>>> At least the newer versions do (2.9 and so on).  Are we saying that that
>>> does not work well enough?  Or is it just the fact that we are not on
>>> 2.9 yet?
>>Not sure.
>	1.5X ships with openssh 2.9, with "do not let wiretappers know that
>	we are suppressing echoback" functionality.

	however, as published recently, there is certain amount of risk
	in typing password on top of ssh session (or any kind of encrypted
	session), as attackers can narrow the dictionary attack window by
	using key input intervals ("a1" takes more time than "aj", and
	experienced typers type in constant interval).

	i agree that it looks more secure (to the particular kind of attack)
	to PermitRootLogin, than to do "su" on normal-user ssh session.

itojun