Purpose Behind Disabling PAM in SSH

ssh security pam

I think that people who recommend disabling UsePAM may not understand completely the services provided by the PAM stack. In addition to authentication, PAM also provides session setup services that you may not want to bypass.

Examples include setting resource limits (via pam_limit), environment variables, and mounting directories.

If it makes you more comfortable you can modify the PAM configuration for sshd such that it does not support password authentication of any sort. Assuming that you have an existing /etc/pam.d/sshd, just remove the existing auth lines and replace them with:

auth required pam_deny.so

Related

psql: fe_sendauth: no password supplied
What dir should I deploy Rails apps into?
isolate application and check what packets it is sending over the internet
How to list all VPC dependencies in AWS CLI?
Difference between scp and sftp
How can I create and use Linux cgroups as a non-root user?
Pushing Large Files to 500+ Computers
Whats a good way to encrypt a mysql database, and is it worth it?
Monitor an incoming SSH session in real time
How to send email with my CentOS server?
Preferred format of file names which include a timestamp
How to use a custom .bashrc file on SSH login