📖 ~1 min read
Table of contents
Symptom & Impact
Automation pipelines and admins suddenly cannot SSH using previously working keys.
Environment & Reproduction
Triggered after `sshd` config change, SELinux/AppArmor profile update, or home directory permission drift.
Root Cause Analysis
Tightened permissions on `~/.ssh` or `authorized_keys` or sshd `PubkeyAcceptedKeyTypes` excludes the key type.
Quick Triage
Use `ssh -vvv user@host` to capture the negotiation steps and key offers.
Step-by-Step Diagnosis
Inspect `sshd` log via `journalctl -u sshd` and check permissions on `~/.ssh`.
Solution – Primary Fix
Set `chmod 700 ~/.ssh` and `chmod 600 authorized_keys`, then verify sshd config and reload.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Issue replacement keys using modern algorithms (ed25519) and enforce via policy.
Verification & Acceptance Criteria
All authorised users authenticate over key without password fallback prompts.
Rollback Plan
Restore the previous sshd_config from backup if changes lock out admins.
Prevention & Hardening
Audit `~/.ssh` permissions weekly and centralise key distribution.
Related Errors & Cross-Refs
Often paired with `Permissions 0644 for … are too open` warnings.
Related tutorial: View the step-by-step tutorial for sles-15.
View all sles-15 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
SUSE sshd configuration and AppArmor profile documentation.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
