I already use 2FA to SSH into Fedora with libpam/google-authenticator.
I also tried setting it up for GNOME desktop login. However, after logging out and going back to the login screen, I type in the 2FA code (which it accepts fine via SSH) and it says it is incorrect. I have a feeling SELinux is messing it up. Luckily I could SSH back in and fix it back.
Anybody have any experience with this?
Did you try parsing journalctl over SSH and check to see if there were any PAM or SELinux errors?
I’ll do that first thing tomorrow and report back
You can also run setenforce 0 to temporarily disable SELinux and rule that out.