Thanks for looking at this. I have tested the proposed fix with dropbear 0.51-1 and realised there are some further log events not mentioned before.
The previous report for successful login used ssh key, however using password login results in the following log message: Dec 17 12:51:31 host dropbear[3278]: password auth succeeded for 'user' from ::ffff:82.125.214.201:56807 A failed password login results in the following log messages, which I think should be made to generate a "Security Events" email: Dec 17 12:51:18 host dropbear[3237]: bad password attempt for 'user' from ::ffff:82.125.214.201:56806 Dec 17 12:51:22 host dropbear[3237]: exit before auth (user 'user', 3 fails): Exited normally -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org