It’s real easy. For passwort logins edit /etc/ssh/sshd_config and set “PasswordAuthentication” to “yes”, issue a “/etc/init.d/ssh reload” for the new config to become active. But a much better solution is to use ssh keys. Password access should only be allow temporarily. You should also have a rule set up in your firewall (I prefer CSF) that blacklists an IP if they attempt to enter a password more than 5 times in short succession.
That’s it, short and sweet.