Changed /bin/sh to /bin/busybox for root, broke SSH access. How to fix it?

Question

I made a silly mistake... I was playing around with busybox and used chsh to switch the root shell from /bin/sh to /bin/busybox which seems to have broken the SSH access.

When I do:

root@dev:~$ ssh root@ip.of.ser.ver

I get:

root@ip.of.ser.ver's password: 
BusyBox v1.22.1 (2015-06-19 07:36:41 CEST) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2012.
Licensed under GPLv2. See source distribution for detailed
copyright notices.

Usage: busybox [function [arguments]...]
   or: busybox --list
   or: function [arguments]...

  BusyBox is a multi-call binary that combines many common Unix
  utilities into a single executable.  Most people will create a
  link to busybox for each function they wish to use and BusyBox
  will act like whatever it was invoked as.

Currently defined functions:
  [, [[, addgroup, adduser, ar, ash, awk, basename, brctl, bunzip2, bzcat, cat, chattr, chgrp, chmod, chown, chroot, chvt, clear, cmp, cp, cpio, cut, date, dc, dd, deallocvt, delgroup, deluser, depmod, df,
  diff, dirname, dmesg, dnsdomainname, du, dumpkmap, dumpleases, echo, egrep, env, expr, false, fbset, fdisk, fgrep, find, flock, free, fsck, fstrim, fuser, getty, grep, groups, gunzip, gzip, halt, head,
  hexdump, hostname, hwclock, id, ifconfig, ifdown, ifup, insmod, ip, kill, killall, less, ln, loadfont, loadkmap, logger, logname, losetup, ls, lsmod, md5sum, microcom, mkdir, mkfifo, mknod, mkswap,
  mktemp, modprobe, more, mount, mv, nc, netstat, nohup, nslookup, od, openvt, patch, pidof, pivot_root, poweroff, printf, ps, pwd, rdate, readlink, realpath, reboot, renice, reset, rfkill, rm, rmdir,
  rmmod, route, run-parts, sed, seq, setconsole, sh, sha3sum, sleep, sort, start-stop-daemon, stat, strings, stty, sulogin, swapoff, swapon, switch_root, sync, sysctl, tail, tar, tee, telnet, test, tftp,
  time, top, touch, tr, true, tty, udhcpc, udhcpd, umount, uname, uniq, unzip, uptime, users, usleep, vi, watch, wc, wget, which, who, whoami, xargs, yes, zcat

Connection to ip.of.ser.ver closed.

Technically, I am unsure of why it closes the connection. Non technically I have no idea how to fix this and would like to regain access to the device.

As far as I know I just need to edit /etc/passwd and change it back but how can I do that with what has now happened?

score 2 · Answer 1 · answered Oct 20 '15 at 10:10

The connection is closed because calling /bin/busybox just shows you the output you see but won't start a shell session (try it in a terminal). You need to create a symlink /usr/bin/ash -> /bin/busybox and call /usr/bin/ash to start a busybox shell.

You'll probably have to fix this via a rescue system in order to change it back.

score 1 · Answer 2 · answered Oct 20 '15 at 15:09

1

If you have enabled SFTP access to that machine, try with it. Chances are that it's configured not to require a valid shell (internal-sftp). You can then edit your /etc/passwd file.

answered Oct 20 '15 at 15:09

sam_pan_mariusz

2,053
1
12
15

I wish i saw this before flashing the system... Thanks! – Craig van Tonder Oct 20 '15 at 16:06

Changed /bin/sh to /bin/busybox for root, broke SSH access. How to fix it?

2 Answers2