One thing the article did not really answer was why this is necessary - why is it necessary? I thought that public and private keys were a pretty secure way to SSH into a machine.
Unless you lose them. Authentication isn't just about allowing people you know in, if they know the secret pass-phrase that never changes. It's also about knowing they are who they say they are. Two-factor authentication radically improves that second aspect (in most / ideal cases).
Indeed, as long as you only log in from trusted devices, you can just as well use private key-based authentication.
This kind of two-factor authentication solution is good in case you have to log in from non-trusted computers to your private server sometimes. It prevents someone running a keylogger from being able to log in. And you'd never copy your private key in that case as it could be easily stolen.
OPIE one-time passwords are similar and have been used for a long time. I don't know the advantages and disadvantages of the Google approach (except that you have to trust Google).
