>It's completely absurd that the OpenSSH people recommended blind upgrades
>to a PrivSep version of OpenSSH, rather than just suggesting to people that
>they disable ChallengeResponseAuthentication.  I guess they're not so "Open"
>after all.

	my guess - ChalRespAuth workaround was not mentioned in the first
	"no fix yet" advisory, as disclosing it will disclose how to attack
	the daemon.

itojun