Solution: how to enforce both passwords and keys:
Posted Apr 10, 2012 16:34 UTC (Tue) by shaiay
Parent article: SSH: passwords or keys?
No need to decide, a simple solution exists!
In a nuthshell, allow only key based logins, and use the ForceCommand option in sshd_config to force PAM authentication.
The user than has to have a key to login, but after they login, they are forced to authenticate via PAM, regardless of whether their key is password protected!
Full procedure in this blog post
to post comments)