Esta pregunta es de 2012. Desde entonces, SSH ha cambiado y se ha implementado el protocolo SSH2.
En versiones más recientes de SSH (> = 6.2), man sshd_config menciona:
AuthenticationMethods
Specifies the authentication methods that must be successfully completed for a user to be
granted access. This option must be followed by one or more comma-separated lists of
authentication method names. Successful authentication requires completion of every method
in at least one of these lists.
For example, an argument of ``publickey,password publickey,keyboard-interactive'' would
require the user to complete public key authentication, followed by either password or key-
board interactive authentication. Only methods that are next in one or more lists are
offered at each stage, so for this example, it would not be possible to attempt password or
keyboard-interactive authentication before public key.
This option is only available for SSH protocol 2 and will yield a fatal error if enabled if
protocol 1 is also enabled. Note that each authentication method listed should also be
explicitly enabled in the configuration. The default is not to require multiple authentica-
tion; successful completion of a single authentication method is sufficient.
Esta página http://lwn.net/Articles/544640/ también menciona la posibilidad de usar una clave pública y una autenticación PAM al mismo tiempo.