From 9c2fbc892723241c81fd0198b0e6affac66799bd Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Fri, 11 Aug 2023 21:38:02 +0200
Subject: [PATCH] Check return code on ssh(-keygen) invocations.

---
 plugins/module_utils/openssh/backends/common.py        |  2 +-
 .../module_utils/openssh/backends/keypair_backend.py   | 10 +++++-----
 plugins/modules/openssh_cert.py                        |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/plugins/module_utils/openssh/backends/common.py b/plugins/module_utils/openssh/backends/common.py
index 6e274a6de..267439968 100644
--- a/plugins/module_utils/openssh/backends/common.py
+++ b/plugins/module_utils/openssh/backends/common.py
@@ -127,7 +127,7 @@ def _get_ssh_version(self):
         ssh_bin = self.module.get_bin_path('ssh')
         if not ssh_bin:
             return ""
-        return parse_openssh_version(self.module.run_command([ssh_bin, '-V', '-q'])[2].strip())
+        return parse_openssh_version(self.module.run_command([ssh_bin, '-V', '-q'], check_rc=True)[2].strip())
 
     @_restore_all_on_failure
     def _safe_secure_move(self, sources_and_destinations):
diff --git a/plugins/module_utils/openssh/backends/keypair_backend.py b/plugins/module_utils/openssh/backends/keypair_backend.py
index e3bc3535b..6c6df1cd7 100644
--- a/plugins/module_utils/openssh/backends/keypair_backend.py
+++ b/plugins/module_utils/openssh/backends/keypair_backend.py
@@ -323,23 +323,23 @@ def __init__(self, module):
         self.ssh_keygen = KeygenCommand(self.module)
 
     def _generate_keypair(self, private_key_path):
-        self.ssh_keygen.generate_keypair(private_key_path, self.size, self.type, self.comment)
+        self.ssh_keygen.generate_keypair(private_key_path, self.size, self.type, self.comment, check_rc=True)
 
     def _get_private_key(self):
-        private_key_content = self.ssh_keygen.get_private_key(self.private_key_path)[1]
+        private_key_content = self.ssh_keygen.get_private_key(self.private_key_path, check_rc=True)[1]
         return PrivateKey.from_string(private_key_content)
 
     def _get_public_key(self):
-        public_key_content = self.ssh_keygen.get_matching_public_key(self.private_key_path)[1]
+        public_key_content = self.ssh_keygen.get_matching_public_key(self.private_key_path, check_rc=True)[1]
         return PublicKey.from_string(public_key_content)
 
     def _private_key_readable(self):
-        rc, stdout, stderr = self.ssh_keygen.get_matching_public_key(self.private_key_path)
+        rc, stdout, stderr = self.ssh_keygen.get_matching_public_key(self.private_key_path, check_rc=False)
         return not (rc == 255 or any_in(stderr, 'is not a public key file', 'incorrect passphrase', 'load failed'))
 
     def _update_comment(self):
         try:
-            self.ssh_keygen.update_comment(self.private_key_path, self.comment)
+            self.ssh_keygen.update_comment(self.private_key_path, self.comment, check_rc=True)
         except (IOError, OSError) as e:
             self.module.fail_json(msg=to_native(e))
 
diff --git a/plugins/modules/openssh_cert.py b/plugins/modules/openssh_cert.py
index 7a0194258..bf50a4d61 100644
--- a/plugins/modules/openssh_cert.py
+++ b/plugins/modules/openssh_cert.py
@@ -497,7 +497,7 @@ def _result(self):
         if self.state != 'present':
             return {}
 
-        certificate_info = self.ssh_keygen.get_certificate_info(self.path)[1]
+        certificate_info = self.ssh_keygen.get_certificate_info(self.path, check_rc=True)[1]
 
         return {
             'type': self.type,