AlmaLinux 9 : How to set up existing SSH keys for root (Or rather, why is this current set up not working?)

I have an Alma Linux 9 server machine with SSH root access through a custom port. The access is fine but should be with SSH Keys. We have keys, but we need to give the Public Key to the AlmaLinux server and hold the private key on machines in the office. This is the way it's always worked very well before on CentOS 7.9 systems. But whatever I've tried, can't get this to work on AlmaLinux . 1. The /root/.ssh/authorized_keys file contains two lines. I have manually added the second line so the public key is inside this file; ssh-rsa AAAAB3 ... obscured ... w+P1bZNsUU0Zw== plesk-ssh-terminal AAAAB ... my obscured public key ... rM5sO9/8JgiEw== The initial line is from the PLesk which runs on the server. Plesk is a terrible thing but I don't think I need to deal with that for sorting this out. The initial public key is required for the in-Plesk browser terminal functionality. 2. The /etc/ssh/sshd_config file has been updated based on data from the fully working sshd_config from the CentOS system which works perfectly. # $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ Include /etc/ssh/sshd_config.d/*.conf # custom port. Non Key login with password works on this port. Port 1234 HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key # SyslogFacility AUTH # I have updated this. But failed with AUTH only as well. SyslogFacility AUTHPRIV PermitRootLogin yes # I Have also tried PermitRootLogin prohibit-password PubkeyAuthentication yes PasswordAuthentication no # Below just to test if they helped. Seemed not. GSSAPIAuthentication no GSSAPICleanupCredentials yes # Also tried both of these: # UsePAM no # UsePAM yes 3. I have spent a day reading and checking so much on various guides for how to set this up and almost all guides expect me to build the Key on the server itself, however, the key is generated in our office and the public key is then given to the server. The key is given a custom name and then stored in /root/.ssh/.pub . The key is contained in the authorized_key file, outlined above. 4. There are two .conf files in /etc/ssh/sshd_config.d/ ; I have not touched these but between them they say: Include /etc/crypto-policies/back-ends/opensshserver.config SyslogFacility AUTHPRIV GSSAPIAuthentication yes GSSAPICleanupCredentials no UsePAM yes X11Forwarding yes PasswordAuthentication yes # Redhat file: ChallengeResponseAuthentication no Files are 50-cloud-init.conf and 50-redhat.conf . Not sure why they're there or what their purpose is (AlmaLinux !== Redhat) and server is not a cloud. Anyways... So, what am I missing for making the server to allow only SSH root connection with a private key file ? As I write this out I suspect the .conf files are causing a mess as they I believe overwrite the base /etc/ssh/sshd_config file. Should everything look like it works ok if I simply sidestep these .conf files? Or, as mentioned, am I missing something obvious?