diff --git a/CMakeModules/UseCompat.cmake b/CMakeModules/UseCompat.cmake
index 144a6368..f9dc007b 100644
--- a/CMakeModules/UseCompat.cmake
+++ b/CMakeModules/UseCompat.cmake
@@ -62,6 +62,14 @@ macro(USE_COMPAT)
 
     check_symbol_exists(get_current_dir_name "unistd.h" HAVE_GET_CURRENT_DIR_NAME)
 
+    # crypt
+    if(${CMAKE_SYSTEM_NAME} MATCHES "QNX")
+        list(APPEND CMAKE_REQUIRED_LIBRARIES -llogin)
+    elseif(NOT APPLE)
+        list(APPEND CMAKE_REQUIRED_LIBRARIES -lcrypt)
+    endif()
+    check_symbol_exists(crypt_r "crypt.h" HAVE_CRYPT_R)
+
     TEST_BIG_ENDIAN(IS_BIG_ENDIAN)
 
     check_include_file("stdatomic.h" HAVE_STDATOMIC)
diff --git a/compat/compat.c b/compat/compat.c
index d0495b28..88a3b698 100644
--- a/compat/compat.c
+++ b/compat/compat.c
@@ -16,6 +16,7 @@
 
 #include "compat.h"
 
+#include <crypt.h>
 #include <errno.h>
 #include <inttypes.h>
 #include <limits.h>
@@ -372,3 +373,21 @@ get_current_dir_name(void)
 }
 
 #endif
+
+#ifndef HAVE_CRYPT_R
+char *
+crypt_r(const char *phrase, const char *setting, struct crypt_data *data)
+{
+    static pthread_mutex_t crypt_lock = PTHREAD_MUTEX_INITIALIZER;
+    char *hash;
+
+    (void) data;
+
+    pthread_mutex_lock(&crypt_lock);
+    hash = crypt(phrase, setting);
+    pthread_mutex_unlock(&crypt_lock);
+
+    return hash;
+}
+
+#endif
diff --git a/compat/compat.h.in b/compat/compat.h.in
index 2c6495d6..f1161523 100644
--- a/compat/compat.h.in
+++ b/compat/compat.h.in
@@ -18,6 +18,7 @@
 #define _GNU_SOURCE /* pthread_rwlock_t */
 
 #include <alloca.h>
+#include <crypt.h>
 #include <limits.h>
 #include <pthread.h>
 #include <stdarg.h>
@@ -69,6 +70,7 @@
 #cmakedefine HAVE_STRDUPA
 #cmakedefine HAVE_STRCHRNUL
 #cmakedefine HAVE_GET_CURRENT_DIR_NAME
+#cmakedefine HAVE_CRYPT_R
 
 #ifndef bswap64
 #define bswap64(val) \
@@ -204,4 +206,8 @@ char *strchrnul(const char *s, int c);
 char *get_current_dir_name(void);
 #endif
 
+#ifndef HAVE_CRYPT_R
+char *crypt_r(const char *phrase, const char *setting, struct crypt_data *data);
+#endif
+
 #endif /* _COMPAT_H_ */
diff --git a/src/server_config_util_ssh.c b/src/server_config_util_ssh.c
index 00cfe744..f3ca8c03 100644
--- a/src/server_config_util_ssh.c
+++ b/src/server_config_util_ssh.c
@@ -32,10 +32,6 @@
 #include "server_config.h"
 #include "session_p.h"
 
-#if !defined (HAVE_CRYPT_R)
-extern pthread_mutex_t crypt_lock;
-#endif
-
 static int
 _nc_server_config_add_ssh_hostkey(const struct ly_ctx *ctx, const char *tree_path,
         const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
@@ -389,22 +385,11 @@ _nc_server_config_add_ssh_user_password(const struct ly_ctx *ctx, const char *tr
     int ret = 0;
     char *hashed_pw = NULL;
     const char *salt = "$6$idsizuippipk$";
+    struct crypt_data cdata = {0};
 
     NC_CHECK_ARG_RET(NULL, ctx, tree_path, password, config, 1);
 
-#ifdef HAVE_CRYPT_R
-    struct crypt_data cdata;
-#endif
-
-#ifdef HAVE_CRYPT_R
-    cdata.initialized = 0;
-    hashed_pw = crypt_r(password, salt, &data);
-#else
-    pthread_mutex_lock(&crypt_lock);
-    hashed_pw = crypt(password, salt);
-    pthread_mutex_unlock(&crypt_lock);
-#endif
-
+    hashed_pw = crypt_r(password, salt, &cdata);
     if (!hashed_pw) {
         ERR(NULL, "Hashing password failed (%s).", strerror(errno));
         ret = 1;
diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
index fa0dad3b..c4c3085f 100644
--- a/src/session_server_ssh.c
+++ b/src/session_server_ssh.c
@@ -50,10 +50,6 @@
 #include "session.h"
 #include "session_p.h"
 
-#if !defined (HAVE_CRYPT_R)
-pthread_mutex_t crypt_lock = PTHREAD_MUTEX_INITIALIZER;
-#endif
-
 extern struct nc_server_opts server_opts;
 
 static char *
@@ -224,10 +220,7 @@ static int
 auth_password_compare_pwd(const char *stored_pw, const char *received_pw)
 {
     char *received_pw_hash = NULL;
-
-#ifdef HAVE_CRYPT_R
-    struct crypt_data cdata;
-#endif
+    struct crypt_data cdata = {0};
 
     if (!stored_pw[0]) {
         if (!received_pw[0]) {
@@ -245,15 +238,9 @@ auth_password_compare_pwd(const char *stored_pw, const char *received_pw)
         return strcmp(stored_pw + 3, received_pw);
     }
 
-#ifdef HAVE_CRYPT_R
-    cdata.initialized = 0;
     received_pw_hash = crypt_r(received_pw, stored_pw, &cdata);
-#else
-    pthread_mutex_lock(&crypt_lock);
-    received_pw_hash = crypt(received_pw, stored_pw);
-    pthread_mutex_unlock(&crypt_lock);
-#endif
     if (!received_pw_hash) {
+        ERR(NULL, "Hashing the password failed (%s).", strerror(errno));
         return 1;
     }