ssh exit with non-zero status on disabled user #472
Conversation
It is confusing for scripts, where a disabled user has been specified, that ssh exits with a zero status by default without indication anything failed. I think exitting with a non-zero status would make more clear in scripts and automated setups where things failed, thus making noticing the issue and debugging easier. Signed-off-by: Eduardo Otubo <otubo@redhat.com> Signed-off-by: Aleksandar Kostadinov <akostadi@redhat.com>
|
Same as #469, just speeding things up since I already signed CLA. Agreed with original author. |
|
This LGTM, but I may be missing an angle on it. @smoser, you introduced this behaviour (9 years ago, admittedly), do you have an opinion on it? |
There was a problem hiding this comment.
You should mark this as fixes https://bugs.launchpad.net/cloud-init/+bug/1170059 .
My other comment can be seen in https://bugs.launchpad.net/cloud-init/+bug/1170059/comments/1 .
Thats an interesting suggestion.
I don't think there'd be any significant fallout of changing that in trunk.fwiw, it is configurable, by setting 'disable_root_opts'
default value is:
DISABLE_ROOT_OPTS = ("no-port-forwarding,no-agent-forwarding,"
"no-X11-forwarding,command="echo 'Please login as the user \"$USER\" "
"rather than the user \"root\".';echo;sleep 10"")
cloudinit/ssh_util.py
Outdated
| @@ -44,7 +44,7 @@ | |||
| DISABLE_USER_OPTS = ( | |||
| "no-port-forwarding,no-agent-forwarding," | |||
| "no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\"" | |||
| " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10\"") | |||
| " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;exit 142\"") | |||
There was a problem hiding this comment.
Sorry to keep back and forth. I'm fine with the solution, but can we do something like this:
_DISABLE_USER_SSH_EXIT = 142
# caller replaces $USER and $DISABLE_USER
DISABLE_USER_OPTS = (
"no-port-forwarding,no-agent-forwarding,"
"no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\""
" rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;"
"exit " + str(_DISABLE_USER_SSH_EXIT) + "\"")
There was a problem hiding this comment.
I don't see why not. I'll send a final commit.
It is confusing for scripts, where a disabled user has been specified,
that ssh exits with a zero status by default without indication anything
failed.
I think exitting with a non-zero status would make more clear in scripts
and automated setups where things failed, thus making noticing the issue
and debugging easier.
LP: #1170059
Signed-off-by: Eduardo Otubo otubo@redhat.com
Signed-off-by: Aleksandar Kostadinov akostadi@redhat.com