When setting sshd PasswordAuthentication to no has no effect

After setting up ssh authentication via public/private key for my user account on my Ubuntu 22.04 server, I wanted to disable authentication via password for security reasons. So in /etc/ssh/sshd_conf I changed the entry PasswordAuthentication from yes (the default) to no:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no

Then I restarted the ssh daemon with

sudo systemctl restart sshd.service

and tried to log on via ssh without my private key loaded into Pageant.

To my surprise I got the username and password prompt and could log in with my password. WTF??!

I got side tracked and forgot about the issue until today, when I set up two factor authentication for ssh. During that I RTFM and also looked into the files that exist in /etc/ssh/sshd_config.d. And there I found the reason for this failure:

The /etc/ssh/sshd_config file contains the following line as the first non comment entry:

Include /etc/ssh/sshd_config.d/*.conf

This means that it reads any of the *.conf files in the subdirectory sshd_config.d and treats their content as part of the configuration file at this very point.

There was only one file in there on my installation 50-cloud-init.conf:

PasswordAuthentication yes

Add to that the following description in the manual:

sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file specified with -f on the command line). The file contains keyword-argument pairs, one per line. For each keyword, the first obtained value will be used. Lines starting with ‘#’ and empty lines are interpreted as comments.

And there you have it: The included file already contained a PasswordAuthentication entry, so the one which I added in the main configuration file had no effect, because it came after the include line.