diff --git a/Linux/SSH/secure_ssh.sh b/Linux/SSH/secure_ssh.sh
index c859bd3..ad4a54f 100644
--- a/Linux/SSH/secure_ssh.sh
+++ b/Linux/SSH/secure_ssh.sh
@@ -61,6 +61,18 @@ install_package() {
   log "$pkg installed."
 }
 
+# ─── PAM Check ─────────────────────────────────────────────────────────────
+check_pam_support() {
+  # Check if PAM is installed and supported by SSH
+  if [ -d /etc/pam.d ] && find /usr/lib* /lib* -name 'libpam.so*' -quit 2>/dev/null; then
+    if sshd -T 2>/dev/null | grep -q "usepam"; then
+      echo "yes"
+      return
+    fi
+  fi
+  echo "no"
+}
+
 # ─── Hauptsetup ────────────────────────────────────────────────────────────
 log "Starting Secure-SSH Setup..."
 
@@ -76,8 +88,15 @@ command -v sshd &>/dev/null || install_package openssh-server
   log "Host key generated."
 }
 
-# ─── Benutzer/Gruppen-Abfrage ──────────────────────────────────────────────
-read -rp $'\e[1;34mAllowed SSH group (leave empty if unused): \e[0m' SSH_GROUP
+# ─── PAM Support Check ─────────────────────────────────────────────────────
+PAM_SUPPORT=$(check_pam_support)
+if [ "$PAM_SUPPORT" = "yes" ]; then
+  log "PAM support detected and will be enabled."
+  PAM_OPTIONS="UsePAM yes\nPrintLastLog yes"
+else
+  warn "PAM not available - skipping PAM-related options."
+  PAM_OPTIONS="# PAM not available on this system"
+fi
 
 # ─── Konfigurationsdatei erstellen ─────────────────────────────────────────
 warn "Generating hardened SSH config..."
@@ -93,7 +112,7 @@ PermitEmptyPasswords no
 HostKey $ED25519_KEY
 
 # ─── Access Control ───────────────────────────────────────────────────────
-AllowGroups ${SSH_GROUP}
+AllowGroups $SSH_GROUP
 DenyUsers root admin administrator
 
 # ─── Authentication ───────────────────────────────────────────────────────
@@ -120,16 +139,10 @@ PermitTunnel no
 
 # ─── Logging & Auditing ───────────────────────────────────────────────────
 LogLevel VERBOSE
-PrintLastLog yes
 SyslogFacility AUTH
+$PAM_OPTIONS
 EOF
 
-# ─── PAM Handling (dynamisch) ──────────────────────────────────────────────
-if [ -d /etc/pam.d ] && find / -name 'libpam.so*' -quit 2>/dev/null; then
-  echo -e "UsePAM yes\nPrintMotd no" | sudo tee -a "$SSH_CONFIG_FILE" >/dev/null
-  log "PAM support enabled."
-fi
-
 # ─── Konfiguration testen & neu starten ────────────────────────────────────
 sudo sshd -t || { error "Invalid SSH config. Fix errors before restarting."; exit 1; }
 restart_ssh_service $(basename "$(command -v sshd)") || exit 1