> If you're going to that much trouble, couldn't you just hack sshd
> slightly for your specific set up to not care about pty ownership?

Well if it's reasonable on the security departement to run on a root
owned pty, then we could just have a sshd option that would allow this.
That way it wouldn't change anything for people that want it the old
way, and this would simplify setup for people that want to mount /Dev as
R/O.
 
> For that matter, for a firewall, how about allowing ssh to the
> machine as root, but only ever do it with public/private key
> authentication from a machine inside the FW?

You may need non root logins on the machine: guest accounts for getting
stats, running pings or traceroute, backuping the config. 

> (I'm playing devil's advocate here. I actually like /dev-on-mfs
> most. Is there some reason /dev *must* be ro?)

Simplier setup. Mounting a MFS /dev whereas everything else except sshd
works fine is a bad hack. We need this only for sshd, and additionnaly,
the setup is not obvious and some users might end up thinking it's just
not possible.

-- 
Emmanuel Dreyfus.
NetBSD, parceque je le vaux bien.
manu@netbsd.org