During handshake OnAuthenticationFailed event is fired, but authentication succedes. Why is the event triggered?
SSH protocol supports many authentication methods and you can enable all or some of them. Usually just one authentication method is used during handshake. This means that if you, for example, enable password, key-based and keyboard-interactive authentication (this combination is enabled by default) and use only key-based authentication, other two mechanisms are not used. But they are enabled and so the client attempts to use them. During these attempts the OnAuthenticationFailed event is fired.
The solution is to explicitly enable only one mechanism that you plan to use and disable other mechanisms, or you can just ignore the event cause it's fired mostly for informational purposes. Note, that username/password combination can be used not only in password authentication but also in keyboard-interactive authentication (which in general is more complex than just a password). So if you disable all mechanisms but password, and your server uses keyboard-interactive authentication instead, authentication will fail. So the best approach is to just ignore OnAuthenticationFailed event unless you need to use it and you understand how it works.