Issue
What were you trying to do that didn't work?
Checking default /etc/ssh/sshd_config file, I can see the following comment:
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in RHEL and may cause several
# problems.
#UsePAM no
The "#UsePAM no" is misleading, this makes the admin believe the default is no, hence the default configuration we ship uses an unsupported setting.
"#UsePAM yes" should be displayed instead.
Please provide the package NVR for which bug is seen:
openssh-server-8.7p1-34.el9.x86_64
How reproducible:
Always
Steps to reproduce
Install a RHEL9.3 system with default profile
Expected results
#UsePAM yes
Actual results
#UsePAM no
