|
|
376cca |
From 44b6004ee17cd2ae5930c7d8fd3ecafd7485a4d6 Mon Sep 17 00:00:00 2001
|
|
|
376cca |
From: Eduardo Otubo <otubo@redhat.com>
|
|
|
376cca |
Date: Mon, 17 Aug 2020 11:14:47 +0200
|
|
|
376cca |
Subject: [PATCH 2/2] ssh exit with non-zero status on disabled user (#472)
|
|
|
376cca |
|
|
|
376cca |
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
|
|
376cca |
Message-id: <20200729074459.16096-1-otubo@redhat.com>
|
|
|
376cca |
Patchwork-id: 98071
|
|
|
376cca |
O-Subject: [RHEL-8.3.0 cloud-init PATCH] ssh exit with non-zero status on disabled user (#472)
|
|
|
376cca |
Bugzilla: 1833874
|
|
|
376cca |
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
|
|
|
376cca |
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
376cca |
|
|
|
376cca |
commit e161059a18173e2b61c54dba9eab774401fb5f1f
|
|
|
376cca |
Author: Eduardo Otubo <otubo@redhat.com>
|
|
|
376cca |
Date: Wed Jul 15 20:21:02 2020 +0200
|
|
|
376cca |
|
|
|
376cca |
ssh exit with non-zero status on disabled user (#472)
|
|
|
376cca |
|
|
|
376cca |
It is confusing for scripts, where a disabled user has been specified,
|
|
|
376cca |
that ssh exits with a zero status by default without indication anything
|
|
|
376cca |
failed.
|
|
|
376cca |
|
|
|
376cca |
I think exitting with a non-zero status would make more clear in scripts
|
|
|
376cca |
and automated setups where things failed, thus making noticing the issue
|
|
|
376cca |
and debugging easier.
|
|
|
376cca |
|
|
|
376cca |
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
|
|
376cca |
Signed-off-by: Aleksandar Kostadinov <akostadi@redhat.com>
|
|
|
376cca |
|
|
|
376cca |
LP: #1170059
|
|
|
376cca |
|
|
|
376cca |
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
|
|
376cca |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
376cca |
---
|
|
|
376cca |
cloudinit/ssh_util.py | 4 +++-
|
|
|
376cca |
doc/examples/cloud-config.txt | 2 +-
|
|
|
376cca |
2 files changed, 4 insertions(+), 2 deletions(-)
|
|
|
376cca |
|
|
|
376cca |
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
|
|
|
376cca |
index bcb23a5..8ff61a2 100644
|
|
|
376cca |
--- a/cloudinit/ssh_util.py
|
|
|
376cca |
+++ b/cloudinit/ssh_util.py
|
|
|
376cca |
@@ -40,11 +40,13 @@ VALID_KEY_TYPES = (
|
|
|
376cca |
"ssh-rsa-cert-v01@openssh.com",
|
|
|
376cca |
)
|
|
|
376cca |
|
|
|
376cca |
+_DISABLE_USER_SSH_EXIT = 142
|
|
|
376cca |
|
|
|
376cca |
DISABLE_USER_OPTS = (
|
|
|
376cca |
"no-port-forwarding,no-agent-forwarding,"
|
|
|
376cca |
"no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\""
|
|
|
376cca |
- " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10\"")
|
|
|
376cca |
+ " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;"
|
|
|
376cca |
+ "exit " + str(_DISABLE_USER_SSH_EXIT) + "\"")
|
|
|
376cca |
|
|
|
376cca |
|
|
|
376cca |
class AuthKeyLine(object):
|
|
|
376cca |
diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
|
|
|
376cca |
index 0e82b83..f00db68 100644
|
|
|
376cca |
--- a/doc/examples/cloud-config.txt
|
|
|
376cca |
+++ b/doc/examples/cloud-config.txt
|
|
|
376cca |
@@ -235,7 +235,7 @@ disable_root: false
|
|
|
376cca |
# The string '$USER' will be replaced with the username of the default user.
|
|
|
376cca |
# The string '$DISABLE_USER' will be replaced with the username to disable.
|
|
|
376cca |
#
|
|
|
376cca |
-# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10"
|
|
|
376cca |
+# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10;exit 142"
|
|
|
376cca |
|
|
|
376cca |
# disable ssh access for non-root-users
|
|
|
376cca |
# To disable ssh access for non-root users, ssh_redirect_user: true can be
|
|
|
376cca |
--
|
|
|
376cca |
1.8.3.1
|
|
|
376cca |
|