Different ssh authentication policies for different accounts

I know that I can disable SSH authentication with clear text password for root user (using PermitRootLogin) and enable it for all other users. But I need to disable text passwords for some list of users (and keep only public keys authentication for they). For those, who don't included to list, I need to enable password authentication also.

So, how I can adjust different SSH policies for different users? In sshd_config I've found only 2 arguments:

PermitRootLogin without-password  # disable text password for root
PasswordAuthentication yes  # enable it for all other users

I'd like to have some dictionary-style configuration, for example:

user1Auth without-password
user2Auth without-password
user3Auth yes
...

P.S. My OS is Ubuntu 14.04.


You can use the Match User or Match Group directives:

Match Group usergroup
    PasswordAuthentication no

If you don't want to use groups, you can specify each user:

Match User user1,user2
    PasswordAuthentcation yes

Match User user3
    PasswordAuthentication no

My preference is to never assign privileges directly to users (no matter the system), so I always use groups. This also carries the benefit that you can change group membership without needing to restart sshd.

NB. This configuration lines must be written below all other configs in /etc/sshd_config.