We have an SSH server which provides both, keyboard interactive and password authentication. However, some user (with administrative privileges) need to provide a second factor. Password authentication will fail for those users.
I played around with the code. The easiest way to get it working would be reversing the order:
If a TOTP is provided, try keyboard interactive first and if this fails try with password. If no TOTP is provided, try password authentication first and fall back to keyboard interactive.
We have an SSH server which provides both, keyboard interactive and password authentication. However, some user (with administrative privileges) need to provide a second factor. Password authentication will fail for those users.
I played around with the code. The easiest way to get it working would be reversing the order:
If a TOTP is provided, try keyboard interactive first and if this fails try with password. If no TOTP is provided, try password authentication first and fall back to keyboard interactive.