After enabling Google authenticator (2 step authentication) on one of my testing servers running ubuntu 16.04 (LTS), I noticed I couldn't login anymore with a user who doesn't have a google authenticator profile on the server. I had to create a google authenticator profile (key) to let this user login.
My question now is:
would it be possible to have certain users use google authenticator and other users just SSH login without the google authenticator.
user1 has a profile with google authenticator.
user2 doesn't have a profile with google authenticator.
user1 logs in through SSH, fills in his password and the code provide by the google authenticator app, he is able to login.
user2 logs in through SSH, fills in his password and is able to login (he doesn't need to enter a code.
It would be ideal to have 2 usergroups one that needs the google authenticator code and one that doesn't need it.