diff --git a/ChangeLog b/ChangeLog
index 01c24e6b3..892c87e24 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -55,6 +55,10 @@
      [ssh.c]
      Avoid setting optind to 0 as GNU getopt treats that like we do optreset.
      markus@ OK
+   - markus@cvs.openbsd.org 2002/12/10 08:56:00
+     [session.c]
+     Make sure $SHELL points to the shell from the password file, even if shell
+     is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@
 
 20021205
  - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org
@@ -890,4 +894,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2530 2002/12/23 02:24:54 mouring Exp $
+$Id: ChangeLog,v 1.2531 2002/12/23 02:26:08 mouring Exp $
diff --git a/session.c b/session.c
index ac1561756..dfff9c6bf 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.151 2002/12/04 04:36:47 stevesk Exp $");
+RCSID("$OpenBSD: session.c,v 1.152 2002/12/10 08:56:00 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -1324,12 +1324,17 @@ do_child(Session *s, const char *command)
 	 * legal, and means /bin/sh.
 	 */
 	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+
+	/*
+	 * Make sure $SHELL points to the shell from the password file,
+	 * even if shell is overridden from login.conf
+	 */
+	env = do_setup_env(s, shell);
+
 #ifdef HAVE_LOGIN_CAP
 	shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
 #endif
 
-	env = do_setup_env(s, shell);
-
 	/* we have to stash the hostname before we close our socket. */
 	if (options.use_login)
 		hostname = get_remote_name_or_ip(utmp_len,