From the sshd_config file on a CentOS 7 box:
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
As such, it's probably a good idea to default UsePAM to true on RedHat 7.
This warning isn't in the CentOS 6 sshd_config file, but there is an article in the Red Hat 6 knowledgebase about not being able to SSH into a system if UsePAM is off and SELinux is on. I don't have an account and can't see the solution, though, so there might be a way to deal with that.
See also dev-sec/chef-ssh-hardening#96 and dev-sec/ansible-ssh-hardening#23.
From the
sshd_configfile on a CentOS 7 box:As such, it's probably a good idea to default
UsePAMtotrueon RedHat 7.This warning isn't in the CentOS 6
sshd_configfile, but there is an article in the Red Hat 6 knowledgebase about not being able to SSH into a system if UsePAM is off and SELinux is on. I don't have an account and can't see the solution, though, so there might be a way to deal with that.See also dev-sec/chef-ssh-hardening#96 and dev-sec/ansible-ssh-hardening#23.