root ユーザーに切り替える。
$ sudo -i
ec2-user のパスワードを設定する。
# passwd ec2-user
New password:
BAD PASSWORD: The password fails the dictionary check - it is too simplistic/systematic
Retype new password:
passwd: all authentication tokens updated successfully.
/etc/ssh/sshd_config を編集する
編集前
61 #PasswordAuthentication yes
62 #PermitEmptyPasswords no
63 PasswordAuthentication no
編集後(142行目は新規追加行)
61 PasswordAuthentication yes
62 PermitEmptyPasswords no
63 #PasswordAuthentication no
142 AuthenticationMethods publickey,password publickey,keyboard-interactive
ssh デーモン再起動
systemctl restart sshd
2 要素認証でログインに成功したところ
PS C:\WINDOWS\system32> ssh -i C:\Users\user\Downloads\private.pem ec2-user@52.123.123.123
The authenticity of host '52.123.123.123 (52.123.123.123)' can't be established.
ECDSA key fingerprint is SHA256:xxxxxxxxxxxxxxx
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '52.123.123.123' (ECDSA) to the list of known hosts.
ec2-user@52.123.123.123's password:
Last login: Fri Jun 18 13:17:46 2021 from example.net
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
[ec2-user@ip-172-123-123-123 ~]$
秘密鍵のみでログインしようとして失敗したところ
PS C:\WINDOWS\system32> ssh -i C:\Users\user\Downloads\private.pem ec2-user@52.123.123.123
ec2-user@52.123.123.123's password:
Permission denied, please try again.
ec2-user@52.123.123.123's password:
Permission denied, please try again.
ec2-user@52.123.123.123's password:
ec2-user@52.123.123.123: Permission denied (password).
普段使っている TeraTerm は2要素認証に対応していない様子。
参考記事