I was not speaking about the network transfer between client and
server.
I thought this was obvious. I was speaking about the possibility to
locally, on the SSHD system itself, to sniff password entries when
running "su".
Ok, I'll go ahead and risk embarrassment in the name of enlightenment
and ask: If the traffic between client and server is encrypted, even
with access to the sshd system, how does one "sniff" traffic sent
between two local processes (sshd and su) without a keylogger, which
wouldn't apply since the keyboard in question is on the client-side?
Is there some technique for eavesdropping on inter-process
communications that I don't know about, then, or did I just
misunderstand you?
--Brad