If you have SSH keys configured, tested, and working effectively, it is most likely a smart idea to disable password authentication. This tends to protect against any person from signing in with SSH employing a password. If you don't hold the ssh-duplicate-id utility available, but nevertheless have password-dependent SSH usage https://arthurwfiln.blogdanica.com/29801361/servicessh-can-be-fun-for-anyone