Setting sshd/passwordauthentication: "no" is impossible because UCS to UCS communication relies on this mechanism

When setting the UCR var sshd/passwordauthentication: “no” which is in general a good idea besides only allowing key based authentication, then you’ll be confronted with errors (using the diagnostic tile from the web ui):

Machine authentication failed - Login to the remote server with the uid ucs$ and the password from /etc/machine.secret failed. Please check /var/log/auth.log on the remote server for further information.

Why is the inter-machine communication not based on certs? Is there a way to only allow the machine account using password auth and for all others it is forbidden?