diff --git a/conf/ssh/sshd_config b/conf/ssh/sshd_config
index eaa0c7380..63cd0f8fd 100644
--- a/conf/ssh/sshd_config
+++ b/conf/ssh/sshd_config
@@ -57,11 +57,7 @@ UsePAM yes
 
 # PLEASE: if you wish to force everybody to authenticate using ssh keys, run this command:
 # yunohost settings set security.ssh.ssh_password_authentication -v no
-{% if password_authentication == "False" %}
-PasswordAuthentication no
-{% else %}
-#PasswordAuthentication yes
-{% endif %}
+PasswordAuthentication {{ password_authentication }}
 
 # Post-login stuff
 Banner /etc/issue.net
@@ -103,7 +99,7 @@ Match Group sftp.app,!ssh.app
     AllowStreamLocalForwarding no
     PermitTunnel no
     PermitUserRC no
-    PasswordAuthentication yes
+    PasswordAuthentication {{ password_authentication }}
 
 # root login is allowed on local networks
 # It's meant to be a backup solution in case LDAP is down and
diff --git a/share/config_global.toml b/share/config_global.toml
index 40b71ab19..7e8932067 100644
--- a/share/config_global.toml
+++ b/share/config_global.toml
@@ -42,6 +42,8 @@ name = "Security"
         [security.ssh.ssh_password_authentication]
         type = "boolean"
         default = true
+        yes = "yes"
+        no = "no"
 
     [security.nginx]
     name = "NGINX (web server)"