diff --git a/docker-compose.yml b/docker-compose.yml
index ab8ca6b..1a6c8d2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,4 +7,9 @@ services:
       - SYS_CHROOT
     environment:
       - COMMAND=/app/tui
+    volumes:
+      - ssh_host_key:/app/host_key
     restart: unless-stopped
+
+volumes:
+  ssh_host_key:
diff --git a/main.go b/main.go
index b7540db..3eab7d1 100644
--- a/main.go
+++ b/main.go
@@ -4,6 +4,7 @@ import (
 	"crypto/ed25519"
 	"crypto/rand"
 	"encoding/binary"
+	"encoding/pem"
 	"io"
 	"log"
 	"net"
@@ -23,13 +24,30 @@ func main() {
 		},
 		NoClientAuth: true,
 	}
-	_, key, err := ed25519.GenerateKey(rand.Reader)
-	if err != nil {
-		log.Fatal(err)
-	}
-	signer, err := ssh.NewSignerFromKey(key)
-	if err != nil {
-		log.Fatal(err)
+	var signer ssh.Signer
+	keyFile := "/app/host_key"
+	if data, err := os.ReadFile(keyFile); err == nil {
+		signer, err = ssh.ParsePrivateKey(data)
+		if err != nil {
+			log.Fatal("Failed to parse existing host key:", err)
+		}
+	} else {
+		_, key, err := ed25519.GenerateKey(rand.Reader)
+		if err != nil {
+			log.Fatal(err)
+		}
+		signer, err = ssh.NewSignerFromKey(key)
+		if err != nil {
+			log.Fatal(err)
+		}
+		block, err := ssh.MarshalPrivateKey(signer, "")
+		if err != nil {
+			log.Fatal("Failed to marshal host key:", err)
+		}
+		privateKeyBytes := pem.EncodeToMemory(block)
+		if err := os.WriteFile(keyFile, privateKeyBytes, 0600); err != nil {
+			log.Fatal("Failed to save host key:", err)
+		}
 	}
 	config.AddHostKey(signer)
 	listener, err := net.Listen("tcp", ":22")