ssh: add ImplicitAuthMethod to ServerConfig

This allows specifying an ImplicitAuthMethod associated with
NoClientAuthCallback.

Signed-off-by: Maisem Ali <[email protected]>

Author: Maisem Ali

ssh/server.go

@@ -66,6 +66,12 @@ type ServerConfig struct {
 
 	hostKeys []Signer
 
+	// ImplictAuthMethod is sent to the client in the list of acceptable
+	// authentication methods. To make an authentication decision based on
+	// connection metadata use NoClientAuthCallback. If NoClientAuthCallback is
+	// nil, the value is unused.
+	ImplictAuthMethod string
+
 	// NoClientAuth is true if clients are allowed to connect without
 	// authenticating.
 	// To determine NoClientAuth at runtime, set NoClientAuth to true
@@ -664,6 +670,9 @@ userAuthLoop:
 
 		if errors.Is(authErr, ErrDenied) {
 			var failureMsg userAuthFailureMsg
+			if config.ImplictAuthMethod != "" {
+				failureMsg.Methods = []string{config.ImplictAuthMethod}
+			}
 			if err := s.transport.writePacket(Marshal(failureMsg)); err != nil {
 				return nil, err
 			}
@@ -698,6 +707,9 @@ userAuthLoop:
 		}
 
 		var failureMsg userAuthFailureMsg
+		if config.NoClientAuthCallback != nil && config.ImplictAuthMethod != "" {
+			failureMsg.Methods = append(failureMsg.Methods, config.ImplictAuthMethod)
+		}
 		if config.PasswordCallback != nil {
 			failureMsg.Methods = append(failureMsg.Methods, "password")
 		}