How can I enable both password and public key authentication with OpenSSH

This is finally available as of OpenSSH 6.2 (released March 2013), using the AuthenticationMethods configuration option.

For instance, you may add the following line to sshd_config to require both public-key and password authentication:

AuthenticationMethods publickey,password

When logging in, ssh and scp will first perform public-key authentication, and then prompt for a password:

$ ssh user@example.org
Authenticated with partial success.
user@example.org's password:

If you have a password on your private key file, you will of course first be prompted for that. Example using PuTTY:

Using username "user".
Authenticating with public key "rsa-key-20131221-user"
Passphrase for key "rsa-key-20131221-user":
Further authentication required
user@example.org's password:

Not presently. But there are some patches floating around that are supposed to add this.

See https://bugzilla.mindrot.org/show_bug.cgi?id=983