🟡 Medium   ⏱ 5–30 min  Last verified: 20 May 2026

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

SSH prompts for password or denies login even when valid private key is supplied, breaking automation and remote administration.

Environment & Reproduction

Ubuntu 16.04 OpenSSH servers after home directory permission changes or edited sshd_config.

Root Cause Analysis

StrictModes checks fail due to insecure permissions/ownership, wrong AuthorizedKeysFile path, or disabled PubkeyAuthentication.

Quick Triage

Use ssh -vvv from client and inspect server logs with journalctl -u ssh or /var/log/auth.log.

Step-by-Step Diagnosis

Validate ownership and modes on home, .ssh, and authorized_keys, then test effective sshd configuration with sshd -T.

Illustrative mockup for ubuntu-16-04-lts — ubuntu1604-b01-p24-diagnosis
sshd logs show key rejected due to permissions — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Set secure permissions (700 .ssh, 600 authorized_keys), correct sshd_config auth settings, and restart ssh service safely.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for ubuntu-16-04-lts — ubuntu1604-b01-p24-fix
authorized_keys and sshd config corrected — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Use centralized SSH certificate authentication or configuration management to enforce canonical authorized_keys placement.

Verification & Acceptance Criteria

Key-based login succeeds without password and sshd logs show accepted publickey for expected user/key fingerprint.

Rollback Plan

Restore previous sshd_config and authorized_keys backups; keep console session open while reverting to avoid lockout.

Prevention & Hardening

Automate file permission checks, enable fail2ban/rate limits, and audit SSH config drift regularly.

Related to UFW SSH blocks, DNS host mismatch warnings, and PAM/account policy denials.

Related tutorial: View the step-by-step tutorial for Ubuntu 16.04 LTS.

View all Ubuntu 16.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

sshd_config(5), ssh(1), and secure remote access hardening baselines.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.