Information
UsePAM Enables the Pluggable Authentication Module interface. If set to "yes" this will
enable PAM authentication using ChallengeResponseAuthentication and
PasswordAuthentication in addition to PAM account and session module processing for all
authentication types
Rationale:
When usePAM is set to yes, PAM runs through account and session types properly. This is
important if you want to restrict access to services based off of IP, time or other factors of
the account. Additionally, you can make sure users inherit certain environment variables
on login or disallow access to the server
Solution
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
UsePAM yes
Impact:
If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user.
Default Value:
usePAM yes