This is a hack, I didn't test it. (Apply against OpenBSD 4.2+PATCHES.)
--- /usr/src/usr.bin/ssh/sshconnect2.c Mon Jun 18 16:34:35 2007
+++ /usr/src/usr.bin/ssh/sshconnect2.c Tue Apr 22 21:58:13 2008
@@ -743,6 +743,10 @@
snprintf(prompt, sizeof(prompt), "[EMAIL PROTECTED]'s password: ",
authctxt->server_user, authctxt->host);
password = read_passphrase(prompt, 0);
+ if(password == NULL) {
+ logit("Warning: User %.30s entered an incorrect password %s",
+ authctxt->server_user, password);
+ }
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user);
packet_put_cstring(authctxt->service);