OpenSSH: Different Authentication Methods

I have the need of having users logging in to a CentOS system with different authentication methods. Some using password and others using public key.

I followed the methods mentioned here: How can I setup OpenSSH per-user authentication methods?

However, I am not successful in having successful password based login.

In the sshd_config file, I have:

AuthenticationMethods keyboard-interactive,publickey
PasswordAuthentication no

Match User newton
    PasswordAuthentication yes
Match all

Update: I see that the issue is only when I have 2FA enabled with google authentication and I have the line:

AuthenticationMethods keyboard-interactive,publickey

Though for the user newton, I have set password authentication I see the following error:

[root@localhost]# ssh [email protected]
Permission denied (publickey).

Any suggestions are appreciated.


Although @Tolsadus answer probably points to the correct solution, it does not answer the question clearly.

In short, manual page for ssh_config is a good start to understand how the config parser in ssh works (the same rules apply for sshd_config):

For each parameter, the first obtained value will be used

This means that your example will set PasswordAuthentication to no for all users and for newton user will not overwrite it (because it is already set). To work it around, you should set the default values in the Match block. This will have the expected effect on newton user:

Match User newton
    PasswordAuthentication yes
Match all
    PasswordAuthentication no

Perfect explanation how to use the match option in /etc/ssh/sshd_config

In your case, you should do like that "real" world example https://gist.github.com/kjellski/5940875

You can find that match with addresses, but also users that is commented.

EDIT / UPDATE

@Jakuje properly answered the question, way more precise than mine.