See PR discussion: https://github.com/OpenXT/xenclient-oe/pull/951
The auth2-none is responsible for handling the PermitEmptyPasswords option. Whenever that option is set, sshd will try to login all users without a passwords.
For users that do have a password, that means a failed login attempt and a 2 seconds retry timeout. auth-passwd can handle empty password, clients can just press enter when prompted for a password.
Although AuthenticationMethods does not appear in the man sshd_config, it is understood by sshd. When using AuthenticationMethods password, if root has a has in /etc/shadow for an empty password, like $1$aIKg1Jne$qMOTnqQ8VxV5md/xTPx.V/, then any password will log you in, except for the empty string. This looks very wrong.
If a user has a password, setting PermitEmptyPasswords should not obviously have sshd try to login without a password (and enforce the retry timeout).
If a user has a hash in /etc/shadow for an empty password, only the empty string should log the user in.