I'm using the `x/crypto/ssh` package to implement a custom SSH server.
I need to do 2 factor authentication: publickey and keyboard-interactive.
However, it seems that I cannot make `ssh.ServerConfig` require both
callbacks. The SSH handshake completes when any of the callback passes.
What I want is the following authentication process: first ask for a valid
public key, then ask for an OTP token. It seems impossible to do so with
x/crypto/ssh.
Here's a what a properly configured OpenSSH server would do:
```
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/thinxer/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
Authenticated with partial success.
debug1: Authentications that can continue: keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Verification code:
```
What I came up is the following snippet:
```
pubkeyAccepted := false
config := &ssh.ServerConfig{
PublickKeyCalllback: func(...) {
// check and set pubkeyAccepted, but return an error always.
},
KeyboardInteractiveCallback: func(...) {
if pubkeyAccepted {
// proceed with keyboard challenge
}
},
}
```
It works somehow. However, the client won't get a "Authenticated with
partial success." message with the above method.
Is there any better way to implement this?
Thanks!
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
