Comment by juangacovas

Same here, PasswordAuthentication is globally No, but I always hold an special username for emergencies which is the only user allowed to login via password (easy at sshd_config file, Match User xxxx then "PasswordAuthentication yes"). Besides emergencies, also works wonders when some sysadmins insist to login via bare metal terminal and cannot use a key...