Yes, the user still is able to login only using the keys.
If you setup a SSH key for one of your clients then the preferred options for that client is to use SSH key unless he specifically uses the password authentication method like:
ssh -o PreferredAuthentications=password host
then he should know the password. If you are looking for a way so no one can login to this account you have to remove the keys:
mv /home/user/.ssh/authorized_keys{,.rm}
then peoply only can login using password, but they still are able to copy their keys to ~/.ssh.
for more flexible rules you have to changes your ssh server configs.
Yes, the user still is able to login only using the keys.
If you setup a SSH key for one of your clients then the preferred options for that client is to use SSH key unless he specifically uses the password authentication method like:
then he should know the password. If you are looking for a way so no one can login to this account you have to remove the keys:
then peoply only can login using password, but they still are able to copy their keys to
~/.ssh.for more flexible rules you have to changes your ssh server configs.