ssh/server_multi_auth_test.go - crypto - Git at Google

 // Copyright 2024 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package ssh

 import (
 	"bytes"
 	"errors"
 	"fmt"
 	"strings"
 	"testing"
 )

 func doClientServerAuth(t *testing.T, serverConfig *ServerConfig, clientConfig *ClientConfig) ([]error, error) {
 	c1, c2, err := netPipe()
 	if err != nil {
 		t.Fatalf("netPipe: %v", err)
 	}
 	defer c1.Close()
 	defer c2.Close()

 	var serverAuthErrors []error

 	serverConfig.AddHostKey(testSigners["rsa"])
 	serverConfig.AuthLogCallback = func(conn ConnMetadata, method string, err error) {
 		serverAuthErrors = append(serverAuthErrors, err)
 	}
 	go newServer(c1, serverConfig)
 	c, _, _, err := NewClientConn(c2, "", clientConfig)
 	if err == nil {
 		c.Close()
 	}
 	return serverAuthErrors, err
 }

 func TestMultiStepAuth(t *testing.T) {
 	// This user can login with password, public key or public key + password.
 	username := "testuser"
 	// This user can login with public key + password only.
 	usernameSecondFactor := "testuser_second_factor"
 	errPwdAuthFailed := errors.New("password auth failed")
 	errWrongSequence := errors.New("wrong sequence")

 	serverConfig := &ServerConfig{
 		PasswordCallback: func(conn ConnMetadata, password []byte) (*Permissions, error) {
 			if conn.User() == usernameSecondFactor {
 				return nil, errWrongSequence
 			}
 			if conn.User() == username && string(password) == clientPassword {
 				return nil, nil
 			}
 			return nil, errPwdAuthFailed
 		},
 		PublicKeyCallback: func(conn ConnMetadata, key PublicKey) (*Permissions, error) {
 			if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) {
 				if conn.User() == usernameSecondFactor {
 					return nil, &PartialSuccessError{
 						Next: ServerAuthCallbacks{
 							PasswordCallback: func(conn ConnMetadata, password []byte) (*Permissions, error) {
 								if string(password) == clientPassword {
 									return nil, nil
 								}
 								return nil, errPwdAuthFailed
 							},
 						},
 					}
 				}
 				return nil, nil
 			}
 			return nil, fmt.Errorf("pubkey for %q not acceptable", conn.User())
 		},
 	}

 	clientConfig := &ClientConfig{
 		User: usernameSecondFactor,
 		Auth: []AuthMethod{
 			PublicKeys(testSigners["rsa"]),
 			Password(clientPassword),
 		},
 		HostKeyCallback: InsecureIgnoreHostKey(),
 	}

 	serverAuthErrors, err := doClientServerAuth(t, serverConfig, clientConfig)
 	if err != nil {
 		t.Fatalf("client login error: %s", err)
 	}

 	// The error sequence is:
 	// - no auth passed yet
 	// - partial success
 	// - nil
 	if len(serverAuthErrors) != 3 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if _, ok := serverAuthErrors[1].(*PartialSuccessError); !ok {
 		t.Fatalf("expected partial success error, got: %v", serverAuthErrors[1])
 	}
 	// Now test a wrong sequence.
 	clientConfig.Auth = []AuthMethod{
 		Password(clientPassword),
 		PublicKeys(testSigners["rsa"]),
 	}

 	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err == nil {
 		t.Fatal("client login with wrong sequence must fail")
 	}
 	// The error sequence is:
 	// - no auth passed yet
 	// - wrong sequence
 	// - partial success
 	if len(serverAuthErrors) != 3 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if serverAuthErrors[1] != errWrongSequence {
 		t.Fatal("server not returned wrong sequence")
 	}
 	if _, ok := serverAuthErrors[2].(*PartialSuccessError); !ok {
 		t.Fatalf("expected partial success error, got: %v", serverAuthErrors[2])
 	}
 	// Now test using a correct sequence but a wrong password before the right
 	// one.
 	n := 0
 	passwords := []string{"WRONG", "WRONG", clientPassword}
 	clientConfig.Auth = []AuthMethod{
 		PublicKeys(testSigners["rsa"]),
 		RetryableAuthMethod(PasswordCallback(func() (string, error) {
 			p := passwords[n]
 			n++
 			return p, nil
 		}), 3),
 	}

 	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err != nil {
 		t.Fatalf("client login error: %s", err)
 	}
 	// The error sequence is:
 	// - no auth passed yet
 	// - partial success
 	// - wrong password
 	// - wrong password
 	// - nil
 	if len(serverAuthErrors) != 5 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if _, ok := serverAuthErrors[1].(*PartialSuccessError); !ok {
 		t.Fatal("server not returned partial success")
 	}
 	if serverAuthErrors[2] != errPwdAuthFailed {
 		t.Fatal("server not returned password authentication failed")
 	}
 	if serverAuthErrors[3] != errPwdAuthFailed {
 		t.Fatal("server not returned password authentication failed")
 	}
 	// Only password authentication should fail.
 	clientConfig.Auth = []AuthMethod{
 		Password(clientPassword),
 	}

 	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err == nil {
 		t.Fatal("client login with password only must fail")
 	}
 	// The error sequence is:
 	// - no auth passed yet
 	// - wrong sequence
 	if len(serverAuthErrors) != 2 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if serverAuthErrors[1] != errWrongSequence {
 		t.Fatal("server not returned wrong sequence")
 	}

 	// Only public key authentication should fail.
 	clientConfig.Auth = []AuthMethod{
 		PublicKeys(testSigners["rsa"]),
 	}

 	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err == nil {
 		t.Fatal("client login with public key only must fail")
 	}
 	// The error sequence is:
 	// - no auth passed yet
 	// - partial success
 	if len(serverAuthErrors) != 2 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if _, ok := serverAuthErrors[1].(*PartialSuccessError); !ok {
 		t.Fatal("server not returned partial success")
 	}

 	// Public key and wrong password.
 	clientConfig.Auth = []AuthMethod{
 		PublicKeys(testSigners["rsa"]),
 		Password("WRONG"),
 	}

 	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err == nil {
 		t.Fatal("client login with wrong password after public key must fail")
 	}
 	// The error sequence is:
 	// - no auth passed yet
 	// - partial success
 	// - password auth failed
 	if len(serverAuthErrors) != 3 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if _, ok := serverAuthErrors[1].(*PartialSuccessError); !ok {
 		t.Fatal("server not returned partial success")
 	}
 	if serverAuthErrors[2] != errPwdAuthFailed {
 		t.Fatal("server not returned password authentication failed")
 	}

 	// Public key, public key again and then correct password. Public key
 	// authentication is attempted only once because the partial success error
 	// returns only "password" as the allowed authentication method.
 	clientConfig.Auth = []AuthMethod{
 		PublicKeys(testSigners["rsa"]),
 		PublicKeys(testSigners["rsa"]),
 		Password(clientPassword),
 	}

 	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err != nil {
 		t.Fatalf("client login error: %s", err)
 	}
 	// The error sequence is:
 	// - no auth passed yet
 	// - partial success
 	// - nil
 	if len(serverAuthErrors) != 3 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if _, ok := serverAuthErrors[1].(*PartialSuccessError); !ok {
 		t.Fatal("server not returned partial success")
 	}

 	// The unrestricted username can do anything
 	clientConfig = &ClientConfig{
 		User: username,
 		Auth: []AuthMethod{
 			PublicKeys(testSigners["rsa"]),
 			Password(clientPassword),
 		},
 		HostKeyCallback: InsecureIgnoreHostKey(),
 	}

 	_, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err != nil {
 		t.Fatalf("unrestricted client login error: %s", err)
 	}

 	clientConfig = &ClientConfig{
 		User: username,
 		Auth: []AuthMethod{
 			PublicKeys(testSigners["rsa"]),
 		},
 		HostKeyCallback: InsecureIgnoreHostKey(),
 	}

 	_, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err != nil {
 		t.Fatalf("unrestricted client login error: %s", err)
 	}

 	clientConfig = &ClientConfig{
 		User: username,
 		Auth: []AuthMethod{
 			Password(clientPassword),
 		},
 		HostKeyCallback: InsecureIgnoreHostKey(),
 	}

 	_, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err != nil {
 		t.Fatalf("unrestricted client login error: %s", err)
 	}
 }

 func TestDynamicAuthCallbacks(t *testing.T) {
 	user1 := "user1"
 	user2 := "user2"
 	errInvalidCredentials := errors.New("invalid credentials")

 	serverConfig := &ServerConfig{
 		NoClientAuth: true,
 		NoClientAuthCallback: func(conn ConnMetadata) (*Permissions, error) {
 			switch conn.User() {
 			case user1:
 				return nil, &PartialSuccessError{
 					Next: ServerAuthCallbacks{
 						PasswordCallback: func(conn ConnMetadata, password []byte) (*Permissions, error) {
 							if conn.User() == user1 && string(password) == clientPassword {
 								return nil, nil
 							}
 							return nil, errInvalidCredentials
 						},
 					},
 				}
 			case user2:
 				return nil, &PartialSuccessError{
 					Next: ServerAuthCallbacks{
 						PublicKeyCallback: func(conn ConnMetadata, key PublicKey) (*Permissions, error) {
 							if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) {
 								if conn.User() == user2 {
 									return nil, nil
 								}
 							}
 							return nil, errInvalidCredentials
 						},
 					},
 				}
 			default:
 				return nil, errInvalidCredentials
 			}
 		},
 	}

 	clientConfig := &ClientConfig{
 		User: user1,
 		Auth: []AuthMethod{
 			Password(clientPassword),
 		},
 		HostKeyCallback: InsecureIgnoreHostKey(),
 	}

 	serverAuthErrors, err := doClientServerAuth(t, serverConfig, clientConfig)
 	if err != nil {
 		t.Fatalf("client login error: %s", err)
 	}
 	// The error sequence is:
 	// - partial success
 	// - nil
 	if len(serverAuthErrors) != 2 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if _, ok := serverAuthErrors[0].(*PartialSuccessError); !ok {
 		t.Fatal("server not returned partial success")
 	}

 	clientConfig = &ClientConfig{
 		User: user2,
 		Auth: []AuthMethod{
 			PublicKeys(testSigners["rsa"]),
 		},
 		HostKeyCallback: InsecureIgnoreHostKey(),
 	}

 	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err != nil {
 		t.Fatalf("client login error: %s", err)
 	}
 	// The error sequence is:
 	// - partial success
 	// - nil
 	if len(serverAuthErrors) != 2 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if _, ok := serverAuthErrors[0].(*PartialSuccessError); !ok {
 		t.Fatal("server not returned partial success")
 	}

 	// user1 cannot login with public key
 	clientConfig = &ClientConfig{
 		User: user1,
 		Auth: []AuthMethod{
 			PublicKeys(testSigners["rsa"]),
 		},
 		HostKeyCallback: InsecureIgnoreHostKey(),
 	}

 	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err == nil {
 		t.Fatal("user1 login with public key must fail")
 	}
 	if !strings.Contains(err.Error(), "no supported methods remain") {
 		t.Errorf("got %v, expected 'no supported methods remain'", err)
 	}
 	if len(serverAuthErrors) != 1 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if _, ok := serverAuthErrors[0].(*PartialSuccessError); !ok {
 		t.Fatal("server not returned partial success")
 	}
 	// user2 cannot login with password
 	clientConfig = &ClientConfig{
 		User: user2,
 		Auth: []AuthMethod{
 			Password(clientPassword),
 		},
 		HostKeyCallback: InsecureIgnoreHostKey(),
 	}

 	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
 	if err == nil {
 		t.Fatal("user2 login with password must fail")
 	}
 	if !strings.Contains(err.Error(), "no supported methods remain") {
 		t.Errorf("got %v, expected 'no supported methods remain'", err)
 	}
 	if len(serverAuthErrors) != 1 {
 		t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
 	}
 	if _, ok := serverAuthErrors[0].(*PartialSuccessError); !ok {
 		t.Fatal("server not returned partial success")
 	}
 }
	// Copyright 2024 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package ssh

	import (
	"bytes"
	"errors"
	"fmt"
	"strings"
	"testing"
	)

	func doClientServerAuth(t testing.T, serverConfig ServerConfig, clientConfig *ClientConfig) ([]error, error) {
	c1, c2, err := netPipe()
	if err != nil {
	t.Fatalf("netPipe: %v", err)
	}
	defer c1.Close()
	defer c2.Close()

	var serverAuthErrors []error

	serverConfig.AddHostKey(testSigners["rsa"])
	serverConfig.AuthLogCallback = func(conn ConnMetadata, method string, err error) {
	serverAuthErrors = append(serverAuthErrors, err)
	}
	go newServer(c1, serverConfig)
	c, _, _, err := NewClientConn(c2, "", clientConfig)
	if err == nil {
	c.Close()
	}
	return serverAuthErrors, err
	}

	func TestMultiStepAuth(t *testing.T) {
	// This user can login with password, public key or public key + password.
	username := "testuser"
	// This user can login with public key + password only.
	usernameSecondFactor := "testuser_second_factor"
	errPwdAuthFailed := errors.New("password auth failed")
	errWrongSequence := errors.New("wrong sequence")

	serverConfig := &ServerConfig{
	PasswordCallback: func(conn ConnMetadata, password []byte) (*Permissions, error) {
	if conn.User() == usernameSecondFactor {
	return nil, errWrongSequence
	}
	if conn.User() == username && string(password) == clientPassword {
	return nil, nil
	}
	return nil, errPwdAuthFailed
	},
	PublicKeyCallback: func(conn ConnMetadata, key PublicKey) (*Permissions, error) {
	if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) {
	if conn.User() == usernameSecondFactor {
	return nil, &PartialSuccessError{
	Next: ServerAuthCallbacks{
	PasswordCallback: func(conn ConnMetadata, password []byte) (*Permissions, error) {
	if string(password) == clientPassword {
	return nil, nil
	}
	return nil, errPwdAuthFailed
	},
	},
	}
	}
	return nil, nil
	}
	return nil, fmt.Errorf("pubkey for %q not acceptable", conn.User())
	},
	}

	clientConfig := &ClientConfig{
	User: usernameSecondFactor,
	Auth: []AuthMethod{
	PublicKeys(testSigners["rsa"]),
	Password(clientPassword),
	},
	HostKeyCallback: InsecureIgnoreHostKey(),
	}

	serverAuthErrors, err := doClientServerAuth(t, serverConfig, clientConfig)
	if err != nil {
	t.Fatalf("client login error: %s", err)
	}

	// The error sequence is:
	// - no auth passed yet
	// - partial success
	// - nil
	if len(serverAuthErrors) != 3 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if _, ok := serverAuthErrors[1].(*PartialSuccessError); !ok {
	t.Fatalf("expected partial success error, got: %v", serverAuthErrors[1])
	}
	// Now test a wrong sequence.
	clientConfig.Auth = []AuthMethod{
	Password(clientPassword),
	PublicKeys(testSigners["rsa"]),
	}

	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err == nil {
	t.Fatal("client login with wrong sequence must fail")
	}
	// The error sequence is:
	// - no auth passed yet
	// - wrong sequence
	// - partial success
	if len(serverAuthErrors) != 3 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if serverAuthErrors[1] != errWrongSequence {
	t.Fatal("server not returned wrong sequence")
	}
	if _, ok := serverAuthErrors[2].(*PartialSuccessError); !ok {
	t.Fatalf("expected partial success error, got: %v", serverAuthErrors[2])
	}
	// Now test using a correct sequence but a wrong password before the right
	// one.
	n := 0
	passwords := []string{"WRONG", "WRONG", clientPassword}
	clientConfig.Auth = []AuthMethod{
	PublicKeys(testSigners["rsa"]),
	RetryableAuthMethod(PasswordCallback(func() (string, error) {
	p := passwords[n]
	n++
	return p, nil
	}), 3),
	}

	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err != nil {
	t.Fatalf("client login error: %s", err)
	}
	// The error sequence is:
	// - no auth passed yet
	// - partial success
	// - wrong password
	// - wrong password
	// - nil
	if len(serverAuthErrors) != 5 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if _, ok := serverAuthErrors[1].(*PartialSuccessError); !ok {
	t.Fatal("server not returned partial success")
	}
	if serverAuthErrors[2] != errPwdAuthFailed {
	t.Fatal("server not returned password authentication failed")
	}
	if serverAuthErrors[3] != errPwdAuthFailed {
	t.Fatal("server not returned password authentication failed")
	}
	// Only password authentication should fail.
	clientConfig.Auth = []AuthMethod{
	Password(clientPassword),
	}

	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err == nil {
	t.Fatal("client login with password only must fail")
	}
	// The error sequence is:
	// - no auth passed yet
	// - wrong sequence
	if len(serverAuthErrors) != 2 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if serverAuthErrors[1] != errWrongSequence {
	t.Fatal("server not returned wrong sequence")
	}

	// Only public key authentication should fail.
	clientConfig.Auth = []AuthMethod{
	PublicKeys(testSigners["rsa"]),
	}

	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err == nil {
	t.Fatal("client login with public key only must fail")
	}
	// The error sequence is:
	// - no auth passed yet
	// - partial success
	if len(serverAuthErrors) != 2 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if _, ok := serverAuthErrors[1].(*PartialSuccessError); !ok {
	t.Fatal("server not returned partial success")
	}

	// Public key and wrong password.
	clientConfig.Auth = []AuthMethod{
	PublicKeys(testSigners["rsa"]),
	Password("WRONG"),
	}

	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err == nil {
	t.Fatal("client login with wrong password after public key must fail")
	}
	// The error sequence is:
	// - no auth passed yet
	// - partial success
	// - password auth failed
	if len(serverAuthErrors) != 3 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if _, ok := serverAuthErrors[1].(*PartialSuccessError); !ok {
	t.Fatal("server not returned partial success")
	}
	if serverAuthErrors[2] != errPwdAuthFailed {
	t.Fatal("server not returned password authentication failed")
	}

	// Public key, public key again and then correct password. Public key
	// authentication is attempted only once because the partial success error
	// returns only "password" as the allowed authentication method.
	clientConfig.Auth = []AuthMethod{
	PublicKeys(testSigners["rsa"]),
	PublicKeys(testSigners["rsa"]),
	Password(clientPassword),
	}

	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err != nil {
	t.Fatalf("client login error: %s", err)
	}
	// The error sequence is:
	// - no auth passed yet
	// - partial success
	// - nil
	if len(serverAuthErrors) != 3 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if _, ok := serverAuthErrors[1].(*PartialSuccessError); !ok {
	t.Fatal("server not returned partial success")
	}

	// The unrestricted username can do anything
	clientConfig = &ClientConfig{
	User: username,
	Auth: []AuthMethod{
	PublicKeys(testSigners["rsa"]),
	Password(clientPassword),
	},
	HostKeyCallback: InsecureIgnoreHostKey(),
	}

	_, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err != nil {
	t.Fatalf("unrestricted client login error: %s", err)
	}

	clientConfig = &ClientConfig{
	User: username,
	Auth: []AuthMethod{
	PublicKeys(testSigners["rsa"]),
	},
	HostKeyCallback: InsecureIgnoreHostKey(),
	}

	_, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err != nil {
	t.Fatalf("unrestricted client login error: %s", err)
	}

	clientConfig = &ClientConfig{
	User: username,
	Auth: []AuthMethod{
	Password(clientPassword),
	},
	HostKeyCallback: InsecureIgnoreHostKey(),
	}

	_, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err != nil {
	t.Fatalf("unrestricted client login error: %s", err)
	}
	}

	func TestDynamicAuthCallbacks(t *testing.T) {
	user1 := "user1"
	user2 := "user2"
	errInvalidCredentials := errors.New("invalid credentials")

	serverConfig := &ServerConfig{
	NoClientAuth: true,
	NoClientAuthCallback: func(conn ConnMetadata) (*Permissions, error) {
	switch conn.User() {
	case user1:
	return nil, &PartialSuccessError{
	Next: ServerAuthCallbacks{
	PasswordCallback: func(conn ConnMetadata, password []byte) (*Permissions, error) {
	if conn.User() == user1 && string(password) == clientPassword {
	return nil, nil
	}
	return nil, errInvalidCredentials
	},
	},
	}
	case user2:
	return nil, &PartialSuccessError{
	Next: ServerAuthCallbacks{
	PublicKeyCallback: func(conn ConnMetadata, key PublicKey) (*Permissions, error) {
	if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) {
	if conn.User() == user2 {
	return nil, nil
	}
	}
	return nil, errInvalidCredentials
	},
	},
	}
	default:
	return nil, errInvalidCredentials
	}
	},
	}

	clientConfig := &ClientConfig{
	User: user1,
	Auth: []AuthMethod{
	Password(clientPassword),
	},
	HostKeyCallback: InsecureIgnoreHostKey(),
	}

	serverAuthErrors, err := doClientServerAuth(t, serverConfig, clientConfig)
	if err != nil {
	t.Fatalf("client login error: %s", err)
	}
	// The error sequence is:
	// - partial success
	// - nil
	if len(serverAuthErrors) != 2 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if _, ok := serverAuthErrors[0].(*PartialSuccessError); !ok {
	t.Fatal("server not returned partial success")
	}

	clientConfig = &ClientConfig{
	User: user2,
	Auth: []AuthMethod{
	PublicKeys(testSigners["rsa"]),
	},
	HostKeyCallback: InsecureIgnoreHostKey(),
	}

	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err != nil {
	t.Fatalf("client login error: %s", err)
	}
	// The error sequence is:
	// - partial success
	// - nil
	if len(serverAuthErrors) != 2 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if _, ok := serverAuthErrors[0].(*PartialSuccessError); !ok {
	t.Fatal("server not returned partial success")
	}

	// user1 cannot login with public key
	clientConfig = &ClientConfig{
	User: user1,
	Auth: []AuthMethod{
	PublicKeys(testSigners["rsa"]),
	},
	HostKeyCallback: InsecureIgnoreHostKey(),
	}

	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err == nil {
	t.Fatal("user1 login with public key must fail")
	}
	if !strings.Contains(err.Error(), "no supported methods remain") {
	t.Errorf("got %v, expected 'no supported methods remain'", err)
	}
	if len(serverAuthErrors) != 1 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if _, ok := serverAuthErrors[0].(*PartialSuccessError); !ok {
	t.Fatal("server not returned partial success")
	}
	// user2 cannot login with password
	clientConfig = &ClientConfig{
	User: user2,
	Auth: []AuthMethod{
	Password(clientPassword),
	},
	HostKeyCallback: InsecureIgnoreHostKey(),
	}

	serverAuthErrors, err = doClientServerAuth(t, serverConfig, clientConfig)
	if err == nil {
	t.Fatal("user2 login with password must fail")
	}
	if !strings.Contains(err.Error(), "no supported methods remain") {
	t.Errorf("got %v, expected 'no supported methods remain'", err)
	}
	if len(serverAuthErrors) != 1 {
	t.Fatalf("unexpected number of server auth errors: %v, errors: %+v", len(serverAuthErrors), serverAuthErrors)
	}
	if _, ok := serverAuthErrors[0].(*PartialSuccessError); !ok {
	t.Fatal("server not returned partial success")
	}
	}