diff --git a/ChangeLog b/ChangeLog
index 0e2c2ba3a..e99748ece 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,10 @@
    - stevesk@cvs.openbsd.org 2002/09/19 16:03:15
      [serverloop.c]
      log IP address also; ok markus@
+   - stevesk@cvs.openbsd.org 2002/09/20 18:41:29
+     [auth.c]
+     log illegal user here for missing privsep case (ssh2).
+     this is executed in the monitor. ok markus@
 
 20020919
  - (djm) OpenBSD CVS Sync
@@ -689,4 +693,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2474 2002/09/21 15:26:27 djm Exp $
+$Id: ChangeLog,v 1.2475 2002/09/21 15:26:51 djm Exp $
diff --git a/auth.c b/auth.c
index 43163b62e..48720da8f 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.44 2002/08/08 23:54:52 stevesk Exp $");
+RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -484,7 +484,12 @@ getpwnamallow(const char *user)
 	struct passwd *pw;
 
 	pw = getpwnam(user);
-	if (pw == NULL || !allowed_user(pw))
+	if (pw == NULL) {
+		log("Illegal user %.100s from %.100s",
+		    user, get_remote_ipaddr());
+		return (NULL);
+	}
+	if (!allowed_user(pw))
 		return (NULL);
 #ifdef HAVE_LOGIN_CAP
 	if ((lc = login_getclass(pw->pw_class)) == NULL) {