diff -ur openssh-3.6.1p1.orig/sshd.c openssh-3.6.1p1/sshd.c
--- openssh-3.6.1p1.orig/sshd.c	Mon Mar 10 00:38:10 2003
+++ openssh-3.6.1p1/sshd.c	Mon Apr  7 14:35:30 2003
@@ -533,7 +533,7 @@
 privsep_preauth_child(void)
 {
 	u_int32_t rnd[256];
-	gid_t gidset[1];
+	gid_t gidset[2];
 	struct passwd *pw;
 	int i;
 
@@ -564,12 +564,12 @@
 	debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
 	    (u_int)pw->pw_gid);
 #if 0
-	/* XXX not ready, to heavy after chroot */
+	/* XXX not ready, too heavy after chroot */
 	do_setusercontext(pw);
 #else
-	gidset[0] = pw->pw_gid;
+	gidset[0] = gidset[1] = pw->pw_gid;
 	if (setgid(pw->pw_gid) < 0)
-		fatal("setgid failed for %u", pw->pw_gid );
+		fatal("setgid failed for %u", pw->pw_gid);
 	if (setgroups(1, gidset) < 0)
 		fatal("setgroups: %.100s", strerror(errno));
 	permanently_set_uid(pw);
@@ -1081,8 +1081,15 @@
 	 * to create a file, and we can't control the code in every 
 	 * module which might be used).
 	 */
-	if (setgroups(0, NULL) < 0)
-		debug("setgroups() failed: %.200s", strerror(errno));
+	if (geteuid() == 0 && setgroups(0, NULL) != 0)
+#ifndef USE_PAM
+	/*
+	 * We can ignore the lack of support for having no supplementary
+	 * groups at all if don't use PAM.
+	 */
+		if (errno != EINVAL)
+#endif
+			fatal("setgroups: %.200s", strerror(errno));
 
 	/* Initialize the log (it is reinitialized below in case we forked). */
 	if (debug_flag && !inetd_flag)