IBM Support

Enable ssh on AIX to use PAM

Question & Answer


Question

How to configure ssh to use PAM on AIX. Must be at Openssh version 4.3 or higher.

Answer

Before enabling ssh to use PAM authentication it is recommended that you leave an additional login window open with root access until you verify that ssh with PAM authentication is working properly. If PAM is not configured correctly you will not be able to log into the machine to correct the configuration problem until you boot the machine into maintenance mode and change /etc/security/login.cfg back to its original state.

1) Edit the /etc/pam.conf file

# vi /etc/pam.conf

Add the following sshd lines:

# Authentication
sshd auth required /usr/lib/security/pam_aix

# Account Management
sshd account required /usr/lib/security/pam_aix

# Password Management
sshd password required /usr/lib/security/pam_aix

# Session Management
sshd session required /usr/lib/security/pam_aix

2) Edit /etc/ssh/sshd_config

# vi /etc/ssh/sshd_config
Uncomment the UsePAM line and change UsePAM = no to UsePAM = yes.

3) Edit /etc/security/login.cfg
# vi /etc/security/login.cfg

Change this line from:
auth_type = STD_AUTH

Change to
auth_type = PAM_AUTH

Stop and restart sshd.
# stopsrc -s sshd
# startsrc -s sshd

[{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"APARs - AIX 5.3 environment","Platform":[{"code":"PF002","label":"AIX"}],"Version":"5.3;6.1","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

More support for:
AIX

Software version:
5.3, 6.1

Operating system(s):
AIX

Document number:
670211

Modified date:
17 June 2018

UID

isg3T1011226

Manage My Notification Subscriptions

Page Feedback