Comment by lathiat
8 months ago
You can still configure it to be key only, you just need to put your own override as a file in /etc/ssh/sshd_config.d/ rather than /etc/ssh/sshd_config.
The files are read in order, so your filename needs to sort after the 50-cloud-init.conf file. This would work: echo "PasswordAuthentication no" > /etc/ssh/sshd_config.d/60-password-auth.conf
It is first configuration that sticks.
That is how include * sshd_config_d overrides all subsequent lines in sshd_config.
So it would need to be 00-password-auth.conf for it to work.