How to configure /etc/pam.d/sshd and nsswitch.conf in order to avoid all remote calls for ssh with local user?

I have created an NSS and a PAM module in order to authenticate and get users and groups from a custom remote server. In order to get them used by the system I am adding a line in /etc/pam.d/sshd: auth sufficient myPAMmodule.so and in /etc/nsswitch.conf: passwd: files sss myNSSmodule shadow: files sss myNSSmodule group: files sss myNSSmodule The question is how to configure these (or anything else) in order to avoid calling my modules in case an ssh is made with a local user. Adding a linux module with sufficient before my module auth sufficient pam_env.so seems necessary. By adding an initgroups line without my module initgroups: files sss makes id command to work only locally for local user ( but gets only primary group for user). But still whenever I perform ssh user@localhost I still see remote calls for local users.