I have been using google 2FA for a while and it works solid. How can I enforce 2AF for some users in addition to ssh key based login? All websites I visited explain how to set it up, but the result is it finally does not require 2FA if ssh keys are used.
I am aiming for this:
userA: This account is nonprivileged. It has ssh key authentication enabled. Passwordless login is working, no 2FA token is required.
userB: The account has admin privilege (e.g. sudo). ssh keys auth is enabled. I want this user to also use the 2FA token as a mandatory 2nd method for additional security.
