diff --git a/CHANGES b/CHANGES
index 1785b1c364..0580d94186 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,9 @@
 
+2.3-836 | 2015-04-21 13:37:31 -0700
+
+  * Fix SSH direction field being unset. Addresses BIT-1365. (Vlad
+    Grigorescu)
+
 2.3-833 | 2015-04-21 12:38:32 -0700
 
   * A Kerberos protocol analyzer. (Vlad Grigorescu)
diff --git a/NEWS b/NEWS
index 9af67645d0..b64962381a 100644
--- a/NEWS
+++ b/NEWS
@@ -36,7 +36,7 @@ New Functionality
   logged into pe.log.
 
 - Bro now features a completely rewritten, enhanced SSH analyzer, with
-  a set of addedd events being generated. A lot more information about
+  a set of added events being generated. A lot more information about
   SSH sessions is logged. The analyzer is able to determine if logins
   failed or succeeded in most circumstances.
 
diff --git a/VERSION b/VERSION
index dafbbbbdd5..5f080966b7 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.3-833
+2.3-836
diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro
index a64a4a0e21..6f76dcbb77 100644
--- a/scripts/base/protocols/ssh/main.bro
+++ b/scripts/base/protocols/ssh/main.bro
@@ -93,6 +93,10 @@ function set_session(c: connection)
 		info$ts  = network_time();
 		info$uid = c$uid;
 		info$id  = c$id;
+
+		# If both hosts are local or non-local, we can't reliably set a direction.
+		if ( Site::is_local_addr(c$id$orig_h) != Site::is_local_addr(c$id$resp_h) )
+			info$direction = Site::is_local_addr(c$id$orig_h) ? OUTBOUND: INBOUND;
 		c$ssh = info;
 		}
 	}