> I was not speaking about the network transfer between client and server. > I thought this was obvious. I was speaking about the possibility to > locally, on the SSHD system itself, to sniff password entries when > running "su". > Ok, I'll go ahead and risk embarrassment in the name of enlightenment and ask: If the traffic between client and server is encrypted, even with access to the sshd system, how does one "sniff" traffic sent between two local processes (sshd and su) without a keylogger, which wouldn't apply since the keyboard in question is on the client-side? Is there some technique for eavesdropping on inter-process communications that I don't know about, then, or did I just misunderstand you? --Brad
