1 # PAM configuration for the Secure Shell service
3 # Read environment variables from /etc/environment and
4 # /etc/security/pam_env.conf.
5 auth required pam_env.so
7 # Skip Google Authenticator if logging in from the local network.
8 # auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-sshd-local.conf
9 # Google Authenticator 2-step verification.
10 # auth requisite pam_google_authenticator.so
12 # Standard Un*x authentication.
13 auth include common-auth
15 # Disallow non-root logins when /etc/nologin exists.
16 account required pam_nologin.so
18 # Uncomment and edit /etc/security/access.conf if you need to set complex
19 # access limits that are hard to express in sshd_config.
20 # account required pam_access.so
22 # Standard Un*x authorization.
23 account include common-account
25 # Standard Un*x session setup and teardown.
26 session include common-session
28 # Print the message of the day upon successful login.
29 session optional pam_motd.so
31 # Print the status of the user's mailbox upon successful login.
32 session optional pam_mail.so standard noenv
34 # Set up user limits from /etc/security/limits.conf.
35 session required pam_limits.so
37 # Set up SELinux capabilities (need modified pam)
38 # session required pam_selinux.so multiple
40 # Standard Un*x password updating.
41 password include common-password