diff --git a/ssh/server.go b/ssh/server.go
index e73a1c1..1be9c70 100644
--- a/ssh/server.go
+++ b/ssh/server.go
@@ -259,6 +259,9 @@ func checkSourceAddress(addr net.Addr, sourceAddr string) error {
        return fmt.Errorf("ssh: remote address %v is not allowed because of source-address restriction", addr)
 }

+// PartialSuccess can be used if further authentication is required.
+var PartialSuccess = errors.New("authenticated with partial success")
+
 func (s *connection) serverAuthenticate(config *ServerConfig) (*Permissions, error) {
        var err error
        var cache pubKeyCache
@@ -422,6 +425,16 @@ userAuthLoop:
                        return nil, errors.New("ssh: no authentication methods configured but NoClientAuth is also false")
                }

+               if authErr == PartialSuccess {
+                       failureMsg.PartialSuccess = true
+                       for i := range failureMsg.Methods {
+                               if failureMsg.Methods[i] == userAuthReq.Method {
+                                       failureMsg.Methods = append(failureMsg.Methods[:i], failureMsg.Methods[i+1:]...)
+                                       break
+                               }
+                       }
+               }
+
                if err = s.transport.writePacket(Marshal(&failureMsg)); err != nil {
                        return nil, err
                }