On Thu, Dec 18, 2014 at 12:59 AM, Damien Miller <...> wrote: > On Wed, 17 Dec 2014, Dmt Ops wrote: > >> But when I ssh in to the machine, I still get only the pubkey auth -- never >> get asked for the GA code, and I can login. > > Could you please post a debug log from the server? > > /path/to/sshd -ddd > > should produce one. Based on what I've seen the reason is because SSH is handling pub-key auth and bypasses PAM for it. Google Authenticator however is done via PAM so it only works for keyboard interactive logins. Now then from what I've seen you can try to do force command instead and use a different 2-factor provider that runs using a system executable but that provides its own headaches. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev