Is It a Best/Recommended Practice to use PAM (Pluggable Authentication Module) in SSH?

Problem scenario
You use Linux and want to configure SSH. Should PAM be enabled in your /etc/sshd/confifig file?

Answer
Maybe. This heavily-voted up answer on StackExchange says to not use PAM.
This external page says that it is turned off by default.
This source says PAM is (or was because it is from 2011) not desirable.

We have found some distributions of Linux have a configuration file for SSH that have "UsePAM yes" by default. According to the Linux Bible (page 618), most Linux distributions use PAM. Some applications use PAM -- not just SSH. PAM can add to the simplification and flexibility of security.

This Stackexchange posting gives mostly favorable encouragement toward using PAM.

For RHEL and Fedora, you probably should use PAM per this website posting.

It is not clear if you necessarily should. Many enterprises do use it, and many modern sources recommend it.

Leave a comment

Your email address will not be published. Required fields are marked *