Another question is what authors of SSH protocol mean by "keyboard interactive"
My understanding is that it is anything that can't be easily automated. I'll give an example how openssh (>=2.7.1) handles pam authentication.
When the password has expired and user is forced to change the password the session looks like this:
! Using username "testi".
. Server prompt (Password: )
. Server prompt (You are required to change your password immediately (password aged)
. Changing password for testi
. (current) UNIX password: )
. Server prompt (New UNIX password: )
. Server prompt (Retype new UNIX password: )
. Access granted
. Opened channel for session
. Started a shell/command
Winscp program takes similar user input for both password authentication and "keyboard interactive" sessions. Only difference for the second type is that the user is forced to read the server supplied text before typing the input. What I'm basicly suggesting is that if a password is already supplied with the username, it would be used for the first "keyboard interactive" reply.
PS. Currently the multiline server prompt is cut short in winscp input window so that only start of the text is shown in "keyboard interactive" window.