diff --git a/srcpkgs/openssh/files/sshd.pam b/srcpkgs/openssh/files/sshd.pam
new file mode 100644
index 00000000000..7ecef084d07
--- /dev/null
+++ b/srcpkgs/openssh/files/sshd.pam
@@ -0,0 +1,6 @@
+#%PAM-1.0
+#auth     required  pam_securetty.so     #disable remote root
+auth      include   system-remote-login
+account   include   system-remote-login
+password  include   system-remote-login
+session   include   system-remote-login
diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template
index 46b5c81df31..a9f6f36dc8a 100644
--- a/srcpkgs/openssh/template
+++ b/srcpkgs/openssh/template
@@ -3,7 +3,7 @@ _desc="The OpenSSH implementation of SSH protocol"
 
 pkgname=openssh
 version=6.7p1
-revision=2
+revision=3
 build_style=gnu-configure
 configure_args="--without-tcp-wrappers --datadir=/usr/share/openssh
  --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
@@ -14,7 +14,7 @@ hostmakedepends="automake libtool perl"
 makedepends="zlib-devel libressl-devel pam-devel"
 short_desc="${_desc} - client"
 replaces="openssh-client<6.1p1"
-conf_files="/etc/ssh/moduli /etc/ssh/ssh_config"
+conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/pam.d/sshd"
 maintainer="Juan RP <xtraeme@gmail.com>"
 homepage="http://www.openssh.org"
 license="BSD"
@@ -47,12 +47,7 @@ post_install() {
 		-e 's|^#\(PrintMotd\) yes|\1 no|g' \
 		${DESTDIR}/etc/ssh/sshd_config
 
-	# Disable pam_cracklib
-	sed '/pam_cracklib.*/d' -i ${DESTDIR}/etc/pam.d/sshd
-	# Enable pam_lastlog(8) by default.
-	echo -e "session\trequired\tpam_lastlog.so\tnever\tsilent\n" >> ${DESTDIR}/etc/pam.d/sshd
-	# Enable pam_systemd by default.
-	echo -e "-session\toptional\tpam_systemd.so\n" >> ${DESTDIR}/etc/pam.d/sshd
+	vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd
 }
 
 openssh-server_package() {