diff --git a/README.md b/README.md
index 0e5cb2e..c1d02e9 100644
--- a/README.md
+++ b/README.md
@@ -45,6 +45,7 @@ Warning: This role disables root-login on the target server! Please make sure yo
 |`ssh_authorized_principals_file` | '' | specifies the file containing principals that are allowed. Only used if ssh_trusted_user_ca_keys_file is set. |
 |`ssh_authorized_principals` | [] | list of hashes containing file paths and authorized principals, see default_custom.yml for all options. Only used if ssh_authorized_principals_file is set. |
 |`ssh_print_motd` | false | false to disable printing of the MOTD|
+|`ssh_print_pam_motd` | false | false to disable printing of the MOTD via pam (Debian and Ubuntu)|
 |`ssh_print_last_log` | false | false to disable display of last login information|
 |`sftp_enabled` | false | true to enable sftp configuration|
 |`sftp_umask` | '0027' | Specifies the umask for sftp|
diff --git a/defaults/main.yml b/defaults/main.yml
index 429a86b..aeb0198 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -133,6 +133,7 @@ ssh_authorized_principals: []       # sshd
 
 # false to disable printing of the MOTD
 ssh_print_motd: false               # sshd
+ssh_print_pam_motd: false           # sshd
 
 # false to disable display of last login information
 ssh_print_last_log: false           # sshd
diff --git a/tasks/hardening.yml b/tasks/hardening.yml
index eb682c1..705840e 100644
--- a/tasks/hardening.yml
+++ b/tasks/hardening.yml
@@ -61,10 +61,11 @@
     control: optional
     module_path: pam_motd.so
     state: absent
+    backup: yes
   when:
     - ssh_server_hardening | bool
     - ssh_pam_support | bool
-    - not (ssh_print_motd | bool)
+    - not (ssh_print_pam_motd | bool)
 
 - name: create ssh_config and set permissions to root/644
   template: