I worked on setting up 2FA while doing ssh in EC2 instance. But after the setup instance is still not asking for 2FA code and directly logs my user i.e. ubuntu into the server.
I did following steps to setup 2FA:
Install Google Authenticator PAM module.
sudo apt install libpam-google-authenticator
Add auth required pam_google_authenticator.so to /etc/pam.d/sshd
Restart ssh sudo systemctl restart sshd.service
Update sshd_config with following:
ChallengeResponseAuthentication yes PasswordAuthentication no
Run command google-authenticator
Please help me resolve this issue. Thanks in advance.
I was facing this issue because of other configuration was enabled. PubKeyAuthentication was used instead of authenticator. I change it to PubKeyAuthentication no which resolved the issue.