diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml
index e6ffed786b..548db9e843 100644
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@@ -123,3 +123,4 @@ parameter_defaults:
       DhcpRangeEnd: '192.168.24.24'
   UndercloudCtlplaneLocalSubnet: 'ctlplane-subnet'
   MistralDockerGroup: true
+  PasswordAuthentication: 'yes'
diff --git a/puppet/services/sshd.yaml b/puppet/services/sshd.yaml
index bb8df71246..0d7e1a058a 100644
--- a/puppet/services/sshd.yaml
+++ b/puppet/services/sshd.yaml
@@ -46,7 +46,6 @@ parameters:
         - '/etc/ssh/ssh_host_ed25519_key'
       SyslogFacility: 'AUTHPRIV'
       AuthorizedKeysFile: '.ssh/authorized_keys'
-      PasswordAuthentication: 'no'
       ChallengeResponseAuthentication: 'no'
       GSSAPIAuthentication: 'yes'
       GSSAPICleanupCredentials: 'no'
@@ -62,6 +61,10 @@ parameters:
       Subsystem: 'sftp  /usr/libexec/openssh/sftp-server'
     description: Mapping of sshd_config values
     type: json
+  PasswordAuthentication:
+    default: 'no'
+    description: Whether or not disable password authentication
+    type: string
 
 outputs:
   role_data:
@@ -72,5 +75,6 @@ outputs:
         tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
         tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay}
         tripleo::profile::base::sshd::options: {get_param: SshServerOptions}
+        tripleo::profile::base::sshd::password_authentication: {get_param: PasswordAuthentication}
       step_config: |
         include ::tripleo::profile::base::sshd