SSH (and by association conch) sends feedback to users but unless you ssh -v you won't see much of it. Sending text feedback without using the standard auth methods might require you to move your two factor auth into your protocol but this doesn't feel like a good idea to me. I'm relatively new to conch and my use case is quite different to yours so if I'm wrong and there is a way to do this I hope someone else jumps in to correct me.

I did a quick test with http://twistedmatrix.com/documents/current/api/twisted.conch.checkers.SSHProtocolChecker.html as my portals checker and that lets me require both password (something you know) and key (something you have).
My test doesn't handle "ticking" already used auth methods off the list of authentications that can continue but I don't think it would be too hard to get that working.
I see the following in my ssh client connection when connecting to my server. As I said I don't tick off used methods which is why you see "Authentications that can continue: password,publickey" instead of just password.

$ ssh -v -p 5022 user@localhost
OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/tom/.ssh/config
....
debug1: Remote protocol version 2.0, remote software version Twisted
....
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/tom/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
Authenticated with partial success.
debug1: Authentications that can continue: password,publickey
....
debug1: Next authentication method: password
user@localhost's password:
debug1: Authentication succeeded (password).
Authenticated to localhost ([127.0.0.1]:5022).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB.UTF-8

Hope that helps.