I'm following this DO guide on setting up 2FA on your server. It all makes sense until step 3 and 4.
- Step 3 says to let sshd know about 2FA by editing
/etc/ssh/sshd_configand to addAuthenticationMethods publickey,password publickey,keyboard-interactive. - Step 4 (optional) says to require a password AND 2FA by editing
/etc/pam.d/sshdand enableing@include common-auth
My end goal is that I would like to require a pubkey + user password + 2FA when logging into a server. But step 3 makes it sound like the password would be optional. Is AuthenticationMethods unrelated to @include common-auth when it comes to requiring a user password during server login? If so, what does AuthenticationMethods password refer to?
