Merge pull request #233 from dev-sec/fix_189

rndmh3ro · web-flow · commit 2b7201a8a39c · 2019-09-12T22:21:23.000+02:00
set UsePAM to yes by default
diff --git a/README.md b/README.md
@@ -31,7 +31,7 @@ Warning: This role disables root-login on the target server! Please make sure yo
 |`ssh_gateway_ports` | `false` | `false` to disable binding forwarded ports to non-loopback addresses. Set to `true` to force binding on wildcard address. Set to `clientspecified` to allow the client to specify which address to bind to.|
 |`ssh_allow_agent_forwarding` | false | false to disable Agent Forwarding. Set to true to allow Agent Forwarding.|
 |`ssh_pam_support` | true | true if SSH has PAM support.|
-|`ssh_use_pam` | false | false to disable pam authentication.|
+|`ssh_use_pam` | true | false to disable pam authentication.|
 |`ssh_gssapi_support` | false | true if SSH has GSSAPI support.|
 |`ssh_kerberos_support` | true | true if SSH has Kerberos support.|
 |`ssh_deny_users` | '' | if specified, login is disallowed for user names that match one of the patterns.|
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -65,7 +65,7 @@ ssh_allow_agent_forwarding: false       # sshd
 ssh_pam_support: true
 
 # false to disable pam authentication.
-ssh_use_pam: false      # sshd
+ssh_use_pam: true # sshd
 
 # false to disable google 2fa authentication
 ssh_google_auth: false # sshd
