It also means that by creating an account with Google, I agree to the consolidated Terms of service of all Google services, including the fact that Google is required to comply with the US Patriot Act.
Please, enough with the FUD. There is no need to create an account with Google to use Google Authenticator. You don't even need to use Google's app, as there are others that will handle the client side too (I use Authy, for example).
I don't think this is something especially useful for SSH security, as public-key authentication is already there and is more secure. But let that decision be made on the facts, one of which is that Google isn't going to get any information about you, your site, or your account unless you specifically send it. You don't need a Google account; Google doesn't check your logins; and your login, hostname, and secret key are only sent to Google if you take the URL it gives you and put it in a web browser to get a QR code.
Here's the output of running google-authenticator:
bash-4.1$ google-authenticator
https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/dan@sme-test%3Fsecret%3DESIX2XUGQN2WJWW2
Your new secret key is: ESIX2XUGQN2WJWW2
Your verification code is 610810
Your emergency scratch codes are:
72938720
47270924
37045962
28597796
33967286
Do you want me to update your "~/.google_authenticator" file (y/n) y
Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n) y
By default, tokens are good for 30 seconds and in order to compensate for
possible time-skew between the client and the server, we allow an extra
token before and after the current time. If you experience problems with poor
time synchronization, you can increase the window from its default
size of 1:30min to about 4min. Do you want to do so (y/n) n
If the computer that you are logging into isn't hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y
As you see, the first thing it gives you is a URL. If you plug that URL into your browser, it will show you a QR code that you can use to set up the account on your smartphone. And you'll see that the URL goes to Google, so it's possible they could retain the user, hostname, and secret key (I have no idea whether they do or not, but they could). This is the only part of the process that communicates with Google at all, and it's optional. If that concerns you, you can instead enter the key manually into your smartphone or other app. If this were to be integrated with SME Server, the QR code could just as well be generated locally, so users could have the easy setup of the QR code and there would still be nothing in Google's logs.
ETA: Here's a pretty good writeup on how the system works:
http://garbagecollected.org/2014/09/14/how-google-authenticator-works/