diff --git a/etc/pam.conf b/etc/pam.conf
index 661759c1f711..70acb4e8cafd 100644
--- a/etc/pam.conf
+++ b/etc/pam.conf
@@ -22,6 +22,12 @@ ftpd	auth	requisite	pam_cleartext_pass_ok.so
 #ftpd	auth	sufficient	pam_kerberosIV.so		try_first_pass
 ftpd	auth	required	pam_unix.so			try_first_pass
 
+# OpenSSH with PAM support requires similar modules.  The session one is
+# a bit strange, though...
+sshd	auth	sufficient	pam_skey.so
+sshd	auth	required	pam_unix.so			try_first_pass
+sshd	session	required	pam_permit.so
+
 # Don't break startx
 xserver	auth	required	pam_permit.so
 
diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile
index 3c3e0b6eb0f7..f13800b314e6 100644
--- a/secure/lib/libssh/Makefile
+++ b/secure/lib/libssh/Makefile
@@ -8,7 +8,8 @@ SRCS=   authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \
 	cipher.c compat.c compress.c crc32.c deattack.c \
 	hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
 	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
-	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c
+	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c \
+	cli.c rijndael.c
 
 NOPIC=	yes
 
@@ -36,5 +37,5 @@ CFLAGS+= -DKRB5
 CFLAGS+= -DSKEY
 DPADD+=	${LIBOPIE}
 LDADD+= -lopie
-SRCS+=	auth-skey.c
+SRCS+=	auth-skey.c auth2-skey.c
 .include <bsd.lib.mk>
diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile
index 74b9ee54cc8a..55b885447716 100644
--- a/secure/usr.sbin/sshd/Makefile
+++ b/secure/usr.sbin/sshd/Makefile
@@ -11,9 +11,10 @@ MAN8=	sshd.8
 
 SRCS=	sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
 	pty.c log-server.c login.c servconf.c serverloop.c \
-	auth.c auth1.c auth2.c auth-options.c session.c login_access.c
+	auth.c auth1.c auth2.c auth-options.c session.c login_access.c dh.c \
+	auth-pam.c
 
-CFLAGS+= -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I${LOGINSRC}
+CFLAGS+= -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I${LOGINSRC} -DUSE_PAM
 
 .include <bsd.own.mk>
 
@@ -47,5 +48,6 @@ DPADD+=	${LIBOPIE} ${LIBMD}
 CFLAGS+= -DXAUTH_PATH=\"${X11BASE}/bin/xauth\"
 .endif
 
-LDADD+=	-L${.OBJDIR}/../../lib/libssh -lssh -lcrypt -lcrypto -lutil -lz -lwrap
-DPADD+=	${LIBCRYPT} ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} ${LIBWRAP}
+LDADD+=	-L${.OBJDIR}/../../lib/libssh -lssh -lcrypt -lcrypto -lutil -lz -lwrap \
+	-lpam
+DPADD+=	${LIBCRYPT} ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} ${LIBWRAP} ${LIBPAM}