When writing an ssh server with
golang.org/x/crypto/ssh, is there a way to require both public key *and* keyboard interactive authentication for the same login?
With openssh server you can configure:
AuthenticationMethods publickey,keyboard-interactive:pam
and the client shows:
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/brian/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
Authenticated with partial success.
debug1: Authentications that can continue: keyboard-interactive
debug1: Next authentication method: keyboard-interactive
...
But I haven't been able to find a way to do this with the go ssh server. What I find is that if my PublicKeyCallback returns nil error, and the client proceeds to authenticate successfully with the selected key, then KeyboardInteractiveCallback is not called.
I got as far in the code as
here, which AFAICS will terminate authentication as soon as any one method is successful, but I just wondered if I've missed something.
Thanks,
Brian.