I've managed to mess up some shared libraries on my system, and now my shell cannot be run, thus locking me out of the system. Both ssh
, sftp
, and scp
, as configured on the remote system, seem to rely on the shell, so those alternatives are out. Really, it is not a big issue because I have some remote hands that can change my shell to sh
via console.
However I'm curious, getting down to the mechanics of the SSH protocol, whether it is possible to authenticate and perform some manipulations on the remote system (eg, modifying /etc/passwd
), without ever invoking the shell?
EDIT
Just to be fair, to the fellow who suggested specifying the alternative command/shell after the ssh command string (eg, ssh myhost /bin/sh
): the man page does state:
If command is specified, it is executed on the remote host instead of a login shell.
which could definitely be confusing.
Best Answer
[for the record only -- at the time of writing, the problem has long been fixed, hopefully]
With
openssh
, ANY command executed bysshd
is executed via your login shell with the-c
option:ssh
command line (i.e.ssh user@host command
).authorized_keys
file (i.e.command="..." ssh-rsa AAAA...
)ForceCommand
option insshd_config
~/.ssh/rc
script (via/bin/sh ~/.ssh/rc
)scp
commands local to a server executed in response to a remotescp
So, if your login shell is faked (
/bin/false
ornologin
) or broken, there is no way for you to execute anything remotely withssh
. That's also why no alternative shell is possible.