←back to thread

How to secure your new VPS: a step-by-step guide

(www.kkyri.com)
66 points todsacerdoti | 2 comments | 22 Oct 24 00:52 UTC | HN request time: 0.464s | source
1. kelnos ◴[22 Oct 24 02:12 UTC] No.41910509[source]
I would have appreciated the rationale behind setting 'UsePAM' to 'no'. I assume it's because, with password auth disabled, it's not necessary, and better to disable something that you don't need that would otherwise add to the attack surface?
replies(1): >>41915935 #
2. LinuxBender ◴[22 Oct 24 16:26 UTC] No.41915935[source]
They are probably just trying to avoid PAM mistakes which are common when people hand edit pam modules.

For completeness sake if someone is using SELinux Enforcing mode then UsePam will likely need to be Yes to avoid breaking sshd mandatory access rules.