I have set up TOTP 2FA authentication on my VPS, mostly thanks to this answer.
I’ve been testing the authentication to see if my setup works as intended and it does, and when looking through /var/log/auth.log, I’ve noticed that the Google Authenticator PAM module logged its errors there, such as this one:
sshd(pam_google_authenticator)[4793]: Trying to reuse a previously used time-based code. ("/home/siph/.google_authenticator")Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack.
This looks like this is meant to be addressed to the user attempting to authenticate, however, when they make a failed attempt to log in, no message detailing the error is printed, and they are just prompted for their token again:
(siph@<host>) Verification code: 999999
(siph@<host>) Verification code:
Is there any way in the SSH or PAM configurations to change this behavior so those error messages are shown to the user? Or is there any reason why this wouldn’t be desirable?
Thank you.
