diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c
--- a/crypto/openssh/auth-pam.c
+++ b/crypto/openssh/auth-pam.c
@@ -937,8 +937,8 @@
 				sshbuf_free(buffer);
 				return (0);
 			}
-			BLACKLIST_NOTIFY(NULL, BLACKLIST_BAD_USER,
-			    sshpam_authctxt->user);
+			BLACKLIST_NOTIFY(NULL, BLACKLIST_AUTH_FAIL,
+			    "PAM illegal user");
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			    sshpam_authctxt->valid ? "" : "illegal user ",
 			    sshpam_authctxt->user, sshpam_rhost);
diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c
--- a/crypto/openssh/auth.c
+++ b/crypto/openssh/auth.c
@@ -289,7 +289,8 @@
 	else {
 		authmsg = authenticated ? "Accepted" : "Failed";
 		if (authenticated)
-			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK, "ssh");
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK,
+			    "Authenticated");
 	}
 
 	if ((extra = format_method_key(authctxt)) == NULL) {
@@ -338,6 +339,7 @@
 {
 	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 
+	BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Maximum attempts exceeded");
 	error("maximum authentication attempts exceeded for "
 	    "%s%.100s from %.200s port %d ssh2",
 	    authctxt->valid ? "" : "invalid user ",
@@ -498,7 +500,7 @@
 	aix_restoreauthdb();
 #endif
 	if (pw == NULL) {
-		BLACKLIST_NOTIFY(ssh, BLACKLIST_BAD_USER, user);
+		BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Invalid user");
 		logit("Invalid user %.100s from %.100s port %d",
 		    user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 #ifdef CUSTOM_FAILED_LOGIN
diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c
--- a/crypto/openssh/auth2.c
+++ b/crypto/openssh/auth2.c
@@ -52,7 +52,6 @@
 #include "dispatch.h"
 #include "pathnames.h"
 #include "ssherr.h"
-#include "blacklist_client.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
@@ -443,10 +442,8 @@
 	} else {
 		/* Allow initial try of "none" auth without failure penalty */
 		if (!partial && !authctxt->server_caused_failure &&
-		    (authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
+		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 			authctxt->failures++;
-			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
-		}
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
 			mm_audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES);
diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c
--- a/crypto/openssh/monitor.c
+++ b/crypto/openssh/monitor.c
@@ -85,6 +85,8 @@
 #include "misc.h"
 #include "servconf.h"
 #include "monitor.h"
+#include "blacklist_client.h"
+
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
@@ -353,16 +355,24 @@
 			}
 		}
 		if (authctxt->failures > options.max_authtries) {
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL,
+			    "Too many authentication attempts");
 			/* Shouldn't happen */
 			fatal_f("privsep child made too many authentication "
 			    "attempts");
 		}
 	}
 
-	if (!authctxt->valid)
+	if (!authctxt->valid) {
+		BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL,
+		    "Authenticated invalid user");
 		fatal_f("authenticated invalid user");
-	if (strcmp(auth_method, "unknown") == 0)
+	}
+	if (strcmp(auth_method, "unknown") == 0) {
+		BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL,
+		    "Authentication method name unknown");
 		fatal_f("authentication method name unknown");
+	}
 
 	debug_f("user %s authenticated by privileged process", authctxt->user);
 	auth_attempted = 0;
diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c
--- a/crypto/openssh/packet.c
+++ b/crypto/openssh/packet.c
@@ -96,7 +96,6 @@
 #include "packet.h"
 #include "ssherr.h"
 #include "sshbuf.h"
-#include "blacklist_client.h"
 
 #ifdef PACKET_DEBUG
 #define DBG(x) x
@@ -2022,7 +2021,6 @@
 	case SSH_ERR_NO_KEX_ALG_MATCH:
 	case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
 		if (ssh->kex && ssh->kex->failed_choice) {
-			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
 			ssh_packet_clear_keys(ssh);
 			errno = oerrno;
 			logdie("Unable to negotiate with %s: %s. "
diff --git a/crypto/openssh/sshd-session.c b/crypto/openssh/sshd-session.c
--- a/crypto/openssh/sshd-session.c
+++ b/crypto/openssh/sshd-session.c
@@ -217,6 +217,8 @@
 static void
 grace_alarm_handler(int sig)
 {
+	BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL,
+	    "Grace period expired");
 	/*
 	 * Try to kill any processes that we have spawned, E.g. authorized
 	 * keys command helpers or privsep children.
@@ -1201,6 +1203,8 @@
 	ssh_signal(SIGCHLD, SIG_DFL);
 	ssh_signal(SIGINT, SIG_DFL);
 
+	BLACKLIST_INIT();
+
 	/*
 	 * Register our connection.  This turns encryption off because we do
 	 * not have a key.
@@ -1277,8 +1281,10 @@
 	}
 
 	if ((r = kex_exchange_identification(ssh, -1,
-	    options.version_addendum)) != 0)
+	    options.version_addendum)) != 0) {
+		BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange");
 		sshpkt_fatal(ssh, r, "banner exchange");
+	}
 
 	ssh_packet_set_nonblocking(ssh);
 
@@ -1298,8 +1304,6 @@
 		fatal("sshbuf_new loginmsg failed");
 	auth_debug_reset();
 
-	BLACKLIST_INIT();
-
 	if (privsep_preauth(ssh) != 1)
 		fatal("privsep_preauth failed");
 
@@ -1425,7 +1429,10 @@
 		audit_event(the_active_state, SSH_CONNECTION_ABANDON);
 #endif
 	/* Override default fatal exit value when auth was attempted */
-	if (i == 255 && auth_attempted)
+	if (i == 255 && auth_attempted) {
+		BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL,
+		    "Fatal exit");
 		_exit(EXIT_AUTH_ATTEMPTED);
+	}
 	_exit(i);
 }