Im trying to make SSH logins require 2 factor auth but only on one port.
So port 1 is open only to a list of ip's managed by iptables. and only requires password / key
port 2 is open to all, But requires 2 factor auth.
Is this setup possible or would 2 sshd's need to be running
You would need 2 sshd's to be running. I use exactly this setup on border/bastion hosts.