I recently enabled two-factor-authentication using google-authenticator on my SSH server. However I am now facing a problem:
I have a different group of users on my server which I am using for SFTP, but that group is no longer able to login since 2FA isn't set up for the users in the group. Is it possible to disable the google-authenticator module for that group? Enabling it for the users in the group is not an option because multiple users will be using this account.
PS: I use openssh-server
Best Answer
You can use
pam_succeed_if
module (see manual page) before thepam_google_authenticator
to skip this part for your group: