SSH authentication at a remote system follows a strict order of priorities:
- Using the first method, the device always attempts to authenticate by means of a public key, unless the remote system does not support this method or the current administrator does not possess a public key.
- With the second method, if public-key authentication is unavailable or if the remote system has rejected the public key of the authenticating administrator, the device offers interactive authentication by keyboard. Depending on the application, interactive authentication may consist of exchanging a number of messages between the SSH client and SSH server. In the simplest case, entering a valid password is sufficient.