pfSense

The authentication system attempts to be informative and print extra information along with IP addresses to completely identify where a user logs in from. This includes the authentication source (e.g. local database, LDAP or RADIUS, auth server name), contents of proxy headers such as X-Forwarded-For or Client-IP to further clarify exactly where a user is located.

This extra information is printed after the IP address of the remote user in various places, including log messages for authentication.

The extra information confuses the sshguard parser and it fails to recognize the client IP address in authentication error messages, so the protection may not be enforced depending on the content of the request headers.

While this extra information can be helpful, it isn't relevant for authentication failures since (a) the auth source is unknown/undefined as it failed every attempt and (b) since the login failed the rest of the headers shouldn't be trusted anyhow. Thus, we can safely remove it from the error messages.