🟠 High   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: Ubuntu 26.04 LTS

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Key-based login is rejected and automation falls back to password or fails completely.

Environment & Reproduction

Common after user home migration, backup restore, or manual chmod operations.

ssh -vvv user@host
systemctl status ssh
sudo tail -n 100 /var/log/auth.log

Root Cause Analysis

StrictModes in OpenSSH rejects insecure ownership or permissions on home and .ssh artifacts.

Quick Triage

Inspect ownership chain from home directory to authorized_keys.

namei -l /home//.ssh/authorized_keys
ls -ld /home/ /home//.ssh
ls -l /home//.ssh/authorized_keys

Step-by-Step Diagnosis

Validate sshd policy and correlate denied attempts in logs.

sshd -T | grep -Ei 'pubkeyauthentication|authorizedkeysfile|strictmodes'
sudo grep -i 'Failed publickey' /var/log/auth.log | tail -n 40
Illustrative mockup for ubuntu-26-04-lts — terminal_or_shell
Checking OpenSSH auth logs and file modes — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Set canonical ownership and permissions, then retry key auth.

Still having issues? Our IT Consulting team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo chown -R : /home//.ssh
sudo chmod 700 /home//.ssh
sudo chmod 600 /home//.ssh/authorized_keys
sudo chmod go-w /home/
sudo systemctl restart ssh
Illustrative mockup for ubuntu-26-04-lts — log_or_config
Correcting .ssh ownership and permissions — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Use AuthorizedKeysCommand with centralized key source for controlled environments.

sudo sshd -T | grep authorizedkeyscommand

Verification & Acceptance Criteria

Public key login succeeds and no permission warnings appear in auth logs.

ssh -o PreferredAuthentications=publickey -o PasswordAuthentication=no user@host true
sudo tail -n 60 /var/log/auth.log

Rollback Plan

Restore previous sshd settings if policy changes impact required access paths.

sudo cp /etc/ssh/sshd_config.bak /etc/ssh/sshd_config 2>/dev/null || true
sudo systemctl restart ssh

Prevention & Hardening

Enforce SSH file mode checks in account provisioning automation.

find /home -maxdepth 3 -name authorized_keys -exec ls -l {} ';'
sshd -T | grep strictmodes

Often seen with wrong home directory mount options and disabled PubkeyAuthentication policy.

Related tutorial: View the step-by-step tutorial for Ubuntu 26.04 LTS.

View all Ubuntu 26.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu OpenSSH server documentation and key-auth hardening references.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.