diff --git a/navi/tools/ssh_exec.py b/navi/tools/ssh_exec.py
index d27f0c2..973f07a 100644
--- a/navi/tools/ssh_exec.py
+++ b/navi/tools/ssh_exec.py
@@ -143,11 +143,22 @@
         }
 
         client_keys = cfg.get("client_keys")
-        if client_keys:
-            kwargs["client_keys"] = [str(Path(k).expanduser()) for k in client_keys]
-
         password = cfg.get("password")
-        if password:
+
+        if client_keys:
+            # Explicit key list — use only those keys
+            kwargs["client_keys"] = [str(Path(k).expanduser()) for k in client_keys]
+        elif password:
+            # Password auth — disable key auth entirely so asyncssh doesn't
+            # try ~/.ssh/* keys and fail before attempting the password
+            kwargs["client_keys"] = []
+            kwargs["password"] = password
+        else:
+            # No credentials specified — try default ~/.ssh/* keys
+            pass
+
+        if password and client_keys:
+            # Both specified — pass password as fallback
             kwargs["password"] = password
 
         known_hosts = cfg.get("known_hosts", None)
diff --git a/ssh_hosts.json.example b/ssh_hosts.json.example
index a902255..36f3ce1 100644
--- a/ssh_hosts.json.example
+++ b/ssh_hosts.json.example
@@ -4,11 +4,13 @@
     "port": 22,
     "username": "root",
     "client_keys": ["~/.ssh/id_rsa"],
-    "known_hosts": null
+    "known_hosts": "none"
   },
-  "staging": {
-    "host": "staging.example.com",
+  "ubuntu-pass": {
+    "host": "192.168.1.154",
+    "port": 22,
     "username": "ubuntu",
+    "password": "yourpassword",
     "known_hosts": "none"
   }
 }