#6 pamh.conversation returns wrong string

[NDQ]

Hello,
is there any way to get input from user in console by using OpenSSH authentication?
For example, by using this code

def pam_sm_authenticate(pamh, flags, argv):
    p = pamh.Message(pamh.PAM_TEXT_INFO, "PIN: ")
    i =  pamh.conversation(p)
    syslog.syslog("response is " + i.resp)
    return pamh.PAM_SUCCESS

pam-python's conversation function returns SSH's password (i.resp) and we can see "PIN: " string after authentication phase (in my case, it comes thogether with MOTD welcome message). But this is not possible to enter some addition information after SSH's password, because there is no delay for that and it seems like, by using this code, pam-python doesn't expect it at all...

I found many blog articles where entering second authentication step like PIN-via-EMAIL is done, but there are very old posts and I'm not sure if this should work now.

Possibility to get entered password is great thing, but how to send message back after that, wait for the entering user's answer and read this second string by authenticate phase?

Thanks a lot

[NDQ]

Small update: pamh.PAM_PROMPT_ECHO_OFF works perfectly on openSUSE, but not on Debian/xUbuntu or CentOS.

pamh.conversation() returns allways (except on openSUSE) allready typed SSH password. There is no way to rewrite it (get new string from user by asking in prompt).

Is there any fix or workarond for that?

Thank you