diff -ur openssh-3.4p1.orig/auth.c openssh-3.4p1/auth.c
--- openssh-3.4p1.orig/auth.c	Wed May 22 09:06:28 2002
+++ openssh-3.4p1/auth.c	Sat Jun 29 21:02:35 2002
@@ -251,8 +251,9 @@
 	authlog("%s %s for %s%.100s from %.200s port %d%s",
 	    authmsg,
 	    method,
-	    authctxt->valid ? "" : "illegal user ",
-	    authctxt->user,
+	    !authctxt->valid ? "UNKNOWN USER" :
+	    (authctxt->pw->pw_uid == 0 ? "ROOT USER " : ""),
+	    authctxt->valid ? authctxt->user : "",
 	    get_remote_ipaddr(),
 	    get_remote_port(),
 	    info);
diff -ur openssh-3.4p1.orig/auth1.c openssh-3.4p1/auth1.c
--- openssh-3.4p1.orig/auth1.c	Fri Jun 21 10:21:11 2002
+++ openssh-3.4p1/auth1.c	Sat Jun 29 21:02:35 2002
@@ -379,7 +379,7 @@
 	else
 		debug("do_authentication: illegal user %s", user);
 
-	setproctitle("%s%s", authctxt->pw ? user : "unknown",
+	setproctitle("%s%s", authctxt->pw ? user : "UNKNOWN USER",
 	    use_privsep ? " [net]" : "");
 
 #ifdef USE_PAM
diff -ur openssh-3.4p1.orig/auth2.c openssh-3.4p1/auth2.c
--- openssh-3.4p1.orig/auth2.c	Fri Jun 21 10:21:11 2002
+++ openssh-3.4p1/auth2.c	Sat Jun 29 21:03:37 2002
@@ -160,12 +160,14 @@
 			PRIVSEP(start_pam(authctxt->pw->pw_name));
 #endif
 		} else {
-			log("input_userauth_request: illegal user %s", user);
+			debug2("input_userauth_request: illegal user %s", user);
+			authctxt->pw = NULL;
+			authctxt->valid = 0;
 #ifdef USE_PAM
 			PRIVSEP(start_pam("NOUSER"));
 #endif
 		}
-		setproctitle("%s%s", authctxt->pw ? user : "unknown",
+		setproctitle("%s%s", authctxt->pw ? user : "UNKNOWN USER",
 		    use_privsep ? " [net]" : "");
 		authctxt->user = xstrdup(user);
 		authctxt->service = xstrdup(service);