diff --git a/ChangeLog b/ChangeLog
index 43b0c5f4a..7edbfbcbd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -85,6 +85,10 @@
    - djm@cvs.openbsd.org 2014/04/01 05:32:57
      [packet.c]
      demote a debug3 to PACKET_DEBUG; ok markus@
+   - djm@cvs.openbsd.org 2014/04/12 04:55:53
+     [sshd.c]
+     avoid crash at exit: check that pmonitor!=NULL before dereferencing;
+     bz#2225, patch from kavi AT juniper.net
 
 20140401
  - (djm) On platforms that support it, use prctl() to prevent sftp-server
diff --git a/sshd.c b/sshd.c
index 0ade55771..f0fc07896 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.421 2014/03/26 19:58:37 tedu Exp $ */
+/* $OpenBSD: sshd.c,v 1.423 2014/04/12 04:55:53 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2484,7 +2484,8 @@ cleanup_exit(int i)
 {
 	if (the_authctxt) {
 		do_cleanup(the_authctxt);
-		if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) {
+		if (use_privsep && privsep_is_preauth &&
+		    pmonitor != NULL && pmonitor->m_pid > 1) {
 			debug("Killing privsep child %d", pmonitor->m_pid);
 			if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
 			    errno != ESRCH)