# bash broken on remote server, how to login ?



## Firestorm (Jun 1, 2010)

After upgrading a bunch of ports so I can run php 5.3, bash isn't working anymore.


```
/libexec/ld-elf.so.1: Shared object "libintl.so.8" not found, required by "bash"
```
The sad thing is, of course, I noticed this after I tried to log in again later.
Since bash is the default shell for both my user accounts *and* root, I can't get into it anymore. I've tried from another server that has a ssh private key so it can run rsync regularly, but the only way to get around the broken shell is by passing -N to ssh so the remote shell isn't activated. However, that leaves me with an unusable connection (well, *I* don't know what to do with it).

Is there a way I can get back into this server without having to drive 110km to the datacenter? The server has an ILO too but that doesn't support a remote terminal, only power management and hardware monitoring.

Thanks


----------



## vrachil (Jun 1, 2010)

i'm not sure if it will actually help, but you could try running a specific shell:

ssh user@host csh -l

there is a 'catch' you will not get a prompt, but you will be in a shell. You will be able to run commands as usual.
After logging in, you can use chsh to change your shell to something included in base.


----------



## SirDice (Jun 1, 2010)

Tried that once before, it won't work. The command "csh -l" needs a shell to run, and that shell isn't working. Hence it won't be able to start csh.


----------



## DutchDaemon (Jun 1, 2010)

If there is nobody at the datacenter to perform a few commands, you'll have to go there yourself and basically change your and root's shell to csh, or symlink /usr/local/lib/libintl.so.8 to /usr/local/lib/libintl.so.9 in single-user mode (bash will then work). Then get the latest ports tree, run the recursive portupgrade of gettext (which will now build the 'correct' bash) and move on.


----------



## pbd (Jun 1, 2010)

Did you try to log in as 'toor'?


----------



## DutchDaemon (Jun 1, 2010)

If the wheel account is broken, there's no way to su to toor ... Which has to be set up to be used anyway. And of course, *nobody* will make the root or toor account directly accessible over the net, right?


----------



## pbd (Jun 1, 2010)

DutchDaemon said:
			
		

> If the wheel account is broken, there's no way to su to toor ... Which has to be set up to be used anyway. And of course, *nobody* will make the root or toor account directly accessible over the net, right?



Really? I was once in the same situation: I've broken bash, but I was still able to log in as toor (I don't mean to login as root then su to toor, but ssh as toor directly).


----------



## SirDice (Jun 1, 2010)

pbd said:
			
		

> Really? I was once in the same situation: I've broken bash, but I was still able to log in as toor (I don't mean to login as root then su to toor, but ssh as toor directly).


toor is disabled by default. And logging in as toor directly is just as bad a practice as logging in as root directly.

You should never change root's shell. Certainly not to a shell that isn't part of the base system. Why people keep insisting on changing root's shell to bash is just beyond me.


----------



## DutchDaemon (Jun 1, 2010)

```
# grep toor /usr/src/etc/master.passwd
toor:*:0:0::0:0:Bourne-again Superuser:/root:
```

See? No password, no shell, so disabled by default.

That you managed to gain access by logging in as toor directly means: 1) you set up the toor account specifically 2) easy access for all, because toor is very likely to be in bruteforce and rainbow tables.


----------



## magickan (Jun 1, 2010)

SirDice said:
			
		

> You should never change root's shell. Certainly not to a shell that isn't part of the base system. Why people keep insisting on changing root's shell to bash is just beyond me.



You asked the question, i suspect you answered it also   Being new to freebsd its all a learning process :stud



			
				SirDice said:
			
		

> Oliver's Law:
> Experience is something you don't get until just after you need it.


----------



## SirDice (Jun 1, 2010)

Very true. A hard lesson to learn though. Which can be avoided if people stopped treating every *nix as Linux


----------



## Firestorm (Jun 2, 2010)

Thanks for the help everyone.

I have not setup the toor account so that doesn't work, so the only way to get back into this server is to fysically be there.
There is however silver lining around this cloud. A colleague told me there's an ILO (integrated lights-out) controller on this machine, and it's hooked up and accessible. HP however has restricted it's 'remote console' capability, one needs to buy a license key for that. It's not cheap (â‚¬ 315,- for just a license) but that would save me not only this trip but also for every other screwup for the rest of that server's life.
I called our supplier and it should arrive today.

When I get it working I will be changing the root shell to csh so this doesn't happen again. I tinker around quite a lot as root and I'm more comfortable in bash so that's why I made it the default. Starting a bash shell manually is no trouble at all though.

And yes, I am a recovering Linux user. Slackware to be precise.


----------



## nekoexmachina (Jun 2, 2010)

Firestorm said:
			
		

> I tinker around quite a lot as root and I'm more comfortable in bash so that's why I made it the default. Starting a bash shell manually is no trouble at all though.


Why not just configure your csh as your bash? What features do you miss from bash? Also toor is special account for your situation, e.g. root with any custom shell but without ability to break up system like your root-bash did.
Also security and password bruteforce should not be a problem if you'll use custom ssh port and/or disable password authentification.


----------



## Firestorm (Jun 3, 2010)

I'm a little bit further now. The license key for the ilo just came in and I now have a remote console (so I can access it as if I were there in person).
The login prompt still won't let me in however, because the shell doesn't work.
I understand rebooting into single user mode let's me select the shell I want to use but as this is a production machine and it's 11:49 AM here I don't want to reboot just now. Can I get that shell selection prompt without rebooting? Is there maybe a key combination to trigger it?


----------



## SirDice (Jun 3, 2010)

You can go to single user mode without rebooting. However, ALL processes will be stopped! And you need to login to be able to do it 

The quick fix is to boot to single user mode and change root's shell. This shouldn't take more then a few minutes. Once root is working again you can fix bash for the other user accounts while running in multi-user mode.


----------



## Firestorm (Jun 3, 2010)

Yes that would be telinit 1 iirc, but since I can't get into that machine..

Guess I'll just have to wait until it quiets down tonight, reboot and fix it.


----------



## phoenix (Jun 3, 2010)

`# shutdown now` is the more correct, FreeBSD, method of dropping to single-user mode while running in multi-user.


----------



## k1piee (Jun 14, 2010)

*Bash is broken after upgrade.*

Hi,

So I was gonna upgrade my FreeBSD 7.2 server one night and did it remotely from my computer.
I made a screen and started portmaster in it and was thinking it would be done by the morning. When I woke up and tried to login to the server I got this:


```
/libexec/ld-elf.so.1: Shared object "libintl.so.8" not found, required by "-bash"
```

And then it just exits.. So I can't log on to my server anymore and I have bash as standard shell on every account. I get the same error over SSH as when I try to login locally.

How can I fix this? Do I need to boot up on a CD and fix it that way? If so, how?


Thanks,
Patric


----------



## SirDice (Jun 14, 2010)

Similar thread: http://forums.freebsd.org/showthread.php?t=14676

In short, never EVER change root's shell.


----------



## k1piee (Jun 14, 2010)

ah thank you. Guess a little more searching would've helped me but thanks for the link


----------



## DutchDaemon (Jun 14, 2010)

[ threads merged ]


----------



## robertclemens (Jun 18, 2010)

Thought I'd chime in since this topic about root's shell happens more times than I can remember.

Don't change root's shell. This is very good advice.

I always tell people who *DEMAND* bash or another "3rd party" shell for root to use "su -m" (uses current users shell ie: bash)
or more precisely add an alias to their existing users shell (because we don't allow direct ssh access to root).

Usually this is done by putting:

```
alias sm="su -m"
```
in ~/.profile and changing your su to root habit to sm.

Or you can always try sudo. Just leave root's shell alone as well as one other user in the wheel group just in case! =]


----------



## k1piee (Jun 18, 2010)

ok so this information doesn't help me at all.. All my accounts have bash as standard shell, bash if f****d up so I can't login to the server. I then tried to boot up on a FreeBSD livefs disc and fix it, but Noo it doesn't want to find my harddrive correctly. I can boot up just fine on it, I just cant login.
The only thing it finds is /dev/ad0p1 but thats it, I tried to mount just that but it didn't work. It can't find any partitions at all..

How the H**L can I fix this?
I really need to login to fix a thing cause now nothing works, no mail, no webserver, no nothing..


----------



## jb_fvwm2 (Jun 18, 2010)

sounds like you need to load additional modules at the 
live cd:
geom_mbr.ko
geom_label.ko
geom_bsd.ko
(which if I recall correctly is possible, then see if
additional devices appear in /dev)
I would have thought, but the /dev you posted hints
at *maybe* another device driver related to a raid on the
server (proprietary or in /boot/loader.conf? )


----------



## anomie (Jun 18, 2010)

Firestorm said:
			
		

> The sad thing is, of course, I noticed this after I tried to log in again later.
> Since bash is the default shell for both my user accounts *and* root, I can't get into it anymore.



Went through the exact same painful experience myself. (My thread was up on bsdforums before that site was torn down.) I had to visit the data center to fix it, which was 1) inconvenient to more than one person]
[*] Do not change root's shell to anything that isn't part of the base system. If you want to make some fancy ad-hoc scripts from the command line, log in and then launch bash from there (assuming you've installed it). 
[*] Ditto for at least one (regular) administrative account. If you had that now, you wouldn't be in this jam. 
[/list]

As interactive shells go, tcsh(1) is actually quite nice. Again, after logging in you can always launch bash.


----------



## phoenix (Jun 19, 2010)

k1piee said:
			
		

> ok so this information doesn't help me at all.. All my accounts have bash as standard shell, bash if f****d up so I can't login to the server.



Select option 4 from the boot menu (Boot into single-user mode).  When it asks which shell to use, type */bin/sh*.

Then just mount the root filesystem (*mount -u /*), and change root's shell back to */bin/tcsh*.


----------



## k1piee (Jun 19, 2010)

phoenix said:
			
		

> Select option 4 from the boot menu (Boot into single-user mode).  When it asks which shell to use, type */bin/sh*.
> 
> Then just mount the root filesystem (*mount -u /*), and change root's shell back to */bin/tcsh*.




Thanks man, you're a life saver! <3
Got everything working now


----------



## styggentorsken (Oct 6, 2010)

Hi!
I just had a similar problem. (lucky that I found this thread )
Thanks!


----------

