Information
UsePAM Enables the Pluggable Authentication Module interface. If set to 'yes' this will enable PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types
Rationale:
When usePAM is set to yes, PAM runs through account and session types properly. This is important if you want to restrict access to services based off of IP, time or other factors of the account. Additionally, you can make sure users inherit certain environment variables on login or disallow access to the server
Impact:
If UsePAM is enabled, you will not be able to run sshd(5) as a non-root user.
Solution
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
UsePAM yes
Default Value:
usePAM yes