My server requires a user password and 2FA code when SSHing in. I have enabled this in /etc/pam.d/sshd by including @include common-auth (for the password) and auth required pam_google_authenticator.so (for the 2FA). My /etc/ssh/sshd_config file has UsePAM yes.
With that in mind, I would think that the PAM config file handles everything. But it appears as though I still need to include AuthenticationMethods publickey,keyboard-interactive in /etc/ssh/sshd_config or else the PW and 2FA are bypassed.
Why are AuthenticationMethods needed instead of relying on PAM? How can I think about the way /etc/pam.d/sshd and /etc/ssh/sshd_config operate together?
