The authentication methods specified in the client configuration file
(SSH2_CONFIG.) are attempted in the order in which they are listed for the AllowedAuthentications keyword.
If hostbased is listed first, the SSH server tries hostbasedauthentication
For example, the client configuration file contains the following:
In this case, the server first tries to use hostbased, then public key,
then password authentication. The first successful authentication is used.
The order of the authentication methods specified in the server configuration
file (SSHD2_CONFIG.) is irrelevant. If the AllowedAuthentications keyword
is missing or has no entries, the server accepts the following authentication