I was wondering if it's possible to configure `sshd` such that for OTP based authentication the first factor could be passed as a ssh key or certificate.

So specifically: The user's password would not be required for auth, only the key and OTP token. Is there a magic combination of AuthenticationMethods for `sshd_config` that would allow this to work?