ssh server: requiring both public key auth and keyboard-interactive auth?

[Brian Candler]

When writing an ssh server with golang.org/x/crypto/ssh, is there a way to require both public key *and* keyboard interactive authentication for the same login?

With openssh server you can configure:

AuthenticationMethods publickey,keyboard-interactive:pam

and the client shows:

...

debug1: Authentications that can continue: publickey

debug1: Next authentication method: publickey

debug1: Offering RSA public key: /Users/brian/.ssh/id_rsa

debug1: Server accepts key: pkalg rsa-sha2-512 blen 279

Authenticated with partial success.

debug1: Authentications that can continue: keyboard-interactive

debug1: Next authentication method: keyboard-interactive
...

But I haven't been able to find a way to do this with the go ssh server.  What I find is that if my PublicKeyCallback returns nil error, and the client proceeds to authenticate successfully with the selected key, then KeyboardInteractiveCallback is not called.

I got as far in the code as here, which AFAICS will terminate authentication as soon as any one method is successful, but I just wondered if I've missed something.

Thanks,

Brian.