🟠 High   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: Ubuntu 24.04 LTS

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Public-key login fails and admins fall back to password or lose access.

Environment & Reproduction

Common after home migration or permission drift.

ssh -vvv user@host
sudo systemctl status ssh
getent passwd user

Root Cause Analysis

Incorrect ownership or strict mode violations for .ssh and authorized_keys.

Quick Triage

Check sshd config and recent auth logs.

sudo sshd -T | grep -Ei 'pubkeyauthentication|authorizedkeysfile|passwordauthentication'
sudo journalctl -u ssh -n 120 --no-pager
sudo tail -n 120 /var/log/auth.log

Step-by-Step Diagnosis

Verify file permissions and key format.

sudo ls -ld /home/user /home/user/.ssh
sudo ls -l /home/user/.ssh/authorized_keys
sudo ssh-keygen -l -f /home/user/.ssh/authorized_keys
Illustrative mockup for ubuntu-24-04-lts — terminal_or_shell
Tracing SSH auth decisions — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Set strict permissions and restart sshd.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo chown -R user:user /home/user/.ssh
sudo chmod 700 /home/user/.ssh
sudo chmod 600 /home/user/.ssh/authorized_keys
sudo systemctl restart ssh
Illustrative mockup for ubuntu-24-04-lts — log_or_config
Repairing authorized_keys permissions — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Temporarily enable password auth from console for emergency access.

sudoedit /etc/ssh/sshd_config
# set PasswordAuthentication yes temporarily
sudo systemctl restart ssh

Verification & Acceptance Criteria

Key login succeeds and logs show pubkey accepted.

ssh -o PreferredAuthentications=publickey user@host true
sudo journalctl -u ssh -n 40 --no-pager

Rollback Plan

Revert sshd_config to previous hardened state after recovery.

sudo cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.bak.$(date +%s)
sudo systemctl restart ssh

Prevention & Hardening

Audit SSH permissions and disable password auth after validation.

find /home -maxdepth 2 -name .ssh -type d -exec ls -ld {} ;
sudo sshd -T | grep passwordauthentication

May coexist with UFW blocks and wrong user shell settings.

Related tutorial: View the step-by-step tutorial for Ubuntu 24.04 LTS.

View all Ubuntu 24.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu OpenSSH server hardening and key management docs.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.