On 2010-05-17, Timo Juhani Lindfors <timo.lindfors@iki.fi> wrote: > Santiago Vila <sanvila@unex.es> writes: >> Ok, what about PAM? > "UsePAM no" is the default in openssh. I do not know if this is just > to reduce the attack surface. While that's true it's not the case for Debian openssh, its postinst adds UsePAM yes to the configuration on upgrades. Kind regards, Philipp Kern