SSH 2FA for everyone but the root user | Centos 7

I am currently trying to achieve, that the root user can login with only the password, but without the 2FA authentication, when logging in from a specific Host. So far my sshd_config looks like this: #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #Authentication AllowUsers myuser ChallengeResponseAuthentication yes AuthenticationMethods keyboard-interactive #PermitRootLogin no PasswordAuthentication no PermitEmptyPasswords no UsePAM yes MaxAuthTries 3 KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com LogLevel VERBOSE UseDNS yes IgnoreRhosts yes HostbasedAuthentication no X11Forwarding no AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL #Banner /etc/ssh/banner #SFTP #Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO Match Address 100.100.100.100 PermitRootLogin yes However, this didn't work, the password is being prompted over and over again. So after a bit of research, I adapted my /etc/pam.d/sshd (I made a group noauth and added the root user to it) #%PAM-1.0 auth required pam_sepermit.so auth substack password-auth auth include postlogin # Used with polkit to reauthorize users in remote sessions -auth optional pam_reauthorize.so prepare account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session required pam_namespace.so session optional pam_keyinit.so force revoke session include password-auth session include postlogin # Used with polkit to reauthorize users in remote sessions -session optional pam_reauthorize.so prepare auth [success=done default=ignore] pam_succeed_if.so user ingroup noauth auth required pam_google_authenticator.so echo_verification_code But sadly, nothing changed, I still can't login with the root user. I can't add nullok to the google pam module, because everyone else has to be forced to use 2FA authentication Help is much appreciated :)