Minor What were you trying to do that didn't work?
Checking default /etc/ssh/sshd_config file, I can see the following comment:
# Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. # WARNING: 'UsePAM no' is not supported in RHEL and may cause several # problems. #UsePAM no
The "#UsePAM no" is misleading, this makes the admin believe the default is no, hence the default configuration we ship uses an unsupported setting.
"#UsePAM yes" should be displayed instead.
Please provide the package NVR for which bug is seen:
openssh-server-8.7p1-34.el9.x86_64
How reproducible:
Always
