https://www.openssh.com/txt/release-8.2
https://cryptsus.com/blog/how-to-configure-openssh-with-yubi...
TOTP with a PAM module is insecure since it's not cryptographically tied to the session like public key auth and can be phished. The author's suggestion to use it for passwordless login is dangerous when applied to SSH sessions!