So in years gone past, I've had systems with SSH and PAM configured "nicely" to allow users to log-in using either a pre-shared SSH public key pair or a password together with a one-time token from the Google authenticator app running on my Android phone.
When I tried to set this up again recently with the current Fedora release (39), it didn't work as I expected. So I spent a couple of head-scratching days fiddling with every little nitty-gritty setting trying to find-out the problem. It turned-out that there are several things that needed to be changed, so I thought I might as well blog it for posterity.