From ab2d185eae33e395e20951bda64239024a10ea3c Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Thu, 2 Jul 2020 14:10:04 +0200
Subject: [PATCH 1/3] ssh exit with non-zero status on disabled user

It is confusing for scripts, where a disabled user has been specified,
that ssh exits with a zero status by default without indication anything
failed.

I think exitting with a non-zero status would make more clear in scripts
and automated setups where things failed, thus making noticing the issue
and debugging easier.

Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Aleksandar Kostadinov <akostadi@redhat.com>
---
 cloudinit/ssh_util.py         | 2 +-
 doc/examples/cloud-config.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index 918c4aec695..1d2616b190e 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -44,7 +44,7 @@
 DISABLE_USER_OPTS = (
     "no-port-forwarding,no-agent-forwarding,"
     "no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\""
-    " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10\"")
+    " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;exit 1\"")
 
 
 class AuthKeyLine(object):
diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
index 20a0ce0d280..a094451f298 100644
--- a/doc/examples/cloud-config.txt
+++ b/doc/examples/cloud-config.txt
@@ -236,7 +236,7 @@ disable_root: false
 # The string '$USER' will be replaced with the username of the default user.
 # The string '$DISABLE_USER' will be replaced with the username to disable.
 #
-# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10"
+# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10;exit 1"
 
 # disable ssh access for non-root-users
 # To disable ssh access for non-root users, ssh_redirect_user: true can be

From 15d3b33a2afea25cfefac9a0b21ccb4fa315120e Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Tue, 7 Jul 2020 12:35:01 +0200
Subject: [PATCH 2/3] Using a different return value to make life easier when
 grepping

---
 cloudinit/ssh_util.py         | 2 +-
 doc/examples/cloud-config.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index 1d2616b190e..562da4448f2 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -44,7 +44,7 @@
 DISABLE_USER_OPTS = (
     "no-port-forwarding,no-agent-forwarding,"
     "no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\""
-    " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;exit 1\"")
+    " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;exit 142\"")
 
 
 class AuthKeyLine(object):
diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
index a094451f298..f3ae5e68939 100644
--- a/doc/examples/cloud-config.txt
+++ b/doc/examples/cloud-config.txt
@@ -236,7 +236,7 @@ disable_root: false
 # The string '$USER' will be replaced with the username of the default user.
 # The string '$DISABLE_USER' will be replaced with the username to disable.
 #
-# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10;exit 1"
+# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10;exit 142"
 
 # disable ssh access for non-root-users
 # To disable ssh access for non-root users, ssh_redirect_user: true can be

From 10482192f157b249b0117f3df7a8108d67cc17d7 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Wed, 8 Jul 2020 14:18:36 +0200
Subject: [PATCH 3/3] isolating the value in a separate variable for even
 better grepping

---
 cloudinit/ssh_util.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index 562da4448f2..e7b2abc01bc 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -40,11 +40,13 @@
     "ssh-rsa-cert-v01@openssh.com",
 )
 
+_DISABLE_USER_SSH_EXIT = 142
 
 DISABLE_USER_OPTS = (
     "no-port-forwarding,no-agent-forwarding,"
     "no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\""
-    " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;exit 142\"")
+    " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;"
+    "exit " + str(_DISABLE_USER_SSH_EXIT) + "\"")
 
 
 class AuthKeyLine(object):