The SSH authentication component provides a function to verify the identity of a user (
pam_sm_authenticate()), by prompting the user for a passphrase and verifying that it can decrypt the target user's SSH key using that passphrase.
The following options may be passed to the authentication module:
use_first_pass
If the authentication module is not the first in the stack, and a previous module obtained the user's password, that password is used to authenticate the user. If this fails, the authentication module returns failure without prompting the user for a password. This option has no effect if the authentication module is the first in the stack, or if no previous modules obtained the user's password.
try_first_pass
This option is similar to the use_first_pass option, except that if the previously obtained password fails, the user is prompted for another password.