Discussion

Most requests are informational.
Everything in pre-authentication phase is.

Without file descriptor passing, it is still possible to implement pre-authentication phase.

Change of identity request requires shared memory:
Disable compression if we dont have shared memory.

Changes to existing OpenSSH source code small:
About 2% changes. Mostly of the form:

  - authok = auth_password(authctxt, pwd);
  + authok = PRIVSEP(auth_password(authctxt, pwd);