelle sicher, dass es ein gültiger und unterstützter Schlüssel im richtigen Format ist.",
+                "keyAlreadyExists": "SSH-Schlüssel konnte nicht gespeichert werden. Du verwendest diesen Schlüssel schon.",
+                "keyLabelTooLong": "SSH-Schlüssel konnte nicht gespeichert werden. Das Label darf maximal 50 Zeichen besitzen.",
+                "loadKeyFailure": "Laden der SSH-Schlüssel ist fehlgeschlagen.",
+                "saveFailure": "SSH-Schlüssel konnte nicht gespeichert werden.",
                 "saveSuccess": "SSH-Schlüssel erfolgreich gespeichert.",
                 "deleteFailure": "SSH-Schlüssel konnte nicht gelöscht werden.",
                 "deleteSuccess": "SSH-Schlüssel erfolgreich gelöscht.",
@@ -42,7 +46,24 @@
                 "keysTablePageTitle": "SSH-Schlüssel",
                 "keys": "Schlüssel",
                 "actions": "Aktionen",
-                "keyName": "Key 1 (Aktuell wird nur ein Schlüssel unterstützt)"
+                "label": "Label",
+                "creationDate": "Erstellungsdatum",
+                "createdOn": "Erstellt am",
+                "lastUsed": "Letzte Verwendung",
+                "lastUsedOn": "Letzte Verwendung am",
+                "expiryDate": "Ablaufdatum",
+                "expiresOn": "Läuft ab am",
+                "hasExpiredOn": "Abgelaufen am",
+                "fingerprint": "Fingerabdruck",
+                "commentUsedAsLabel": "Wenn du kein Label hinzufügst, wird der Schlüsselkommentar (sofern vorhanden) als Label verwendet.",
+                "expiry": {
+                    "title": "Ablauf",
+                    "info": "Für zusätzliche Sicherheit kannst du festlegen, dass dieser Schlüssel automatisch abläuft.",
+                    "doNotExpire": "Kein Ablaufdatum",
+                    "expireAutomatically": "Automatisch ablaufen",
+                    "daysUntilExpiry": "Tage bis zum Ablauf",
+                    "keyWillExpireOn": "Der Schlüssel läuft ab am"
+                }
             },
             "vcsAccessTokensSettingsPage": {
                 "addTokenTitle": "Neues Zugriffstoken erzeugen",
diff --git a/src/main/webapp/i18n/en/exercise-actions.json b/src/main/webapp/i18n/en/exercise-actions.json
index b44b8590d10a..ba827abe55e6 100644
--- a/src/main/webapp/i18n/en/exercise-actions.json
+++ b/src/main/webapp/i18n/en/exercise-actions.json
@@ -65,7 +65,8 @@
             "copiedUrl": "Copied URL",
             "uploadFile": "Upload a file",
             "viewTeam": "Team",
-            "sshKeyTip": "To use ssh, you need to add an ssh key to your account {link:here}.",
+            "sshKeyTip": "To use SSH, you need to add an SSH key to your account {link:here}.",
+            "sshKeyExpiredTip": "Some of your SSH keys are expired. You might need to add a new SSH key to your account {link:here}.",
             "vcsTokenTip": "To access the repository with a VCS access token, you need to add a new one to your account {link:here}.",
             "vcsTokenExpiredTip": "Your VCS access token has expired. Renew it {link:here}.",
             "startExerciseBeforeStartDate": "You cannot participate before the start date of the exercise.",
diff --git a/src/main/webapp/i18n/en/userSettings.json b/src/main/webapp/i18n/en/userSettings.json
index 29afe83a0c3c..c42a5c7b1ac3 100644
--- a/src/main/webapp/i18n/en/userSettings.json
+++ b/src/main/webapp/i18n/en/userSettings.json
@@ -22,7 +22,11 @@
                 "sshSettingsInfoText": "Here you can set a public SSH key to clone git repositories via SSH. For more details see the documentation.",
                 "deleteSshKeyQuestion": "Are you sure you want to delete your public SSH key?",
                 "saveSshKey": "Save",
-                "saveFailure": "Failed to save SSH key. Make sure it is a valid and supported key and in the correct format.",
+                "invalidKeyFormat": "Failed to save SSH key. Make sure the key is in a valid and supported format.",
+                "keyAlreadyExists": "Failed to save SSH key. You already use the provided key.",
+                "keyLabelTooLong": "Failed to save SSH key. The key label is limited to 50 characters.",
+                "loadKeyFailure": "Failed to load SSH keys.",
+                "saveFailure": "Failed to save SSH key.",
                 "saveSuccess": "Successfully save SSH key.",
                 "deleteFailure": "Failed to delete SSH key.",
                 "deleteSuccess": "Successfully deleted SSH key.",
@@ -42,7 +46,24 @@
                 "keysTablePageTitle": "SSH keys",
                 "keys": "Keys",
                 "actions": "Actions",
-                "keyName": "Key 1 (at the moment you can only have one key)"
+                "label": "Label",
+                "creationDate": "Creation date:",
+                "createdOn": "Created on",
+                "lastUsed": "Last used",
+                "lastUsedOn": "Last used on",
+                "expiryDate": "Expiry date",
+                "expiresOn": "Expires on",
+                "hasExpiredOn": "Expired on",
+                "fingerprint": "Fingerprint",
+                "commentUsedAsLabel": "If you do not add a label, the key comment will be used as the default label if present.",
+                "expiry": {
+                    "title": "Expiry",
+                    "info": "For added security, you can set this key to automatically expire.",
+                    "doNotExpire": "Do not expire",
+                    "expireAutomatically": "Expire automatically",
+                    "daysUntilExpiry": "Days until expiry",
+                    "keyWillExpireOn": "Key will expire on"
+                }
             },
             "vcsAccessTokensSettingsPage": {
                 "addTokenTitle": "Add personal access token",
diff --git a/src/test/java/de/tum/cit/aet/artemis/core/authentication/UserAccountLocalVcsIntegrationTest.java b/src/test/java/de/tum/cit/aet/artemis/core/authentication/UserAccountLocalVcsIntegrationTest.java
index 76e303845b06..a0f059c10d44 100644
--- a/src/test/java/de/tum/cit/aet/artemis/core/authentication/UserAccountLocalVcsIntegrationTest.java
+++ b/src/test/java/de/tum/cit/aet/artemis/core/authentication/UserAccountLocalVcsIntegrationTest.java
@@ -26,12 +26,6 @@ void teardown() throws Exception {
         userTestService.tearDown();
     }
 
-    @Test
-    @WithMockUser(username = TEST_PREFIX + "student1", roles = "USER")
-    void addAndDeleteSshPublicKeyByUser() throws Exception {
-        userTestService.addAndDeleteSshPublicKey();
-    }
-
     @Test
     @WithMockUser(username = TEST_PREFIX + "student1", roles = "USER")
     void getAndCreateParticipationVcsAccessTokenByUser() throws Exception {
diff --git a/src/test/java/de/tum/cit/aet/artemis/core/user/util/UserTestService.java b/src/test/java/de/tum/cit/aet/artemis/core/user/util/UserTestService.java
index f36bf992c4eb..3b5e71768282 100644
--- a/src/test/java/de/tum/cit/aet/artemis/core/user/util/UserTestService.java
+++ b/src/test/java/de/tum/cit/aet/artemis/core/user/util/UserTestService.java
@@ -18,9 +18,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.CacheManager;
 import org.springframework.data.domain.Pageable;
-import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockMultipartFile;
 import org.springframework.stereotype.Service;
 import org.springframework.test.web.servlet.MockMvc;
@@ -55,6 +53,7 @@
 import de.tum.cit.aet.artemis.exercise.test_repository.SubmissionTestRepository;
 import de.tum.cit.aet.artemis.lti.service.LtiService;
 import de.tum.cit.aet.artemis.programming.domain.ProgrammingSubmission;
+import de.tum.cit.aet.artemis.programming.domain.UserSshPublicKey;
 import de.tum.cit.aet.artemis.programming.repository.ParticipationVCSAccessTokenRepository;
 import de.tum.cit.aet.artemis.programming.service.ci.CIUserManagementService;
 import de.tum.cit.aet.artemis.programming.service.vcs.VcsUserManagementService;
@@ -141,7 +140,6 @@ public class UserTestService {
     public void setup(String testPrefix, MockDelegate mockDelegate) throws Exception {
         this.TEST_PREFIX = testPrefix;
         this.mockDelegate = mockDelegate;
-
         List<User> users = userUtilService.addUsers(testPrefix, NUMBER_OF_STUDENTS, NUMBER_OF_TUTORS, NUMBER_OF_EDITORS, NUMBER_OF_INSTRUCTORS);
         student = userTestRepository.getUserByLoginElseThrow(testPrefix + "student1");
         student.setInternal(true);
@@ -875,25 +873,6 @@ public void initializeUserExternal() throws Exception {
         assertThat(currentUser.isInternal()).isFalse();
     }
 
-    // Test
-    public void addAndDeleteSshPublicKey() throws Exception {
-        HttpHeaders headers = new HttpHeaders();
-        headers.setContentType(MediaType.TEXT_PLAIN);
-
-        // adding invalid key should fail
-        String invalidSshKey = "invalid key";
-        request.putWithResponseBody("/api/account/ssh-public-key", invalidSshKey, String.class, HttpStatus.BAD_REQUEST, true);
-
-        // adding valid key should work correctly
-        String validSshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbgjoSpKnry5yuMiWh/uwhMG2Jq5Sh8Uw9vz+39or2i email@abc.de";
-        request.putWithResponseBody("/api/account/ssh-public-key", validSshKey, String.class, HttpStatus.OK, true);
-        assertThat(userTestRepository.getUser().getSshPublicKey()).isEqualTo(validSshKey);
-
-        // deleting the key shoul work correctly
-        request.delete("/api/account/ssh-public-key", HttpStatus.OK);
-        assertThat(userTestRepository.getUser().getSshPublicKey()).isEqualTo(null);
-    }
-
     // Test
     public void getAndCreateParticipationVcsAccessToken() throws Exception {
         User user = userUtilService.getUserByLogin(TEST_PREFIX + "student1");
@@ -1166,6 +1145,14 @@ public void testUserWithExternalStatus() throws Exception {
         }
     }
 
+    public static UserSshPublicKey createNewValidSSHKey(User user, String keyString) {
+        UserSshPublicKey userSshPublicKey = new UserSshPublicKey();
+        userSshPublicKey.setPublicKey(keyString);
+        userSshPublicKey.setLabel("Key 1");
+        userSshPublicKey.setUserId(user.getId());
+        return userSshPublicKey;
+    }
+
     // Test
     public void testUserWithExternalAndInternalStatus() throws Exception {
         final var params = createParamsForPagingRequest("USER", "INTERNAL,EXTERNAL", "WITHOUT_REG_NO", "", false);
diff --git a/src/test/java/de/tum/cit/aet/artemis/programming/icl/LocalVCSshIntegrationTest.java b/src/test/java/de/tum/cit/aet/artemis/programming/icl/LocalVCSshIntegrationTest.java
index fd4abf09a0d1..06d9c597aae1 100644
--- a/src/test/java/de/tum/cit/aet/artemis/programming/icl/LocalVCSshIntegrationTest.java
+++ b/src/test/java/de/tum/cit/aet/artemis/programming/icl/LocalVCSshIntegrationTest.java
@@ -12,6 +12,7 @@
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
+import java.time.ZonedDateTime;
 import java.util.Objects;
 import java.util.concurrent.TimeUnit;
 
@@ -28,6 +29,7 @@
 import org.springframework.security.test.context.support.WithMockUser;
 
 import de.tum.cit.aet.artemis.core.domain.User;
+import de.tum.cit.aet.artemis.programming.domain.UserSshPublicKey;
 import de.tum.cit.aet.artemis.programming.service.localvc.SshGitCommandFactoryService;
 import de.tum.cit.aet.artemis.programming.service.localvc.ssh.HashUtils;
 import de.tum.cit.aet.artemis.programming.service.localvc.ssh.SshGitCommand;
@@ -86,6 +88,33 @@ void testDirectlyAuthenticateOverSsh() throws IOException, GeneralSecurityExcept
         }
     }
 
+    @Test
+    @WithMockUser(username = TEST_PREFIX + "instructor1", roles = "INSTRUCTOR")
+    void testAuthenticationFailureBecauseKeyHasExpired() throws IOException, GeneralSecurityException {
+
+        localVCLocalCITestService.createParticipation(programmingExercise, student1Login);
+        KeyPair keyPair = setupKeyPairAndAddToUser();
+        User user = userTestRepository.getUser();
+        var userKey = userSshPublicKeyRepository.findAllByUserId(user.getId()).getFirst();
+        userKey.setExpiryDate(ZonedDateTime.now().minusMonths(1L));
+        userSshPublicKeyRepository.save(userKey);
+
+        assertThatThrownBy(() -> {
+
+            try (SshClient client = SshClient.setUpDefaultClient()) {
+                client.start();
+
+                ConnectFuture connectFuture = client.connect(user.getName(), hostname, port);
+                connectFuture.await(10, TimeUnit.SECONDS);
+
+                ClientSession session = connectFuture.getSession();
+                session.addPublicKeyIdentity(keyPair);
+
+                session.auth().verify(10, TimeUnit.SECONDS);
+            }
+        }).isInstanceOf(SshException.class);
+    }
+
     @Test
     @WithMockUser(username = TEST_PREFIX + "instructor1", roles = "INSTRUCTOR")
     void testAuthenticationFailure() {
@@ -195,6 +224,7 @@ private AbstractSession getCurrentServerSession(User user) {
     private KeyPair setupKeyPairAndAddToUser() throws GeneralSecurityException, IOException {
 
         User user = userTestRepository.getUser();
+        userSshPublicKeyRepository.deleteAll();
 
         KeyPair rsaKeyPair = generateKeyPair();
         String sshPublicKey = writePublicKeyToString(rsaKeyPair.getPublic(), user.getLogin() + "@host");
@@ -204,10 +234,11 @@ private KeyPair setupKeyPairAndAddToUser() throws GeneralSecurityException, IOEx
         PublicKey publicKey = keyEntry.resolvePublicKey(null, null, null);
         String keyHash = HashUtils.getSha512Fingerprint(publicKey);
 
-        userTestRepository.updateUserSshPublicKeyHash(user.getId(), keyHash, sshPublicKey);
-        user = userTestRepository.getUser();
-
-        assertThat(user.getSshPublicKey()).isEqualTo(sshPublicKey);
+        var userPublicSshKey = createNewPublicKey(keyHash, sshPublicKey, user);
+        userSshPublicKeyRepository.save(userPublicSshKey);
+        var fetchedKey = userSshPublicKeyRepository.findAllByUserId(user.getId());
+        assertThat(fetchedKey).isNotEmpty();
+        assertThat(fetchedKey.getFirst().getPublicKey()).isEqualTo(sshPublicKey);
         return rsaKeyPair;
     }
 
@@ -230,4 +261,15 @@ private static KeyPair generateKeyPair() {
             throw new RuntimeException(e);
         }
     }
+
+    private static UserSshPublicKey createNewPublicKey(String keyHash, String publicKey, User user) {
+        UserSshPublicKey userSshPublicKey = new UserSshPublicKey();
+        userSshPublicKey.setLabel("Key 1");
+        userSshPublicKey.setPublicKey(publicKey);
+        userSshPublicKey.setKeyHash(keyHash);
+        userSshPublicKey.setUserId(user.getId());
+        userSshPublicKey.setCreationDate(ZonedDateTime.now());
+
+        return userSshPublicKey;
+    }
 }
diff --git a/src/test/java/de/tum/cit/aet/artemis/programming/icl/LocalVCSshSettingsTest.java b/src/test/java/de/tum/cit/aet/artemis/programming/icl/LocalVCSshSettingsTest.java
new file mode 100644
index 000000000000..fffe4a6ec0b3
--- /dev/null
+++ b/src/test/java/de/tum/cit/aet/artemis/programming/icl/LocalVCSshSettingsTest.java
@@ -0,0 +1,70 @@
+package de.tum.cit.aet.artemis.programming.icl;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.test.context.support.WithMockUser;
+
+import de.tum.cit.aet.artemis.programming.icl.util.SshSettingsTestService;
+import de.tum.cit.aet.artemis.shared.base.AbstractSpringIntegrationLocalCILocalVCTest;
+
+class LocalVCSshSettingsTest extends AbstractSpringIntegrationLocalCILocalVCTest {
+
+    private static final String TEST_PREFIX = "sshsettings";
+
+    @Autowired
+    private SshSettingsTestService sshSettingsTestService;
+
+    @BeforeEach
+    void setUp() throws Exception {
+        sshSettingsTestService.setup(TEST_PREFIX);
+    }
+
+    @AfterEach
+    void teardown() throws Exception {
+        sshSettingsTestService.tearDown(TEST_PREFIX);
+    }
+
+    @Test
+    @WithMockUser(username = TEST_PREFIX + "student1", roles = "USER")
+    void getUserSshPublicKeys() throws Exception {
+        sshSettingsTestService.getUserSshPublicKeys();
+    }
+
+    @Test
+    @WithMockUser(username = TEST_PREFIX + "student1", roles = "USER")
+    void addSshPublicKeyForUser() throws Exception {
+        sshSettingsTestService.addUserSshPublicKey();
+    }
+
+    @Test
+    @WithMockUser(username = TEST_PREFIX + "student1", roles = "USER")
+    void addSshPublicKeyForUserWithoutLabel() throws Exception {
+        sshSettingsTestService.addUserSshPublicKeyWithOutLabel();
+    }
+
+    @Test
+    @WithMockUser(username = TEST_PREFIX + "student1", roles = "USER")
+    void failToAddSameSshPublicKeyTwiceForUser() throws Exception {
+        sshSettingsTestService.failToAddPublicSSHkeyTwice();
+    }
+
+    @Test
+    @WithMockUser(username = TEST_PREFIX + "student1", roles = "USER")
+    void failToAddOrDeleteSshPublicKeyWithInvalidKeyId() throws Exception {
+        sshSettingsTestService.failToAddOrDeleteWithInvalidKeyId();
+    }
+
+    @Test
+    @WithMockUser(username = TEST_PREFIX + "student1", roles = "USER")
+    void failToAddInvalidSshPublicKeyForUser() throws Exception {
+        sshSettingsTestService.failToAddInvalidPublicSSHkey();
+    }
+
+    @Test
+    @WithMockUser(username = TEST_PREFIX + "student1", roles = "USER")
+    void deleteSshPublicKeyByUser() throws Exception {
+        sshSettingsTestService.addAndDeleteSshPublicKey();
+    }
+}
diff --git a/src/test/java/de/tum/cit/aet/artemis/programming/icl/util/SshSettingsTestService.java b/src/test/java/de/tum/cit/aet/artemis/programming/icl/util/SshSettingsTestService.java
new file mode 100644
index 000000000000..d2a6be51dcbe
--- /dev/null
+++ b/src/test/java/de/tum/cit/aet/artemis/programming/icl/util/SshSettingsTestService.java
@@ -0,0 +1,174 @@
+package de.tum.cit.aet.artemis.programming.icl.util;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.io.IOException;
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.domain.Pageable;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
+
+import de.tum.cit.aet.artemis.core.domain.User;
+import de.tum.cit.aet.artemis.core.test_repository.UserTestRepository;
+import de.tum.cit.aet.artemis.core.user.util.UserUtilService;
+import de.tum.cit.aet.artemis.core.util.RequestUtilService;
+import de.tum.cit.aet.artemis.programming.domain.UserSshPublicKey;
+import de.tum.cit.aet.artemis.programming.dto.UserSshPublicKeyDTO;
+import de.tum.cit.aet.artemis.programming.repository.UserSshPublicKeyRepository;
+
+@Service
+public class SshSettingsTestService {
+
+    @Autowired
+    private UserTestRepository userTestRepository;
+
+    @Autowired
+    protected RequestUtilService request;
+
+    @Autowired
+    private UserUtilService userUtilService;
+
+    @Autowired
+    private UserSshPublicKeyRepository userSshPublicKeyRepository;
+
+    private final String requestPrefix = "/api/ssh-settings/";
+
+    private static final String sshKey1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxKWdvcbNTWl4vBjsijoY5HN5dpjxU40huy1PFpdd2o keyComment1 many comments";
+
+    private static final String sshKey2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbgjoSpKnry5yuMiWh/uwhMG2Jq5Sh8Uw9vz+39or2i";
+
+    User student;
+
+    public void setup(String testPrefix) throws Exception {
+        userUtilService.addUsers(testPrefix, 1, 1, 1, 1);
+        student = userTestRepository.getUserByLoginElseThrow(testPrefix + "student1");
+        student.setInternal(true);
+        userTestRepository.save(student);
+    }
+
+    public void tearDown(String testPrefix) throws IOException {
+        userSshPublicKeyRepository.deleteAll();
+        userTestRepository.deleteAll(userTestRepository.searchAllByLoginOrName(Pageable.unpaged(), testPrefix));
+    }
+
+    // Test
+    public void getUserSshPublicKeys() throws Exception {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.TEXT_PLAIN);
+        User user = userTestRepository.getUser();
+
+        var validKey = createNewValidSSHKey(user, sshKey1);
+        request.postWithResponseBody(requestPrefix + "public-key", validKey, String.class, HttpStatus.OK);
+
+        List<UserSshPublicKey> response = request.getList(requestPrefix + "public-keys", HttpStatus.OK, UserSshPublicKey.class);
+        assertThat(response.size()).isEqualTo(1);
+        UserSshPublicKey userKey = response.getFirst();
+
+        request.get(requestPrefix + "public-key/" + userKey.getId(), HttpStatus.OK, UserSshPublicKey.class);
+    }
+
+    // Test
+    public void addUserSshPublicKey() throws Exception {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.TEXT_PLAIN);
+        User user = userTestRepository.getUser();
+
+        var validKey = createNewValidSSHKey(user, sshKey1);
+        request.postWithResponseBody(requestPrefix + "public-key", validKey, String.class, HttpStatus.OK);
+
+        var storedUserKey = userSshPublicKeyRepository.findAllByUserId(user.getId()).getFirst();
+        assertThat(storedUserKey).isNotNull();
+        assertThat(storedUserKey.getPublicKey()).isEqualTo(validKey.getPublicKey());
+    }
+
+    // Test
+    public void addUserSshPublicKeyWithOutLabel() throws Exception {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.TEXT_PLAIN);
+        User user = userTestRepository.getUser();
+
+        var validKey = createNewValidSSHKey(user, sshKey1);
+        validKey.setLabel(null);
+        request.postWithResponseBody(requestPrefix + "public-key", validKey, String.class, HttpStatus.OK);
+
+        var validKey2 = createNewValidSSHKey(user, sshKey2);
+        validKey.setLabel("");
+        request.postWithResponseBody(requestPrefix + "public-key", validKey2, String.class, HttpStatus.OK);
+
+        var storedUserKeys = userSshPublicKeyRepository.findAllByUserId(user.getId());
+        assertThat(storedUserKeys.size()).isEqualTo(2);
+    }
+
+    // Test
+    public void failToAddPublicSSHkeyTwice() throws Exception {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.TEXT_PLAIN);
+        User user = userTestRepository.getUser();
+
+        var validKey = createNewValidSSHKey(user, sshKey1);
+
+        request.postWithResponseBody(requestPrefix + "public-key", validKey, String.class, HttpStatus.OK);
+        request.postWithResponseBody(requestPrefix + "public-key", validKey, String.class, HttpStatus.BAD_REQUEST);
+    }
+
+    // Test
+    public void failToAddOrDeleteWithInvalidKeyId() throws Exception {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.TEXT_PLAIN);
+        User user = userTestRepository.getUser();
+
+        var validKey = createNewValidSSHKey(user, sshKey1);
+        request.postWithResponseBody(requestPrefix + "public-key", validKey, String.class, HttpStatus.OK);
+        var userKey = userSshPublicKeyRepository.findAll().getFirst();
+        userKey.setUserId(12L);
+        userSshPublicKeyRepository.save(userKey);
+
+        request.delete(requestPrefix + "public-key/3443", HttpStatus.FORBIDDEN);
+        request.get(requestPrefix + "public-key/43443", HttpStatus.FORBIDDEN, UserSshPublicKeyDTO.class);
+        request.get(requestPrefix + "public-key/" + userKey.getId(), HttpStatus.FORBIDDEN, UserSshPublicKeyDTO.class);
+
+    }
+
+    // Test
+    public void failToAddInvalidPublicSSHkey() throws Exception {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.TEXT_PLAIN);
+
+        User user = userTestRepository.getUser();
+        var userKey = createNewValidSSHKey(user, sshKey1);
+        userKey.setPublicKey("Invalid Key");
+
+        request.postWithResponseBody(requestPrefix + "public-key", userKey, String.class, HttpStatus.BAD_REQUEST);
+    }
+
+    // Test
+    public void addAndDeleteSshPublicKey() throws Exception {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.TEXT_PLAIN);
+        User user = userTestRepository.getUser();
+
+        var validKey = createNewValidSSHKey(user, sshKey1);
+
+        request.postWithResponseBody(requestPrefix + "public-key", validKey, String.class, HttpStatus.OK);
+
+        var storedUserKey = userSshPublicKeyRepository.findAllByUserId(user.getId()).getFirst();
+        assertThat(storedUserKey).isNotNull();
+        assertThat(storedUserKey.getPublicKey()).isEqualTo(validKey.getPublicKey());
+
+        // deleting the key should work correctly
+        request.delete(requestPrefix + "public-key/" + storedUserKey.getId(), HttpStatus.OK);
+        assertThat(userSshPublicKeyRepository.findAllByUserId(user.getId())).isEmpty();
+    }
+
+    public static UserSshPublicKey createNewValidSSHKey(User user, String keyString) {
+        UserSshPublicKey userSshPublicKey = new UserSshPublicKey();
+        userSshPublicKey.setPublicKey(keyString);
+        userSshPublicKey.setLabel("Key 1");
+        userSshPublicKey.setUserId(user.getId());
+        return userSshPublicKey;
+    }
+}
diff --git a/src/test/java/de/tum/cit/aet/artemis/shared/base/AbstractArtemisIntegrationTest.java b/src/test/java/de/tum/cit/aet/artemis/shared/base/AbstractArtemisIntegrationTest.java
index 469e4f117837..3252a1afdc8b 100644
--- a/src/test/java/de/tum/cit/aet/artemis/shared/base/AbstractArtemisIntegrationTest.java
+++ b/src/test/java/de/tum/cit/aet/artemis/shared/base/AbstractArtemisIntegrationTest.java
@@ -59,6 +59,7 @@
 import de.tum.cit.aet.artemis.lti.service.Lti13Service;
 import de.tum.cit.aet.artemis.modeling.service.ModelingSubmissionService;
 import de.tum.cit.aet.artemis.programming.domain.VcsRepositoryUri;
+import de.tum.cit.aet.artemis.programming.repository.UserSshPublicKeyRepository;
 import de.tum.cit.aet.artemis.programming.service.GitService;
 import de.tum.cit.aet.artemis.programming.service.ProgrammingExerciseGradingService;
 import de.tum.cit.aet.artemis.programming.service.ProgrammingExerciseParticipationService;
@@ -188,6 +189,9 @@ public abstract class AbstractArtemisIntegrationTest implements MockDelegate {
     @Autowired
     protected UserTestRepository userTestRepository;
 
+    @Autowired
+    protected UserSshPublicKeyRepository userSshPublicKeyRepository;
+
     @Autowired
     protected ExerciseTestRepository exerciseRepository;
 
diff --git a/src/test/javascript/spec/component/account/account-information.component.spec.ts b/src/test/javascript/spec/component/account/account-information.component.spec.ts
index 8a3e02e0dd62..8699e176e0ea 100644
--- a/src/test/javascript/spec/component/account/account-information.component.spec.ts
+++ b/src/test/javascript/spec/component/account/account-information.component.spec.ts
@@ -14,7 +14,6 @@ import { PROFILE_LOCALVC } from 'app/app.constants';
 describe('AccountInformationComponent', () => {
     let fixture: ComponentFixture<AccountInformationComponent>;
     let comp: AccountInformationComponent;
-    const mockKey = 'mock-key';
 
     let accountServiceMock: { getAuthenticationState: jest.Mock; addSshPublicKey: jest.Mock };
     let profileServiceMock: { getProfileInfo: jest.Mock };
@@ -47,7 +46,7 @@ describe('AccountInformationComponent', () => {
 
     beforeEach(() => {
         profileServiceMock.getProfileInfo.mockReturnValue(of({ activeProfiles: [PROFILE_LOCALVC] }));
-        accountServiceMock.getAuthenticationState.mockReturnValue(of({ id: 99, sshPublicKey: mockKey } as User));
+        accountServiceMock.getAuthenticationState.mockReturnValue(of({ id: 99 } as User));
     });
 
     it('should initialize with localVC profile', async () => {
diff --git a/src/test/javascript/spec/component/account/ssh-user-settings-key-details.component.spec.ts b/src/test/javascript/spec/component/account/ssh-user-settings-key-details.component.spec.ts
new file mode 100644
index 000000000000..aaf82ea0c2e5
--- /dev/null
+++ b/src/test/javascript/spec/component/account/ssh-user-settings-key-details.component.spec.ts
@@ -0,0 +1,163 @@
+import { HttpErrorResponse } from '@angular/common/http';
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { of, throwError } from 'rxjs';
+import { ActivatedRoute, Router } from '@angular/router';
+import { ArtemisTestModule } from '../../test.module';
+import { MockNgbModalService } from '../../helpers/mocks/service/mock-ngb-modal.service';
+import { MockTranslateService, TranslatePipeMock } from '../../helpers/mocks/service/mock-translate.service';
+import { TranslateService } from '@ngx-translate/core';
+import { NgbModal } from '@ng-bootstrap/ng-bootstrap';
+import { SshUserSettingsKeyDetailsComponent } from 'app/shared/user-settings/ssh-settings/details/ssh-user-settings-key-details.component';
+import { MockActivatedRoute } from '../../helpers/mocks/activated-route/mock-activated-route';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
+import dayjs from 'dayjs/esm';
+import { AlertService } from 'app/core/util/alert.service';
+import { SshUserSettingsService } from 'app/shared/user-settings/ssh-settings/ssh-user-settings.service';
+
+describe('SshUserSettingsComponent', () => {
+    let fixture: ComponentFixture<SshUserSettingsKeyDetailsComponent>;
+    let comp: SshUserSettingsKeyDetailsComponent;
+    const mockKey = 'mock-key';
+    const invalidKeyFormat = 'invalidKeyFormat';
+    const keyAlreadyExists = 'keyAlreadyExists';
+    const mockedUserSshKeys = {
+        id: 3,
+        publicKey: mockKey,
+        label: 'Key label',
+        keyHash: 'Key hash',
+    } as UserSshPublicKey;
+    let router: Router;
+    let sshServiceMock: {
+        getSshPublicKey: jest.Mock;
+        addSshPublicKey: jest.Mock;
+        addNewSshPublicKey: jest.Mock;
+    };
+    let alertServiceMock: {
+        error: jest.Mock;
+        success: jest.Mock;
+    };
+    let translateService: TranslateService;
+    let activatedRoute: MockActivatedRoute;
+
+    beforeEach(async () => {
+        sshServiceMock = {
+            getSshPublicKey: jest.fn(),
+            addSshPublicKey: jest.fn(),
+            addNewSshPublicKey: jest.fn(),
+        };
+        alertServiceMock = {
+            error: jest.fn(),
+            success: jest.fn(),
+        };
+        const routerMock = { navigate: jest.fn() };
+        await TestBed.configureTestingModule({
+            imports: [ArtemisTestModule],
+            declarations: [SshUserSettingsKeyDetailsComponent, TranslatePipeMock],
+            providers: [
+                {
+                    provide: ActivatedRoute,
+                    useValue: new MockActivatedRoute({}),
+                },
+                { provide: SshUserSettingsService, useValue: sshServiceMock },
+                { provide: TranslateService, useClass: MockTranslateService },
+                { provide: NgbModal, useClass: MockNgbModalService },
+                { provide: Router, useValue: routerMock },
+                { provide: AlertService, useValue: alertServiceMock },
+            ],
+        }).compileComponents();
+        fixture = TestBed.createComponent(SshUserSettingsKeyDetailsComponent);
+        comp = fixture.componentInstance;
+        translateService = TestBed.inject(TranslateService);
+        translateService.currentLang = 'en';
+
+        router = TestBed.inject(Router);
+        activatedRoute = TestBed.inject(ActivatedRoute) as unknown as MockActivatedRoute;
+    });
+
+    it('should initialize view for adding new keys and save new key', () => {
+        sshServiceMock.addNewSshPublicKey.mockReturnValue(of({}));
+        comp.ngOnInit();
+        expect(sshServiceMock.getSshPublicKey).not.toHaveBeenCalled();
+        expect(comp.isLoading).toBeFalse();
+        comp.displayedSshKey = mockKey;
+        comp.displayedExpiryDate = dayjs();
+        comp.displayedKeyLabel = 'label';
+        comp.validateExpiryDate();
+        expect(comp.isExpiryDateValid).toBeTrue();
+        comp.saveSshKey();
+        expect(alertServiceMock.success).toHaveBeenCalled();
+        expect(router.navigate).toHaveBeenCalledWith(['/user-settings/ssh']);
+    });
+
+    it('should initialize view for adding new keys and fail saving key', () => {
+        const httpError1 = new HttpErrorResponse({
+            error: { errorKey: invalidKeyFormat },
+            status: 400,
+        });
+        const httpError2 = new HttpErrorResponse({
+            error: { errorKey: keyAlreadyExists },
+            status: 400,
+        });
+        sshServiceMock.addNewSshPublicKey.mockReturnValue(throwError(() => httpError1));
+        comp.ngOnInit();
+        expect(sshServiceMock.getSshPublicKey).not.toHaveBeenCalled();
+        expect(comp.isLoading).toBeFalse();
+        comp.displayedSshKey = mockKey;
+        comp.displayedExpiryDate = dayjs();
+        comp.displayedKeyLabel = 'label';
+        comp.validateExpiryDate();
+        expect(comp.isExpiryDateValid).toBeTrue();
+        comp.saveSshKey();
+        sshServiceMock.addNewSshPublicKey.mockReturnValue(throwError(() => httpError2));
+        comp.saveSshKey();
+        expect(alertServiceMock.error).toHaveBeenCalled();
+        expect(router.navigate).not.toHaveBeenCalled();
+    });
+
+    it('should initialize key details view with key loaded', async () => {
+        sshServiceMock.getSshPublicKey.mockReturnValue(of(mockedUserSshKeys));
+        activatedRoute.setParameters({ keyId: 1 });
+        comp.ngOnInit();
+        expect(sshServiceMock.getSshPublicKey).toHaveBeenCalled();
+        expect(comp.isLoading).toBeFalse();
+        expect(comp.displayedSshKey).toEqual(mockKey);
+        comp.goBack();
+        expect(router.navigate).toHaveBeenCalledWith(['/user-settings/ssh']);
+    });
+
+    it('should detect Windows', () => {
+        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (Windows NT 10.0; Win64; x64)');
+        comp.ngOnInit();
+        expect(comp.copyInstructions).toBe('cat ~/.ssh/id_ed25519.pub | clip');
+    });
+
+    it('should detect MacOS', () => {
+        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)');
+        comp.ngOnInit();
+        expect(comp.copyInstructions).toBe('pbcopy < ~/.ssh/id_ed25519.pub');
+    });
+
+    it('should detect Linux', () => {
+        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (X11; Linux x86_64)');
+        comp.ngOnInit();
+        expect(comp.copyInstructions).toBe('xclip -selection clipboard < ~/.ssh/id_ed25519.pub');
+    });
+
+    it('should detect Android', () => {
+        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (Linux; Android 10; Pixel 3)');
+        comp.ngOnInit();
+        expect(comp.copyInstructions).toBe('termux-clipboard-set < ~/.ssh/id_ed25519.pub');
+    });
+
+    it('should detect iOS', () => {
+        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (iPhone; CPU iPhone OS 13_5)');
+        comp.ngOnInit();
+        expect(comp.copyInstructions).toBe('Ctrl + C');
+    });
+
+    it('should return Unknown for unrecognized OS', () => {
+        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (Unknown OS)');
+        comp.ngOnInit();
+        expect(comp.copyInstructions).toBe('Ctrl + C');
+    });
+});
diff --git a/src/test/javascript/spec/component/account/ssh-user-settings.component.spec.ts b/src/test/javascript/spec/component/account/ssh-user-settings.component.spec.ts
index 29b647dfb946..fe6a9304c68c 100644
--- a/src/test/javascript/spec/component/account/ssh-user-settings.component.spec.ts
+++ b/src/test/javascript/spec/component/account/ssh-user-settings.component.spec.ts
@@ -1,48 +1,56 @@
-import { HttpErrorResponse, HttpResponse } from '@angular/common/http';
+import { HttpResponse } from '@angular/common/http';
 import { ComponentFixture, TestBed } from '@angular/core/testing';
-import { AccountService } from 'app/core/auth/account.service';
-import { ProfileService } from 'app/shared/layouts/profiles/profile.service';
 import { of, throwError } from 'rxjs';
-import { User } from 'app/core/user/user.model';
 import { ArtemisTestModule } from '../../test.module';
-import { MockNgbModalService } from '../../helpers/mocks/service/mock-ngb-modal.service';
 import { MockTranslateService, TranslatePipeMock } from '../../helpers/mocks/service/mock-translate.service';
 import { TranslateService } from '@ngx-translate/core';
-import { NgbModal } from '@ng-bootstrap/ng-bootstrap';
-import { PROFILE_LOCALVC } from 'app/app.constants';
 import { SshUserSettingsComponent } from 'app/shared/user-settings/ssh-settings/ssh-user-settings.component';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
+import { AlertService } from 'app/core/util/alert.service';
+import { SshUserSettingsService } from 'app/shared/user-settings/ssh-settings/ssh-user-settings.service';
 
 describe('SshUserSettingsComponent', () => {
     let fixture: ComponentFixture<SshUserSettingsComponent>;
     let comp: SshUserSettingsComponent;
-    const mockKey = 'mock-key';
-
-    let accountServiceMock: {
-        getAuthenticationState: jest.Mock;
-        addSshPublicKey: jest.Mock;
+    const mockKey = 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxKWdvcbNTWl4vBjsijoY5HN5dpjxU40huy1PFpdd2o comment';
+    const mockedUserSshKeys = [
+        {
+            id: 3,
+            publicKey: mockKey,
+            label: 'Key label',
+            keyHash: 'Key hash',
+        } as UserSshPublicKey,
+        {
+            id: 4,
+            publicKey: mockKey,
+            label: 'Key label',
+            keyHash: 'Key hash 2',
+        } as UserSshPublicKey,
+    ];
+    let alertServiceMock: {
+        error: jest.Mock;
+    };
+    let sshServiceMock: {
         deleteSshPublicKey: jest.Mock;
+        getSshPublicKeys: jest.Mock;
     };
-    let profileServiceMock: { getProfileInfo: jest.Mock };
     let translateService: TranslateService;
 
     beforeEach(async () => {
-        profileServiceMock = {
-            getProfileInfo: jest.fn(),
-        };
-        accountServiceMock = {
-            getAuthenticationState: jest.fn(),
-            addSshPublicKey: jest.fn(),
+        sshServiceMock = {
             deleteSshPublicKey: jest.fn(),
+            getSshPublicKeys: jest.fn(),
+        };
+        alertServiceMock = {
+            error: jest.fn(),
         };
-
         await TestBed.configureTestingModule({
             imports: [ArtemisTestModule],
             declarations: [SshUserSettingsComponent, TranslatePipeMock],
             providers: [
-                { provide: AccountService, useValue: accountServiceMock },
-                { provide: ProfileService, useValue: profileServiceMock },
+                { provide: SshUserSettingsService, useValue: sshServiceMock },
+                { provide: AlertService, useValue: alertServiceMock },
                 { provide: TranslateService, useClass: MockTranslateService },
-                { provide: NgbModal, useClass: MockNgbModalService },
             ],
         }).compileComponents();
         fixture = TestBed.createComponent(SshUserSettingsComponent);
@@ -51,110 +59,34 @@ describe('SshUserSettingsComponent', () => {
         translateService.currentLang = 'en';
     });
 
-    beforeEach(() => {
-        profileServiceMock.getProfileInfo.mockReturnValue(of({ activeProfiles: [PROFILE_LOCALVC] }));
-        accountServiceMock.getAuthenticationState.mockReturnValue(of({ id: 99, sshPublicKey: mockKey } as User));
-    });
-
-    it('should initialize with localVC profile', async () => {
-        comp.ngOnInit();
-        expect(profileServiceMock.getProfileInfo).toHaveBeenCalled();
-        expect(accountServiceMock.getAuthenticationState).toHaveBeenCalled();
-        expect(comp.localVCEnabled).toBeTrue();
-        expect(comp.sshKey).toBe(mockKey);
-    });
-
-    it('should initialize with no localVC profile set', async () => {
-        profileServiceMock.getProfileInfo.mockReturnValue(of({ activeProfiles: [] }));
-        comp.ngOnInit();
-        expect(profileServiceMock.getProfileInfo).toHaveBeenCalled();
-        expect(accountServiceMock.getAuthenticationState).toHaveBeenCalled();
-        expect(comp.localVCEnabled).toBeFalse();
-    });
-
-    it('should save SSH key and disable edit mode', () => {
-        accountServiceMock.addSshPublicKey.mockReturnValue(of(new HttpResponse({ status: 200 })));
-        comp.ngOnInit();
-        comp.sshKey = 'new-key';
-        comp.showSshKey = true;
-        comp.saveSshKey();
-        expect(accountServiceMock.addSshPublicKey).toHaveBeenCalledWith('new-key');
-        expect(comp.showSshKey).toBeFalse();
-    });
-
-    it('should delete SSH key and disable edit mode', () => {
-        accountServiceMock.deleteSshPublicKey.mockReturnValue(of(new HttpResponse({ status: 200 })));
-        comp.ngOnInit();
-        const empty = '';
-        comp.sshKey = 'new-key';
-        comp.showSshKey = true;
-        comp.deleteSshKey();
-        expect(accountServiceMock.deleteSshPublicKey).toHaveBeenCalled();
-        expect(comp.showSshKey).toBeFalse();
-        expect(comp.storedSshKey).toEqual(empty);
-    });
-
-    it('should not delete and save on error response', () => {
-        const errorResponse = new HttpErrorResponse({ status: 500, statusText: 'Server Error', error: { message: 'Error occurred' } });
-        accountServiceMock.deleteSshPublicKey.mockReturnValue(throwError(() => errorResponse));
-        accountServiceMock.addSshPublicKey.mockReturnValue(throwError(() => errorResponse));
-        comp.ngOnInit();
-        const key = 'new-key';
-        comp.sshKey = key;
-        comp.storedSshKey = key;
-        comp.saveSshKey();
-        comp.deleteSshKey();
-        expect(comp.storedSshKey).toEqual(key);
-    });
-
-    it('should cancel editing on cancel', () => {
-        accountServiceMock.addSshPublicKey.mockReturnValue(of(new HttpResponse({ status: 200 })));
-        comp.ngOnInit();
-        const oldKey = 'old-key';
-        const newKey = 'new-key';
-        comp.sshKey = oldKey;
-        comp.showSshKey = true;
-        comp.saveSshKey();
-        expect(comp.storedSshKey).toEqual(oldKey);
-        comp.showSshKey = true;
-        comp.sshKey = newKey;
-        comp.cancelEditingSshKey();
-        expect(comp.storedSshKey).toEqual(oldKey);
-    });
-
-    it('should detect Windows', () => {
-        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (Windows NT 10.0; Win64; x64)');
-        comp.ngOnInit();
-        expect(comp.copyInstructions).toBe('cat ~/.ssh/id_ed25519.pub | clip');
-    });
-
-    it('should detect MacOS', () => {
-        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)');
-        comp.ngOnInit();
-        expect(comp.copyInstructions).toBe('pbcopy < ~/.ssh/id_ed25519.pub');
-    });
-
-    it('should detect Linux', () => {
-        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (X11; Linux x86_64)');
+    it('should initialize with User without keys', async () => {
+        sshServiceMock.getSshPublicKeys.mockReturnValue(of([] as UserSshPublicKey[]));
         comp.ngOnInit();
-        expect(comp.copyInstructions).toBe('xclip -selection clipboard < ~/.ssh/id_ed25519.pub');
+        expect(sshServiceMock.getSshPublicKeys).toHaveBeenCalled();
+        expect(comp.keyCount).toBe(0);
     });
 
-    it('should detect Android', () => {
-        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (Linux; Android 10; Pixel 3)');
+    it('should initialize with User with keys', async () => {
+        sshServiceMock.getSshPublicKeys.mockReturnValue(of(mockedUserSshKeys as UserSshPublicKey[]));
         comp.ngOnInit();
-        expect(comp.copyInstructions).toBe('termux-clipboard-set < ~/.ssh/id_ed25519.pub');
+        expect(sshServiceMock.getSshPublicKeys).toHaveBeenCalled();
+        expect(comp.sshPublicKeys).toHaveLength(2);
+        expect(comp.sshPublicKeys[0].publicKey).toEqual(mockKey);
+        expect(comp.keyCount).toBe(2);
     });
 
-    it('should detect iOS', () => {
-        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (iPhone; CPU iPhone OS 13_5)');
+    it('should delete SSH key', async () => {
+        sshServiceMock.getSshPublicKeys.mockReturnValue(of(mockedUserSshKeys as UserSshPublicKey[]));
+        sshServiceMock.deleteSshPublicKey.mockReturnValue(of(new HttpResponse({ status: 200 })));
         comp.ngOnInit();
-        expect(comp.copyInstructions).toBe('Ctrl + C');
+        comp.deleteSshKey(mockedUserSshKeys[0]);
+        expect(sshServiceMock.deleteSshPublicKey).toHaveBeenCalled();
     });
 
-    it('should return Unknown for unrecognized OS', () => {
-        jest.spyOn(window.navigator, 'userAgent', 'get').mockReturnValue('Mozilla/5.0 (Unknown OS)');
+    it('should fail to load SSH keys', () => {
+        sshServiceMock.getSshPublicKeys.mockReturnValue(throwError(() => new HttpResponse({ body: new Blob() })));
         comp.ngOnInit();
-        expect(comp.copyInstructions).toBe('Ctrl + C');
+        expect(comp.keyCount).toBe(0);
+        expect(alertServiceMock.error).toHaveBeenCalled();
     });
 });
diff --git a/src/test/javascript/spec/component/shared/code-button.component.spec.ts b/src/test/javascript/spec/component/shared/code-button.component.spec.ts
index 011cf4df64cd..4292c3bdac64 100644
--- a/src/test/javascript/spec/component/shared/code-button.component.spec.ts
+++ b/src/test/javascript/spec/component/shared/code-button.component.spec.ts
@@ -29,16 +29,21 @@ import { ArtemisTestModule } from '../../test.module';
 import { HttpErrorResponse, HttpResponse } from '@angular/common/http';
 import { TranslateDirective } from 'app/shared/language/translate.directive';
 import { provideRouter } from '@angular/router';
+import { SshUserSettingsService } from 'app/shared/user-settings/ssh-settings/ssh-user-settings.service';
+import { MockSshUserSettingsService } from '../../helpers/mocks/service/mock-ssh-user-settings.service';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
 
 describe('CodeButtonComponent', () => {
     let component: CodeButtonComponent;
     let fixture: ComponentFixture<CodeButtonComponent>;
     let profileService: ProfileService;
     let accountService: AccountService;
+    let sshUserSettingsService: SshUserSettingsService;
 
     let localStorageUseSshStoreStub: jest.SpyInstance;
     let getVcsAccessTokenSpy: jest.SpyInstance;
     let createVcsAccessTokenSpy: jest.SpyInstance;
+    let getCachedSshKeysSpy: jest.SpyInstance;
 
     const vcsToken: string = 'vcpat-xlhBs26D4F2CGlkCM59KVU8aaV9bYdX5Mg4IK6T8W3aT';
 
@@ -103,6 +108,7 @@ describe('CodeButtonComponent', () => {
                 MockProvider(AlertService),
                 { provide: FeatureToggleService, useClass: MockFeatureToggleService },
                 { provide: AccountService, useClass: MockAccountService },
+                { provide: SshUserSettingsService, useClass: MockSshUserSettingsService },
                 { provide: ProfileService, useClass: MockProfileService },
                 { provide: LocalStorageService, useClass: MockSyncStorage },
                 { provide: TranslateService, useClass: MockTranslateService },
@@ -113,10 +119,12 @@ describe('CodeButtonComponent', () => {
         component = fixture.componentInstance;
         profileService = TestBed.inject(ProfileService);
         accountService = TestBed.inject(AccountService);
+        sshUserSettingsService = TestBed.inject(SshUserSettingsService);
 
         const localStorageMock = fixture.debugElement.injector.get(LocalStorageService);
         localStorageUseSshStoreStub = jest.spyOn(localStorageMock, 'store');
         getVcsAccessTokenSpy = jest.spyOn(accountService, 'getVcsAccessToken');
+        getCachedSshKeysSpy = jest.spyOn(sshUserSettingsService, 'getCachedSshKeys');
         createVcsAccessTokenSpy = jest.spyOn(accountService, 'createVcsAccessToken');
 
         participation = {};
@@ -126,6 +134,7 @@ describe('CodeButtonComponent', () => {
     // Mock the functions after the TestBed setup
     beforeEach(() => {
         getVcsAccessTokenSpy = jest.spyOn(accountService, 'getVcsAccessToken').mockReturnValue(of(new HttpResponse({ body: vcsToken })));
+        getCachedSshKeysSpy = jest.spyOn(sshUserSettingsService, 'getCachedSshKeys').mockImplementation(() => Promise.resolve([{ id: 99, publicKey: 'key' } as UserSshPublicKey]));
 
         createVcsAccessTokenSpy = jest
             .spyOn(accountService, 'createVcsAccessToken')
@@ -146,6 +155,7 @@ describe('CodeButtonComponent', () => {
         expect(component.sshTemplateUrl).toBe(info.sshCloneURLTemplate);
         expect(component.sshEnabled).toBe(!!info.sshCloneURLTemplate);
         expect(component.versionControlUrl).toBe(info.versionControlUrl);
+        expect(getCachedSshKeysSpy).toHaveBeenCalled();
     });
 
     it('should create new vcsAccessToken when it does not exist', async () => {
diff --git a/src/test/javascript/spec/helpers/mocks/service/mock-account.service.ts b/src/test/javascript/spec/helpers/mocks/service/mock-account.service.ts
index 421a28217750..fd27be2acfe0 100644
--- a/src/test/javascript/spec/helpers/mocks/service/mock-account.service.ts
+++ b/src/test/javascript/spec/helpers/mocks/service/mock-account.service.ts
@@ -3,6 +3,7 @@ import { Course } from 'app/entities/course.model';
 import { IAccountService } from 'app/core/auth/account.service';
 import { User } from 'app/core/user/user.model';
 import { Exercise } from 'app/entities/exercise.model';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
 
 export class MockAccountService implements IAccountService {
     userIdentityValue: User | undefined;
@@ -39,7 +40,6 @@ export class MockAccountService implements IAccountService {
     isOwnerOfParticipation = () => true;
     isAdmin = () => true;
     save = (account: any) => ({}) as any;
-    addSshPublicKey = (sshPublicKey: string) => of();
     getVcsAccessToken = (participationId: number) => of();
     createVcsAccessToken = (participationId: number) => of();
 }
diff --git a/src/test/javascript/spec/helpers/mocks/service/mock-ssh-user-settings.service.ts b/src/test/javascript/spec/helpers/mocks/service/mock-ssh-user-settings.service.ts
new file mode 100644
index 000000000000..415e0b22b665
--- /dev/null
+++ b/src/test/javascript/spec/helpers/mocks/service/mock-ssh-user-settings.service.ts
@@ -0,0 +1,11 @@
+import { of } from 'rxjs';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
+import { IASshUserSettingsService } from 'app/shared/user-settings/ssh-settings/ssh-user-settings.service';
+
+export class MockSshUserSettingsService implements IASshUserSettingsService {
+    getCachedSshKeys = () => Promise.resolve([]);
+    getSshPublicKeys = () => of([]);
+    getSshPublicKey = (keyId: number) => of({ id: 99 } as UserSshPublicKey);
+    addNewSshPublicKey = (userKey: UserSshPublicKey) => of();
+    deleteSshPublicKey = (keyId: number) => of();
+}
diff --git a/src/test/javascript/spec/service/account.service.spec.ts b/src/test/javascript/spec/service/account.service.spec.ts
index 36cf340f2ea7..b9b36bd7d4b8 100644
--- a/src/test/javascript/spec/service/account.service.spec.ts
+++ b/src/test/javascript/spec/service/account.service.spec.ts
@@ -17,6 +17,7 @@ import { Participation } from 'app/entities/participation/participation.model';
 import { Team } from 'app/entities/team.model';
 import { SessionStorageService } from 'ngx-webstorage';
 import { provideHttpClient } from '@angular/common/http';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
 
 describe('AccountService', () => {
     let accountService: AccountService;
@@ -80,6 +81,15 @@ describe('AccountService', () => {
         expect(accountService.isAuthenticated()).toBeTrue();
     }));
 
+    it('should handle user SSH public key correctly', () => {
+        const sshKey = new UserSshPublicKey();
+        sshKey.id = 123;
+        sshKey.label = 'test-label';
+
+        expect(sshKey.id).toBe(123);
+        expect(sshKey.label).toBe('test-label');
+    });
+
     it('should fetch the user on identity if the userIdentity is defined yet (force=true)', fakeAsync(() => {
         let userReceived: User;
         accountService.userIdentity = user;
@@ -563,4 +573,50 @@ describe('AccountService', () => {
             expect(fetchStub).not.toHaveBeenCalled();
         });
     });
+
+    describe('test vcs token related logic', () => {
+        afterEach(() => {
+            httpMock.verify();
+        });
+
+        it('should delete user VCS access token', () => {
+            accountService.deleteUserVcsAccessToken().subscribe(() => {});
+
+            const req = httpMock.expectOne({ method: 'DELETE', url: 'api/account/user-vcs-access-token' });
+            req.flush(null);
+        });
+
+        it('should add a new VCS access token', () => {
+            const expiryDate = '2024-10-10';
+
+            accountService.addNewVcsAccessToken(expiryDate).subscribe((response) => {
+                expect(response.status).toBe(200);
+            });
+
+            const req = httpMock.expectOne({ method: 'PUT', url: `api/account/user-vcs-access-token?expiryDate=${expiryDate}` });
+            req.flush({ status: 200 });
+        });
+
+        it('should get VCS access token for a participation', () => {
+            const participationId = 1;
+            const token = 'vcs-token';
+
+            accountService.getVcsAccessToken(participationId).subscribe((response) => {
+                expect(response.body).toEqual(token);
+            });
+
+            const req = httpMock.expectOne({ method: 'GET', url: `api/account/participation-vcs-access-token?participationId=${participationId}` });
+            req.flush({ body: token });
+        });
+
+        it('should create VCS access token for a participation', () => {
+            const participationId = 1;
+            const token = 'vcs-token';
+
+            accountService.createVcsAccessToken(participationId).subscribe(() => {});
+
+            const req = httpMock.expectOne({ method: 'PUT', url: `api/account/participation-vcs-access-token?participationId=${participationId}` });
+            req.flush({ body: token });
+        });
+    });
 });
diff --git a/src/test/javascript/spec/service/settings/ssh-user-settings.service.spec.ts b/src/test/javascript/spec/service/settings/ssh-user-settings.service.spec.ts
new file mode 100644
index 000000000000..118f9f6d8664
--- /dev/null
+++ b/src/test/javascript/spec/service/settings/ssh-user-settings.service.spec.ts
@@ -0,0 +1,85 @@
+import { TestBed } from '@angular/core/testing';
+import { HttpTestingController, provideHttpClientTesting } from '@angular/common/http/testing';
+import { provideHttpClient } from '@angular/common/http';
+import { UserSshPublicKey } from 'app/entities/programming/user-ssh-public-key.model';
+import dayjs from 'dayjs/esm';
+import { SshUserSettingsService } from 'app/shared/user-settings/ssh-settings/ssh-user-settings.service';
+
+describe('SshUserSettingsService', () => {
+    let sshUserSettingsService: SshUserSettingsService;
+    let httpMock: HttpTestingController;
+
+    beforeEach(() => {
+        TestBed.configureTestingModule({
+            providers: [provideHttpClient(), provideHttpClientTesting()],
+        });
+        sshUserSettingsService = TestBed.inject(SshUserSettingsService);
+        httpMock = TestBed.inject(HttpTestingController);
+    });
+
+    afterEach(() => {
+        httpMock.verify();
+        jest.restoreAllMocks();
+    });
+
+    it('should handle user SSH public key correctly', () => {
+        const sshKey = new UserSshPublicKey();
+        sshKey.id = 123;
+        sshKey.label = 'test-label';
+
+        expect(sshKey.id).toBe(123);
+        expect(sshKey.label).toBe('test-label');
+    });
+
+    describe('test SSH user settings API calls', () => {
+        let userSshPublicKey: UserSshPublicKey;
+        beforeEach(() => {
+            userSshPublicKey = new UserSshPublicKey();
+            userSshPublicKey.publicKey = 'ssh-key 1234';
+            userSshPublicKey.label = 'key 1';
+            userSshPublicKey.id = 1;
+            userSshPublicKey.expiryDate = dayjs().subtract(5, 'day');
+        });
+
+        afterEach(() => {
+            httpMock.verify();
+        });
+
+        it('should send a new SSH public key', () => {
+            sshUserSettingsService.addNewSshPublicKey(userSshPublicKey).subscribe((response) => {
+                expect(response.body).toEqual(userSshPublicKey);
+            });
+
+            const req = httpMock.expectOne({ method: 'POST', url: 'api/ssh-settings/public-key' });
+            req.flush({});
+
+            expect(req.request.method).toBe('POST');
+        });
+
+        it('should retrieve all SSH public keys', () => {
+            sshUserSettingsService.getSshPublicKeys().subscribe(() => {});
+
+            const req = httpMock.expectOne({ method: 'GET', url: 'api/ssh-settings/public-keys' });
+            req.flush({});
+            expect(req.request.method).toBe('GET');
+        });
+
+        it('should retrieve a specific SSH public key', () => {
+            const keyId = 1;
+            sshUserSettingsService.getSshPublicKey(keyId).subscribe(() => {});
+
+            const req = httpMock.expectOne({ method: 'GET', url: `api/ssh-settings/public-key/${keyId}` });
+            req.flush({});
+            expect(req.request.method).toBe('GET');
+        });
+
+        it('should delete a specific SSH public key', () => {
+            const keyId = 1;
+
+            sshUserSettingsService.deleteSshPublicKey(keyId).subscribe(() => {});
+
+            const req = httpMock.expectOne({ method: 'DELETE', url: `api/ssh-settings/public-key/${keyId}` });
+            req.flush(null);
+        });
+    });
+});
diff --git a/src/test/resources/config/application-artemis.yml b/src/test/resources/config/application-artemis.yml
index c43ee1c7f401..bb921732c292 100644
--- a/src/test/resources/config/application-artemis.yml
+++ b/src/test/resources/config/application-artemis.yml
@@ -64,7 +64,7 @@ artemis:
     apollon:
         conversion-service-url: http://localhost:8080
     telemetry:
-        enabled: true
+        enabled: false
         sendAdminDetails: true
         destination: http://localhost:8081
     plagiarism-checks:
diff --git a/src/test/resources/config/application.yml b/src/test/resources/config/application.yml
index 337990a0ae2c..45dd81e8309b 100644
--- a/src/test/resources/config/application.yml
+++ b/src/test/resources/config/application.yml
@@ -80,7 +80,9 @@ artemis:
                     default: "~~invalid~~"
         build-agent:
             short-name: "artemis-build-agent-test"
-
+    telemetry:
+        enabled: false  # setting this to false will disable sending any information to the telemetry service
+        
 spring:
     application:
         name: Artemis