Unfortunately, not all (client) software that supports SSH/SFTP supports publickey authentication.
How would one set up a standard Ubuntu desktop (with sshd enabled) so that you could use an easy password to login locally, but need a different (more secure) password to login to the same account via SSH?
I would prefer to remain able to login to the desktop user via publickey auth, for those programs that do support it.
Have another user for SSH Login and use sudo
or su - if need to Access the Desktop-User Profile.
Disable the Desktop-User in /etc/ssh/sshd_conf with "DenyUsers":
/etc/ssh/sshd_config:
...
DenyUsers Desktop-User
...
I don't know if I understand your request but if I understand right, you need a user who can log in to the server locally and via SSH but with different passwords?
If that is the case, simply create an SSH keypair with a different password and allow remote login with SSH keypair. In /etc/ssh/sshd_config find the line: PasswordAuthentication. Set this to no. From this point the users will be able to log in to your server via SSH if they have a private key available on their client, and they will have to enter the SSH keys passphrase instead the users password that you use to log in locally.
OpenSSH and other ssh servers I'm aware of don't allow changing these things only for ssh logins, but there are ways to hack your way around it.
OpenSSH can use PAM for authentication. Unfortunately it doesn't allow specifying a non-default PAM service, so you'll need to change the main PAM configuration. Pam isn't very flexible, but there are modules that allow PAM to run a custom script on login, so you could try to create a pam script that detects SSH logins and then accepts a different password from a non-SSH login. I don't know PAM in detail, so this is just a general description
Another (probably easier) way to hack the system could be to run the SSH server in a separate mount namespace, and bind-mount a different /etc/shadow with different passwords, then SSHd would use these while local logins would not. (Note that if a user logs in over SSH and then is able to run login or in some other way attempt a local login that will also be checked against the SSH password database.)
edit: the above answers how using a different SSH password is possible, but I wouldn't recommend it unless you know very well what you are doing, as you're tinkering with security systems. I've added a new answer with a more practical approach.
Re-reading this question a few years later, this is what I would do in this case:
Configure your main user to be secure. I.e. configure sshd to only allow logins with publickey, and then use the short desktop login password you want.
Set up a secondary user with password login over ssh enabled, and configure the more secure password for this user. Then configure sudo to allow sudo-ing from the secondary user to the main user, optionally without requiring a password. You could even set up the default shell for ssh to be something like /usr/bin/sudo -i -u mainuser /bin/bash, so you automatically end up in a shell session for your main user when you log in over ssh.
See here for how to enable password login over ssh only for specific users.
Another possibility is running a secondary ssh server that allows changing the login password just for the ssh login, like Dropbear. But now you have a second ssh server on your system, which might have its own vulnerabilities, so I would prefer using the standard sshd with a secondary user.
A third option I just thought of is to create a copy of your user in /etc/passwd and /etc/shadow, with a different username and password, but the same UID as your main user. Reading these questions, that seems to be a more-or-less supported usage of the passwd file for creating an alias with a different password. But I would still prefer the first option if that works for you, as it is less arcane.
