This article is from the SSH - Secure Shell FAQ, by Thomas Koenig Thomas.Koenig@ciw.uni-karlsruhe.de with numerous contributions by others.
When a client connects, sshd forks a child that does the protocol
handling, and this child forks a second child for the user shell or
command. The problem is that the setuid() call to the correct user
appears only in the second child, so the first child keeps running as
root.
Among other potential problems this means that connections redirected
with -Lx:host:port will be made from the root uid to host:port, since
the first child does them. This means that when the target host does
an ident query, it gets back only "root" and no indication of the
actual user.
This has been reported as a bug; it is not known wether this will be
fixed in a future release.
 
Continue to: