--- /dev/null
+diff -ur openssh-3.4p1.orig/auth.c openssh-3.4p1/auth.c
+--- openssh-3.4p1.orig/auth.c Wed May 22 09:06:28 2002
++++ openssh-3.4p1/auth.c Sat Jun 29 21:02:35 2002
+@@ -251,8 +251,9 @@
+ authlog("%s %s for %s%.100s from %.200s port %d%s",
+ authmsg,
+ method,
+- authctxt->valid ? "" : "illegal user ",
+- authctxt->user,
++ !authctxt->valid ? "UNKNOWN USER" :
++ (authctxt->pw->pw_uid == 0 ? "ROOT USER " : ""),
++ authctxt->valid ? authctxt->user : "",
+ get_remote_ipaddr(),
+ get_remote_port(),
+ info);
+diff -ur openssh-3.4p1.orig/auth1.c openssh-3.4p1/auth1.c
+--- openssh-3.4p1.orig/auth1.c Fri Jun 21 10:21:11 2002
++++ openssh-3.4p1/auth1.c Sat Jun 29 21:02:35 2002
+@@ -379,7 +379,7 @@
+ else
+ debug("do_authentication: illegal user %s", user);
+
+- setproctitle("%s%s", authctxt->pw ? user : "unknown",
++ setproctitle("%s%s", authctxt->pw ? user : "UNKNOWN USER",
+ use_privsep ? " [net]" : "");
+
+ #ifdef USE_PAM
+diff -ur openssh-3.4p1.orig/auth2.c openssh-3.4p1/auth2.c
+--- openssh-3.4p1.orig/auth2.c Fri Jun 21 10:21:11 2002
++++ openssh-3.4p1/auth2.c Sat Jun 29 21:03:37 2002
+@@ -160,12 +160,14 @@
+ PRIVSEP(start_pam(authctxt->pw->pw_name));
+ #endif
+ } else {
+- log("input_userauth_request: illegal user %s", user);
++ debug2("input_userauth_request: illegal user %s", user);
++ authctxt->pw = NULL;
++ authctxt->valid = 0;
+ #ifdef USE_PAM
+ PRIVSEP(start_pam("NOUSER"));
+ #endif
+ }
+- setproctitle("%s%s", authctxt->pw ? user : "unknown",
++ setproctitle("%s%s", authctxt->pw ? user : "UNKNOWN USER",
+ use_privsep ? " [net]" : "");
+ authctxt->user = xstrdup(user);
+ authctxt->service = xstrdup(service);