because the base layout uses pam, the sshd_config file might do better if changed from # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no to # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no #PermitEmptyPasswords no since the default behavour is to allow password authentication.. what happens if PasswordAuthentication is set to "yes" or remmed out is that after an unsuccessful round of pam authentication, ssh provides its own prompt and allows the user to login.. so any config with pam on ssh will not work as promised.
baselayout doesnt use pam openssh has pam as an option ... you can simply `USE=-pam emerge openssh` and openssh wont support it i updated the config option to set 'PasswordAuthentication no' if USE=pam