Hi Is it possible to configure the openssh (5.8p1) daemon to check both PubkeyAuthentication and PasswordAuthentication before accepting the user? Another possibility would be to do the password authentication within the ssh daemon and then use ForcedCommand to start a script which first checks the public key (which is loaded into an agent) and then spawns the real shell. Is there an easy way to do such a check? Thanks & regards Konrad