[wojtek@wojtek.from.pl]
> why ssh client is suid root by default?
> without suid it works good, but when run as suid remote ident question
> gets root.wheel instead of username
> 
[By the way, you might want to set your clock]

The reason that ssh runs as root is so that it can bind to a privileged
port.  This is necessary for RhostsAuthentication and
RhostsRSAAuthentication.

From the ssh man page:

   RhostsAuthentication
         Specifies whether to try rhosts based authentication.  Note that
         this declaration only affects the client side and has no effect
         whatsoever on security.  Disabling rhosts authentication may re-
         duce authentication time on slow connections when rhosts authen-
         tication is not used.  Most servers do not permit RhostsAuthenti-
         cation because it is not secure (see RhostsRSAAuthentication).
         The argument to this keyword must be ``yes'' or ``no''.

     RhostsRSAAuthentication
         Specifies whether to try rhosts based authentication with RSA
         host authentication.  This is the primary authentication method
         for most sites.  The argument must be ``yes'' or ``no''.

...

     UsePrivilegedPort
         Specifies whether to use a privileged port for outgoing connec-
         tions.  The argument must be ``yes'' or ``no''. The default is
         ``yes''. Note that setting this option to ``no'' turns off
         RhostsAuthentication and RhostsRSAAuthentication.


And from the OpenSSH FAQ:

2.Why is the ssh client setuid root? 

       The ssh client need to bind to a low-numbered port for rhosts
       and rhosts-rsa authentication. You can safely remove the
       setuid bit from the ssh executable if you don't want to use
       these authentication methods.

In the future, a little reading and searching (like I just did), should
find you answers like this.

-- 
Ari							there is no spoon
-------------------------------------------------------------------------
http://www.nebcorp.com/~regs/pgp for PGP public key