@@ -468,3 +468,72 @@ func TestClientAuthAlgorithms(t *testing.T) {
468468 })
469469 }
470470}
471+
472+ func TestClientAuthDisconnect (t * testing.T ) {
473+ // Use a static key that is not accepted by server.
474+ // This key has been generated with following ssh-keygen command and
475+ // used exclusively in this unit test:
476+ // $ ssh-keygen -t RSA -b 2048 -f /tmp/static_key \
477+ // -C "Static RSA key for golang.org/x/crypto/ssh unit test"
478+
479+ const privKeyData = `-----BEGIN OPENSSH PRIVATE KEY-----
480+ b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
481+ NhAAAAAwEAAQAAAQEAwV1Zg3MqX27nIQQNWd8V09P4q4F1fx7H2xNJdL3Yg3y91GFLJ92+
482+ 0IiGV8n1VMGL/71PPhzyqBpUYSTpWjiU2JZSfA+iTg1GJBcOaEOA6vrXsTtXTHZ//mOT4d
483+ mlvuP4+9NqfCBLGXN7ZJpT+amkD8AVW9YW9QN3ipY61ZWxPaAocVpDd8rVgJTk54KvaPa7
484+ t4ddOSQDQq61aubIDR1Z3P+XjkB4piWOsbck3HJL+veTALy12C09tAhwUnZUAXS+DjhxOL
485+ xpDVclF/yXYhAvBvsjwyk/OC3+nK9F799hpQZsjxmbP7oN+tGwz06BUcAKi7u7QstENvvk
486+ 85SDZy1q1QAAA/A7ylbJO8pWyQAAAAdzc2gtcnNhAAABAQDBXVmDcypfbuchBA1Z3xXT0/
487+ irgXV/HsfbE0l0vdiDfL3UYUsn3b7QiIZXyfVUwYv/vU8+HPKoGlRhJOlaOJTYllJ8D6JO
488+ DUYkFw5oQ4Dq+texO1dMdn/+Y5Ph2aW+4/j702p8IEsZc3tkmlP5qaQPwBVb1hb1A3eKlj
489+ rVlbE9oChxWkN3ytWAlOTngq9o9ru3h105JANCrrVq5sgNHVnc/5eOQHimJY6xtyTcckv6
490+ 95MAvLXYLT20CHBSdlQBdL4OOHE4vGkNVyUX/JdiEC8G+yPDKT84Lf6cr0Xv32GlBmyPGZ
491+ s/ug360bDPToFRwAqLu7tCy0Q2++TzlINnLWrVAAAAAwEAAQAAAQAIvPDHMiyIxgCksGPF
492+ uyv9F9U4XjVip8/abE9zkAMJWW5++wuT/bRlBOUPRrWIXZEM9ETbtsqswo3Wxah+7CjRIH
493+ qR7SdFlYTP1jPk4yIKXF4OvggBUPySkMpAGJ9hwOMW8Ymcb4gn77JJ4aMoWIcXssje+XiC
494+ 8iO+4UWU3SV2i6K7flK1UDCI5JVCyBr3DVf3QhMOgvwJl9TgD7FzWy1hkjuZq/Pzdv+fA2
495+ OfrUFiSukLNolidNoI9+KWa1yxixE+B2oN4Xan3ZbqGbL6Wc1dB+K9h/bNcu+SKf7fXWRi
496+ /vVG44A61xGDZzen1+eQlqFp7narkKXoaU71+45VXDThAAAAgBPWUdQykEEm0yOS6hPIW+
497+ hS8z1LXWGTEcag9fMwJXKE7cQFO3LEk+dXMbClHdhD/ydswOZYGSNepxwvmo/a5LiO2ulp
498+ W+5tnsNhcK3skdaf71t+boUEXBNZ6u3WNTkU7tDN8h9tebI+xlNceDGSGjOlNoHQVMKZdA
499+ W9TA4ZqXUPAAAAgQDWU0UZVOSCAOODPz4PYsbFKdCfXNP8O4+t9txyc9E3hsLAsVs+CpVX
500+ Gr219MGLrublzAxojipyzuQb6Tp1l9nsu7VkcBrPL8I1tokz0AyTnmNF3A9KszBal7gGNS
501+ a2qYuf6JO4cub1KzonxUJQHZPZq9YhCxOtDwTd+uyHZiPy9QAAAIEA5vayd+nfVJgCKTdf
502+ z5MFsxBSUj/cAYg7JYPS/0bZ5bEkLosL22wl5Tm/ZftJa8apkyBPhguAWt6jEWLoDiK+kn
503+ Fv0SaEq1HUdXgWmISVnWzv2pxdAtq/apmbxTg3iIJyrAwEDo13iImR3k6rNPx1m3i/jX56
504+ HLcvWM4Y6bFzbGEAAAA0U3RhdGljIFJTQSBrZXkgZm9yIGdvbGFuZy5vcmcveC9jcnlwdG
505+ 8vc3NoIHVuaXQgdGVzdAECAwQFBgc=
506+ -----END OPENSSH PRIVATE KEY-----`
507+
508+ signer , err := ssh .ParsePrivateKey ([]byte (privKeyData ))
509+ if err != nil {
510+ t .Fatalf ("failed to create signer from key: %v" , err )
511+ }
512+
513+ // Start server with MaxAuthTries 1 and publickey and password auth
514+ // enabled
515+ server := newServerForConfig (t , "MaxAuthTries" , map [string ]string {})
516+
517+ // Connect to server, expect failure, that PublicKeysCallback is called
518+ // and that PasswordCallback is not called.
519+ publicKeysCallbackCalled := false
520+ config := clientConfig ()
521+ config .Auth = []ssh.AuthMethod {
522+ ssh .PublicKeysCallback (func () ([]ssh.Signer , error ) {
523+ publicKeysCallbackCalled = true
524+ return []ssh.Signer {signer }, nil
525+ }),
526+ ssh .PasswordCallback (func () (string , error ) {
527+ t .Errorf ("unexpected call to PasswordCallback()" )
528+ return "notaverygoodpassword" , nil
529+ }),
530+ }
531+ client , err := server .TryDial (config )
532+ if err == nil {
533+ t .Errorf ("expected TryDial() to fail" )
534+ _ = client .Close ()
535+ }
536+ if ! publicKeysCallbackCalled {
537+ t .Errorf ("expected PublicKeysCallback() to be called" )
538+ }
539+ }
0 commit comments