This is covered on another SO site.
https://serverfault.com/questions/93807/how-do-i-setup-ssh-with-both-private-key-and-password
Here is the example SSHD server script.
#######################################################
### Calomel.org SERVER /etc/ssh/sshd_config
#######################################################
#
Port 22
Protocol 2
AddressFamily inet
#ListenAddress 127.0.0.1
#See the questions section for setting up the gatekeeper
#ForceCommand /tools/ssh_gatekeeper.sh
AllowUsers calomel@10.10.10.3 calomel@192.168.*
AllowGroups calomel
AllowTcpForwarding yes
#AuthorizedKeysFile .ssh/authorized_keys (need to be be commented for OpenSSH 5.4)
Banner /etc/banner
ChallengeResponseAuthentication no
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
ClientAliveInterval 15
ClientAliveCountMax 3
Compression yes
GatewayPorts no
LogLevel VERBOSE
LoginGraceTime 50s
MACs hmac-sha2-512-96,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-256,hmac-sha1-96,hmac-sha1
MaxAuthTries 6
MaxStartups 10
PasswordAuthentication yes
PermitEmptyPasswords no
#PermitOpen localhost:80
PermitRootLogin no
PermitUserEnvironment no
PidFile /var/run/sshd.pid
PrintLastLog yes
PrintMotd no
PubkeyAuthentication yes
StrictModes yes
Subsystem sftp /usr/libexec/sftp-server
SyslogFacility AUTH
TCPKeepAlive no
UseDNS no
UseLogin no
UsePrivilegeSeparation yes
X11DisplayOffset 10
X11Forwarding no
X11UseLocalhost yes
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
#
#######################################################
### Calomel.org SERVER /etc/ssh/sshd_config
#######################################################