Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
x/crypto/ssh: add support for multi-step authentication #17889
Previous thread here: https://groups.google.com/forum/#!topic/golang-nuts/rxrYhntkQtI.
This makes it impossible to implement multi-step authentication correctly. An example multi-step authentication process is to do
I'd propose to add a
If this change looks good, I will add tests and submit a patch for code review.
referenced this issue
Nov 16, 2016
We are doing publickey + keyboard-interactive currently with a workaround:
We generate a ServerConfig per client with callbacks to methods on the client. Then as KeyboardInteractiveCallback and PublicKeyCallback are called we note what has succeeded so far, with either callback returning success if everything has been satisfied.
Probably would be nicer to explicitly start with publickey, get that taken care of, then explicitly move to keyboard-interactive.
what danp is doing is OK, but nothing sets PartialSuccess in the return message. I think we could have a specialized error type that an auth callback could hand back that causes PartialSuccess to be set. Possibly that should also error should also contain the next desired auth method.