zypper install google-authenticator-libpam
Created a /etc/pam.d/sshd file with
auth required pam_google_authenticator.so nullok
Linked it to phone app via qr code
the 2fa / mfa part seems to work:
sshd(pam_google_auth)[1313571]: Accepted google_authenticator for <user>
but password seem to fail:
error: PAM: User account has expired for <user> from <ipv4>
fatal: monitor_read: unpermitted request 104
Tried this but failed:
sudo pam-config -a --google_authenticator
pam-config: invalid option -- --google_authenticator
What is the advised way to have mfa on incoming ssh sessions?