diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index 0ae71247..4648a723 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -542,16 +542,22 @@ static int wsUserAuth(uint8_t authType,
     map = list->head;
 
     while (map != NULL) {
-        if (authData->type == map->type &&
-            authData->usernameSz == map->usernameSz &&
+        if (authData->usernameSz == map->usernameSz &&
             memcmp(authData->username, map->username, map->usernameSz) == 0) {
-            if (memcmp(map->p, authHash, SHA256_DIGEST_SIZE) != 0) {
-                return (authType == WOLFSSH_USERAUTH_PASSWORD ?
+
+            if (authData->type == map->type) {
+                if (memcmp(map->p, authHash, SHA256_DIGEST_SIZE) == 0) {
+                    return WOLFSSH_USERAUTH_SUCCESS;
+                }
+                else {
+                    return (authType == WOLFSSH_USERAUTH_PASSWORD ?
                             WOLFSSH_USERAUTH_INVALID_PASSWORD :
                             WOLFSSH_USERAUTH_INVALID_PUBLICKEY);
+                }
+            }
+            else {
+                return WOLFSSH_USERAUTH_INVALID_AUTHTYPE;
             }
-
-            return WOLFSSH_USERAUTH_SUCCESS;
         }
         map = map->next;
     }
diff --git a/src/internal.c b/src/internal.c
index d3ea9dbe..fe774029 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1491,6 +1491,7 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
 
     WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPublicKey()");
 
+    DumpOctetString(buf + begin, len - begin);
     authData->type = WOLFSSH_USERAUTH_PUBLICKEY;
     GetBoolean(&pk->hasSignature, buf, len, &begin);
     GetUint32(&pk->publicKeyTypeSz, buf, len, &begin);
@@ -1510,6 +1511,8 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
         pk->signatureSz = 0;
     }
 
+    *idx = begin;
+
     if (ssh->ctx->userAuthCb != NULL) {
         WLOG(WS_LOG_DEBUG, "DUARPK: Calling the userauth callback");
         ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
@@ -1518,10 +1521,12 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
         if (ret != WOLFSSH_USERAUTH_SUCCESS) {
             switch (ret) {
                 case WOLFSSH_USERAUTH_INVALID_USER:
-                    SendDisconnect(ssh, WOLFSSH_DISCONNECT_ILLEGAL_USER_NAME);
-                    break;
+                    return SendDisconnect(ssh,
+                                          WOLFSSH_DISCONNECT_ILLEGAL_USER_NAME);
                 default:
-                    SendUserAuthFailure(ssh, 0);
+                    return SendUserAuthFailure(ssh, 0);
+                    /* XXX Need to tell User Auth layer to disallow
+                     * public key user auth */
             }
         }
     }
@@ -1594,8 +1599,6 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
         }
     }
 
-    *idx = begin;
-
     return ret;
 }
 
diff --git a/wolfssh/internal.h b/wolfssh/internal.h
index bc5db9fe..7fe0c10a 100644
--- a/wolfssh/internal.h
+++ b/wolfssh/internal.h
@@ -348,7 +348,8 @@ enum WS_MessageIds {
     MSGID_USERAUTH_FAILURE = 51,
     MSGID_USERAUTH_SUCCESS = 52,
     MSGID_USERAUTH_BANNER  = 53,
-    MSGID_USERAUTH_PK_OK   = 60,
+    MSGID_USERAUTH_PK_OK   = 60, /* Public Key OK */
+    MSGID_USERAUTH_PW_CHRQ = 60, /* Password Change Request */
 
     MSGID_CHANNEL_OPEN      = 90,
     MSGID_CHANNEL_OPEN_CONF = 91,
diff --git a/wolfssh/ssh.h b/wolfssh/ssh.h
index 27ddcbd2..cef697cc 100644
--- a/wolfssh/ssh.h
+++ b/wolfssh/ssh.h
@@ -151,6 +151,7 @@ enum WS_UserAuthTypes {
 enum WS_UserAuthResults {
     WOLFSSH_USERAUTH_SUCCESS,
     WOLFSSH_USERAUTH_FAILURE,
+    WOLFSSH_USERAUTH_INVALID_AUTHTYPE,
     WOLFSSH_USERAUTH_INVALID_USER,
     WOLFSSH_USERAUTH_INVALID_PASSWORD,
     WOLFSSH_USERAUTH_INVALID_PUBLICKEY