🟡 Medium   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: Oracle Linux 10

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Public-key login fails and falls back to password or denies access, affecting automation and remote operations.

Environment & Reproduction

Common after user home migration or backup restore that changes ownership/modes.

ssh -vvv user@host
systemctl status sshd
ls -ld /home/user /home/user/.ssh /home/user/.ssh/authorized_keys

Root Cause Analysis

`sshd` strict mode rejects key files when ownership or permissions are too open or incorrect.

Quick Triage

Inspect auth logs and SELinux status.

journalctl -u sshd -n 80 --no-pager
getenforce
ausearch -m avc -ts recent | tail -n 20

Step-by-Step Diagnosis

Validate account shell, key path, and sshd config options.

sshd -T | grep -E 'pubkeyauthentication|authorizedkeysfile|strictmodes'
getent passwd user
namei -l /home/user/.ssh/authorized_keys
Illustrative mockup for oracle-linux-10 — terminal_or_shell
Reviewing sshd auth failures — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Correct ownership and modes, then relabel if needed.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo chown -R user:user /home/user/.ssh
sudo chmod 700 /home/user/.ssh
sudo chmod 600 /home/user/.ssh/authorized_keys
sudo restorecon -Rv /home/user/.ssh
sudo systemctl reload sshd
Illustrative mockup for oracle-linux-10 — log_or_config
Correcting home and authorized_keys permissions — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Move centralized keys to `/etc/ssh/authorized_keys/%u` with controlled permissions.

sudo mkdir -p /etc/ssh/authorized_keys
sudo chmod 755 /etc/ssh/authorized_keys
sudo systemctl reload sshd

Verification & Acceptance Criteria

Key-based login succeeds and logs show accepted publickey auth.

ssh -o PreferredAuthentications=publickey user@host 'id'
journalctl -u sshd -n 20 --no-pager

Rollback Plan

Reapply previous SSH settings if access policy conflict appears.

sudo cp /etc/ssh/sshd_config.bak /etc/ssh/sshd_config
sudo systemctl reload sshd

Prevention & Hardening

Include permission checks in account provisioning and continuous compliance scans.

find /home -maxdepth 3 -name authorized_keys -exec ls -l {} ;
sshd -t

Related to disabled pubkey auth, unsupported key algorithms, and expired host keys.

Related tutorial: View the step-by-step tutorial for oracle-linux-10.

View all oracle-linux-10 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

OpenSSH and RHEL hardening guides for secure remote authentication practices.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.