To add to your answer:
As noted in Two Factor Authentication With OpenSSH google-authenticator
requires openssh-server-pam
, as you mention.
One thing that is missed in the tutorials depending on how it was set up was the use of the community repository to solve a common problem with this package installation:
ERROR: unsatisfiable constraints:
google-authenticator (missing):
required by: world[google-authenticator]
To set up the repository(ies) to do this correctly, go into
/etc/apk/repositories
and uncomment the community version of the repository line you are using:
https://<some_mirror>/<ver>/main
https://<some_mirror>/<ver>/community
Then, a
apk add google-authenticator openssh-server-pam
should work.
EDIT: As of at least Alpine3.X, you should also install libqrencode
, via
apk add libqrencode
google-authenticate
uses this to generate a scan-able QR code so that you don't have to do the manual entry. It will fail gracefully if this is not installed, however it does make things easier.