sjmurdoch/gist:1572229

## gistfile1.diff
Index: crypto/openssh/auth-pam.c
===================================================================
--- crypto/openssh/auth-pam.c   (revision 229638)
+++ crypto/openssh/auth-pam.c   (working copy)
@@ -809,6 +809,15 @@
        return (-1);
 }

+static void
+sshpam_log_invalid_user(const char *user, const char* pw, int kbdint)
+{
+       logit("PAM: %s/pam log-in attempt to invalid user %.100s: '%.100s'",
+               kbdint?"keyboard-interactive":"password",
+               user?user:"<unknown user>",
+               pw?pw:"<unknown password>");
+}
+
 /* XXX - see also comment in auth-chall.c:verify_response */
 static int
 sshpam_respond(void *ctx, u_int num, char **resp)
@@ -835,8 +844,10 @@
            (sshpam_authctxt->pw->pw_uid != 0 ||
            options.permit_root_login == PERMIT_YES))
                buffer_put_cstring(&buffer, *resp);
-       else
+       else {
+               sshpam_log_invalid_user(sshpam_authctxt->user, *resp, 1);
                buffer_put_cstring(&buffer, badpw);
+       }
        if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
                buffer_free(&buffer);
                return (-1);
@@ -1196,8 +1207,10 @@
         * information via timing (eg if the PAM config has a delay on fail).
         */
        if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
-           options.permit_root_login != PERMIT_YES))
+           options.permit_root_login != PERMIT_YES)) {
+               sshpam_log_invalid_user(authctxt->user, sshpam_password, 0);
                sshpam_password = badpw;
+       }

        sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
            (const void *)&passwd_conv);
	Index: crypto/openssh/auth-pam.c
	===================================================================
	--- crypto/openssh/auth-pam.c (revision 229638)
	+++ crypto/openssh/auth-pam.c (working copy)
	@@ -809,6 +809,15 @@
	return (-1);
	}

	+static void
	+sshpam_log_invalid_user(const char user, const char pw, int kbdint)
	+{
	+ logit("PAM: %s/pam log-in attempt to invalid user %.100s: '%.100s'",
	+ kbdint?"keyboard-interactive":"password",
	+ user?user:"<unknown user>",
	+ pw?pw:"<unknown password>");
	+}
	+
	/* XXX - see also comment in auth-chall.c:verify_response */
	static int
	sshpam_respond(void ctx, u_int num, char *resp)
	@@ -835,8 +844,10 @@
	(sshpam_authctxt->pw->pw_uid != 0 \|\|
	options.permit_root_login == PERMIT_YES))
	buffer_put_cstring(&buffer, *resp);
	- else
	+ else {
	+ sshpam_log_invalid_user(sshpam_authctxt->user, *resp, 1);
	buffer_put_cstring(&buffer, badpw);
	+ }
	if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
	buffer_free(&buffer);
	return (-1);
	@@ -1196,8 +1207,10 @@
	* information via timing (eg if the PAM config has a delay on fail).
	*/
	if (!authctxt->valid \|\| (authctxt->pw->pw_uid == 0 &&
	- options.permit_root_login != PERMIT_YES))
	+ options.permit_root_login != PERMIT_YES)) {
	+ sshpam_log_invalid_user(authctxt->user, sshpam_password, 0);
	sshpam_password = badpw;
	+ }

	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	(const void *)&passwd_conv);