SSH connection slow. Is UsePAM=no safe?

[grixm]

Every time I tried to log on to ssh on my rock-s0 with armbian, there would be a delay of like 5 seconds. I found a solution that fixes this problem. This thread is partly a PSA about this solution, and a question about whether this solution is a good idea or not.

The trick is to change UsePAM=yes , to UsePAM=no , in the /etc/ssh/sshd_config file.

But I heard some people online say this is a bad idea, but I don't understand PAM enough to know why. I am only going to use ssh in a basic password-authenticated, LAN environment. Do I really need PAM? The only side-effect I noticed is that it no longer shows the MOTD when logging in. 

[laibsch]

I don't think I can condone changing a very, very security-relevant part of your setup without fully understanding its implications.  So, it's good you ask here.  I can't answer it off the top of my hat, but maybe somebody else can chime in.  I don't think I would bother for the sake of 5 seconds.  Are you logging in and out all the time?

 

By the way, PAM is short for pluggable authentication module, so you are disabling an authentication mechanism.

[grixm]

Thanks for the reply @laibsch . I looked for alternative solutions and it seems to be possible to only disable certain parts of PAM instead of the whole thing.

 

Specifically it seems like the armbian dynamic MOTD is the biggest part of the problem. I opened /etc/pam.d/sshd , and commented out these lines to disable the motd:

session    optional     pam_motd.so  motd=/run/motd.dynamic
session    optional     pam_motd.so noupdate

And rebooted.
This drastically improved the speed, from 5 seconds to around 2-3 seconds on first login and 1 second on subsequent logins. Still pretty bad though, what is there that needs to take one whole second or more to do to open a simple shell connection?