Hi! According to our OpenSSH maintainer, this issue was fixed in RHEL / Fedora packages few years ago without realizing security consequences of this bug. You may want to check following patch: http://cvs.fedora.redhat.com/viewcvs/rpms/openssh/devel/openssh-3.9p1-skip-used.patch?rev=1.1&view=markup which should address this problem. HTH -- Tomas Hoger