|
Lines 624-635
If
Link Here
|
| 624 |
.Cm UsePrivilegeSeparation |
624 |
.Cm UsePrivilegeSeparation |
| 625 |
is specified, it will be disabled after authentication. |
625 |
is specified, it will be disabled after authentication. |
| 626 |
.It Cm UsePAM |
626 |
.It Cm UsePAM |
| 627 |
Enables PAM authentication (via challenge-response) and session set up. |
627 |
Enables the Pluggable Authentication Module interface. |
| 628 |
If you enable this, you should probably disable |
628 |
If set to |
| 629 |
.Cm PasswordAuthentication . |
629 |
.Dq yes |
| 630 |
If you enable |
630 |
this will enable PAM authentication using |
| 631 |
.CM UsePAM |
631 |
.Cm ChallengeResponseAuthentication |
| 632 |
then you will not be able to run sshd as a non-root user. The default is |
632 |
and PAM account and session module processing for all authentication types. |
|
|
633 |
.Pp |
| 634 |
Because PAM challenge-response authentication usually serves an equivalent |
| 635 |
role to password authentication, you should disable either |
| 636 |
.Cm PasswordAuthentication |
| 637 |
or |
| 638 |
.Cm ChallengeResponseAuthentication. |
| 639 |
.Pp |
| 640 |
If |
| 641 |
.Cm UsePAM |
| 642 |
is enabled, you will not be able to run |
| 643 |
.Xr sshd 8 |
| 644 |
as a non-root user. |
| 645 |
The default is |
| 633 |
.Dq no . |
646 |
.Dq no . |
| 634 |
.It Cm UsePrivilegeSeparation |
647 |
.It Cm UsePrivilegeSeparation |
| 635 |
Specifies whether |
648 |
Specifies whether |