Yes, but changing users is a function of the shell (or maybe more specifically /usr/bin/login), not the SSH daemon.

Yea, but then we’ve recreated this CVE which is caused by calling login(1) unsafely. The point was that the person I was replying to misunderstood the problem and largely seemed to be conflating telnetd with OpenSSH.