If you are using SSH keys as part of your system hardening strategy, then you are well on your way to having a system that would prove difficult to penetrate (but not impossible), however, there may come a time when there is a need to allow a single user or a group to have access to the system with a password when it has already been locked down with SSH Keys.
In such a situation, you do not want to compromise the security of the server by allowing global password entry even if it is for a short period, luckily, Linux has thought of such scenarios and has a solution in place.
To allow password authentication for a single user, add the following directives to /etc/ssh/sshd_config:
Match User <username>
PasswordAuthentication yes
Match all
The Match block is effective until either another Match line is found or the end of the line.
To allow password authentication for a group, then add the following directive:
Match Group <groupname>
PasswordAuthentication yes
Match all
