|
Lines 624-635
If
Link Here
|
| 624 |
.Cm UsePrivilegeSeparation |
624 |
.Cm UsePrivilegeSeparation |
| 625 |
is specified, it will be disabled after authentication. |
625 |
is specified, it will be disabled after authentication. |
| 626 |
.It Cm UsePAM |
626 |
.It Cm UsePAM |
| 627 |
Enables PAM authentication (via challenge-response) and session set up. |
627 |
Enables the Pluggable Authentication Module interface. To authenticate via |
| 628 |
If you enable this, you should probably disable |
628 |
PAM you must use |
| 629 |
.Cm PasswordAuthentication . |
629 |
.Cm ChallengeResponseAuthentication |
| 630 |
If you enable |
630 |
(keyboard-interactive for SSHv2, TIS for SSHv1) so you should also set |
| 631 |
.CM UsePAM |
631 |
.Cm PasswordAuthentication |
| 632 |
then you will not be able to run sshd as a non-root user. The default is |
632 |
to |
|
|
633 |
.Dq no . |
| 634 |
.Pp |
| 635 |
If |
| 636 |
.Cm UsePAM |
| 637 |
and |
| 638 |
.Cm PasswordAuthentication |
| 639 |
are both enabled, then users may authenticate via the native password |
| 640 |
mechanism, bypassing the PAM |
| 641 |
.Ar auth |
| 642 |
module. In such a case, the PAM |
| 643 |
.Ar account |
| 644 |
and |
| 645 |
.Ar session |
| 646 |
modules will still be checked. |
| 647 |
.Pp |
| 648 |
If |
| 649 |
.Cm UsePAM |
| 650 |
is enabled you will not be able to run sshd as a non-root user. The default is |
| 633 |
.Dq no . |
651 |
.Dq no . |
| 634 |
.It Cm UsePrivilegeSeparation |
652 |
.It Cm UsePrivilegeSeparation |
| 635 |
Specifies whether |
653 |
Specifies whether |