Bug 2127992

Summary: UsePAM man page clarification
Product: Red Hat Enterprise Linux 8 Reporter: Filip Krska <fkrska>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 8.6CC: jjelen
Target Milestone: rcKeywords: ManPageChange, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-03 09:40:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Filip Krska 2022-09-19 14:33:14 UTC 
Description of problem:

`man sshd_config` states

   If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user.  The default is no.

while RHEL/Fedora distro default and only supported is `yes` (as explained in /etc/ssh/sshd_config and logged to /var/log/messages):

Sep  6 08:44:47 server sshd[2787]: WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems.

Version-Release number of selected component (if applicable):

openssh-8.0p1-13.el8

How reproducible:

Always

Steps to Reproduce:
1. man sshd_config
2. less /etc/ssh/sshd_config
3. grep "UsePAM" /var/log/messages

Actual results:

Man page states that The default is no and doesn't warn about only supporting the opposite.

Expected results:

Man page shall also cover the recommendation/necessity to set UsePAM to `yes` so it doesn't confuse users.

Additional info:

Please clone to RHEL 9, Fedora
Comment 2 Dmitry Belyavskiy 2023-08-03 09:40:14 UTC 
I believe we have fixed it in rhbz#1953807

*** This bug has been marked as a duplicate of bug 1953807 ***