Bug 1615842

Summary: using root user error should cause a non-zero exit code
Product: Red Hat Enterprise Linux 8 Reporter: Aleksandar Kostadinov <akostadi>
Component: cloud-initAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED DUPLICATE QA Contact: Huijuan Zhao <huzhao>
Severity: unspecified Docs Contact:
Priority: low    
Version: 8.3CC: akostadi, eterrell, huzhao, jgreguske, leiwang, linl, ribarry, xiachen, yacao, yuxisun
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1833874 (view as bug list) Environment:
Last Closed: 2020-08-27 14:03:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1833874    

Description Aleksandar Kostadinov 2018-08-14 11:32:29 UTC 
Description of problem:

When connecting to host via SSH and the `root` user, by default an error is shown to user. But exit status of that error is `0` instead of something else. This makes situation not ideal to catch in scripts. Script fails at some later point which is harder to debug especially for users of the script (not the script author).

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 7.5 (Maipo)
cloud-init-0.7.9-24.el7_5.1.x86_64

How reproducible:
always

Steps to reproduce:

> ssh root@my-cloud-machine
> Please login as the user "cloud-user" rather than the user "root".
> echo $?
> 0

Actual results:

> echo $?
> 0

Expected results:

> echo $?
> 1
Comment 6 Aleksandar Kostadinov 2019-01-10 12:23:11 UTC 
I just tested that in 7.6 images (RHEL-7.6-20190103.n.3-Server-x86_64 ) it is still the same.

The issue is that in /root/.ssh/authorizer_keys there is:

> no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"cloud-user\" rather than the user \"root\".';echo;sleep 10" <public key>

At the end there should be something like `exit 1` so that it is clear to a script that something went wrong.
Comment 7 Huijuan Zhao 2020-03-13 07:45:36 UTC 
Tested with cloud-init-18.5-6.el7.x86_64 in rhel-7.8, the issue is still there, same as comment 0 and 6.
Comment 10 Aleksandar Kostadinov 2020-06-30 22:38:50 UTC 
This should be an easy to fix. Just add `exit 1` as last command in authorized_keys.

i.e. change /root/.ssh/authorized_keys to:

> no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"cloud-user\" rather than the user \"root\".';echo;sleep 10; exit 1" ssh-rsa AA..whatever-private-key....

This worked for me on RHEL 7.6.

Can't such a simple and straightforward fix be applied to 7.x?
Comment 11 Aleksandar Kostadinov 2020-06-30 23:09:57 UTC 
Submitted upstream pull request... unless I am mistaken where upstream is.

https://github.com/canonical/cloud-init/pull/469
Comment 12 Eduardo Otubo 2020-07-02 12:13:52 UTC 
(In reply to Aleksandar Kostadinov from comment #11)
> Submitted upstream pull request... unless I am mistaken where upstream is.
> 
> https://github.com/canonical/cloud-init/pull/469

Hi Aleksandar,

I see your PR didn't get through because of CLA. I created a new PR since I've already signed it.
Should be quick, once it lands I'll backport it.

Also added your name for credit as original author:
https://github.com/canonical/cloud-init/pull/472
Comment 14 Eduardo Otubo 2020-07-10 08:16:52 UTC 
Quick update: The PR was approved and will be merged soon.