diff --git a/internal/db/dbmigrate/scripts/v0.4.0.pre.sql b/internal/db/dbmigrate/scripts/v0.4.0.pre.sql
index 343c2b6ef4f48cc11b7cec07a69ccb67d3978070..e2f9253b463f6ebeb425c6a1426e2debdf3a79a7 100644
--- a/internal/db/dbmigrate/scripts/v0.4.0.pre.sql
+++ b/internal/db/dbmigrate/scripts/v0.4.0.pre.sql
@@ -519,7 +519,7 @@ BEGIN
     DECLARE rtCount INT;
 
     SELECT m.`user_id` FROM MTokens m WHERE m.id = MTID INTO uid;
-    SELECT s.MT_id, s.key_id FROM SSHPublicKeys s WHERE s.ssh_key_fp = FP AND s.user = uid INTO sshMTID, cid;
+    SELECT s.MT_id, s.MT_crypt FROM SSHPublicKeys s WHERE s.ssh_key_fp = FP AND s.user = uid INTO sshMTID, cid;
     SELECT m.`rt_id` FROM MTokens m WHERE m.id = sshMTID INTO rid;
     SELECT k.`key_id` FROM RT_EncryptionKeys k WHERE k.rt_id = rid AND k.MT_id = sshMTID INTO rckid;
     CALL EncryptionKeys_Delete(rckid);
diff --git a/internal/endpoints/settings/grants/ssh/ssh.go b/internal/endpoints/settings/grants/ssh/ssh.go
index 9326ba65d25c7d950ecc4ad5a1a0f889b6cf0a51..ade356d78fa84fabb9c4e1bf93b03b50af472d99 100644
--- a/internal/endpoints/settings/grants/ssh/ssh.go
+++ b/internal/endpoints/settings/grants/ssh/ssh.go
@@ -142,6 +142,9 @@ func handleAddSSHKey(ctx *fiber.Ctx) error {
 		}.Send(ctx)
 	}
 	sshKeyFP := gossh.FingerprintSHA256(sshKey)
+	if len(req.Capabilities) == 0 {
+		req.Capabilities = api.Capabilities{api.CapabilityAT}
+	}
 
 	return settings.HandleSettingsHelper(
 		ctx, &req.Mytoken, api.CapabilitySSHGrant, event.FromNumber(event.SSHKeyAdded, ""), fiber.StatusOK,
diff --git a/internal/server/ssh/at.go b/internal/server/ssh/at.go
index d241981d35a29a5f008c4b9f3bed0c228ff550dd..8f96dfa1b92088dd50c7dbc783445a8bc7e5ba65 100644
--- a/internal/server/ssh/at.go
+++ b/internal/server/ssh/at.go
@@ -18,10 +18,11 @@ import (
 func handleSSHAT(reqData []byte, s ssh.Session) error {
 	ctx := s.Context()
 	req := pkg.NewAccessTokenRequest()
-	req.GrantType = model.GrantTypeMytoken
 	if len(reqData) > 0 {
 		if err := json.Unmarshal(reqData, &req); err != nil {
-			return err
+			if err.Error() != "token not valid" {
+				return err
+			}
 		}
 	}
 	mt := ctx.Value("mytoken").(*mytoken.Mytoken)
@@ -29,6 +30,7 @@ func handleSSHAT(reqData []byte, s ssh.Session) error {
 		IP:        ctx.Value("ip").(string),
 		UserAgent: ctx.Value("user_agent").(string),
 	}
+	req.GrantType = model.GrantTypeMytoken
 	req.Mytoken = mt.ToUniversalMytoken()
 	rlog := logger.GetSSHRequestLogger(ctx.Value("session").(string))
 	rlog.Debug("Handle AT from ssh")