akerl
commented
2 years ago It seems pretty implausible that the AWS SG is the culprit here, unless you’ve configured some kind of MITM AWS service to monitor the traffic, or have something on your instance that has credentials to modify the SG.
It seems far more likely you’re running something in iptables / userspace on your instance that rate limits SSH connections, like fail2ban or similar.
But in any case, google_authenticator is not doing this, so you’ll probably be better off on StackOverflow or the AWS community forums.
thomcaldwell
I installed libpam-google-authenticator on an AWS (Amazon Web Services) instance (ubuntu 20.04) and was able to configure it to work perfectly for ssh. Except, if I intentionally enter the wrong code for 2 consecutive login cycles, the AWS Security group blocks all access on port 22 for 5 minutes or so (nmap verifies that it is closed). I can still log into a separate server within my AWS virtual private cloud and then log into the suspect instance, but any access through the public IP (which goes through the AWS Security Group) is blocked (I tested it from two separate locations/IP's). Restarting the instance has no effect, changing the AWS Security group does not correct the problem either. But, the service always returns at the public IP after about 5 minutes. Also, if I repeat the process after the port reopens, it has, on occasion, blocked access to port 22 after less than 2 full cycles of verification.
I tried to get technical support from AWS, but, I hate to say, the cost of that support is more than I pay for the AWS instance. Any thoughts? MFA is not critical to this server, but would certainly have been useful.