When implementing Multi Factor Authentication (MFA) for linux server with ssh-key and google-authenticator only with no password it was prompting us to enter password for user but we wanted authentication without password.

Steps to solve this:

1.  Install google authenticator (centos 64-bit) in a new terminal window:

yum install google-authenticator.x86_64

2.  Now vi /etc/pam.d/sshd (add following line at the top):

auth required pam_google_authenticator.so

3.  Then vi /etc/ssh/sshd_config:

# Change settings as mentioned below and in same order.
ChallengeResponseAuthentication yes
UsePAM yes
AuthenticationMethods publickey,keyboard-interactive
PasswordAuthentication no

4.  Then vi /etc/pam.d/sshd:

#auth substack password-auth (comment out)

Save and exit

5.   Then service sshd restart.

Related posts:

  1. Zoho CRM Editions Comparison Table
  2. Google Authenticator not working along with ssh-key and password
  3. Ubuntu | Google Authenticator not working with SSH keys
  4. Support Plan Content