Secure SSH with hardware token

I have set up 2FA for SSH access to Ubuntu server (hosted in AWS). When the user initiates their SSH connection, they are given two options: 1. Duo push to xxx-xxx-xxxx and 2. SMS passcodes to xxx-xxx-xxxx. And these options work fine. However, this user also has a hardware token (YubiOTP) assigned to them. Should they not be presented with a 3rd option where they can inject their OTP code from the YubiKey?

Is passcode an option? For one of my Ubuntu servers my prompt looks like:

Enter a passcode or select one of the following options:

 1. Duo Push to XXX-XXX-XXXX

Passcode or option (1-1): 

At the prompt I tap my Yubikey and then the code is accepted.

Ah. That is it. Thank you Kevin.