There are a great many guides that are using google authentication as a two factor source for SSH, and this is fine for one off servers where you are the one and only admin of that server. However there are several problems for a multi-server and/or multi-user environments. Let’s review these problems, getting a better understanding of two factor auth, and some solutions.

Problem 1: The secret key is stored in your user’s home directory on the server. With it, you can generate tokens at any time. This means that if your server gets compromised, they can now generate your one time tokens at will. If you have 10 servers using the same token, they can generate that token for all of them.