diff --git a/net/openssh/patches/0001_allow_non_local_users_ssh.patch b/net/openssh/patches/0001_allow_non_local_users_ssh.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2a43093101b947e000cf6ba3799c415f65a73c68
--- /dev/null
+++ b/net/openssh/patches/0001_allow_non_local_users_ssh.patch
@@ -0,0 +1,44 @@
+diff --git a/auth-pam.c b/auth-pam.c
+index 8323821..b7a750d 100644
+--- a/auth-pam.c
++++ b/auth-pam.c
+@@ -522,6 +522,12 @@ sshpam_thread(void *ctxtp)
+ 	if (sshpam_err != PAM_SUCCESS)
+ 		goto auth_fail;
+ 
++	// set user to root otherwise account/session management
++	// fails in case radius is used to authenticate
++	sshpam_err = pam_set_item(sshpam_handle, PAM_USER, "root");
++	if (sshpam_err != PAM_SUCCESS)
++		goto auth_fail;
++
+ 	if (!do_pam_account()) {
+ 		sshpam_err = PAM_ACCT_EXPIRED;
+ 		goto auth_fail;
+@@ -1090,6 +1096,11 @@ do_pam_setcred(int init)
+ 		    pam_strerror(sshpam_handle, sshpam_err));
+ 	if (init) {
+ 		debug("PAM: establishing credentials");
++		// credential might not be present in case radius is used
++		// so, set user to root
++		sshpam_err = pam_set_item(sshpam_handle, PAM_USER, "root");
++		if (sshpam_err != PAM_SUCCESS)
++			debug("PAM: could not set user to root");
+ 		sshpam_err = pam_setcred(sshpam_handle, PAM_ESTABLISH_CRED);
+ 	} else {
+ 		debug("PAM: reinitializing credentials");
+diff --git a/monitor.c b/monitor.c
+index 4cf79df..8875890 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -723,6 +723,10 @@
+ 
+ 	pwent = getpwnamallow(ssh, authctxt->user);
+ 
++	// to allow fall back to radius if local account is not present
++	if (!pwent)
++		pwent = getpwnamallow(ssh, "root");
++
+ 	setproctitle("%s [priv]", pwent ? authctxt->user : "unknown");
+ 
+ 	sshbuf_reset(m);