by dbvqdpwn » Mon Oct 06, 2014 5:34 pm
$this->bbcode_second_pass_quote('', 'H')owever, when I upgraded to that bash on my pogo E02, I could no longer authenticate for ssh with either public key (my usual way) nor password. When I downgraded bash back to the prior version, both forms of auth worked again. Note that my E02 was never upgraded to systemd as I keep it more or less in sync with my V3 pogos which no longer get updated unless necessary.
I upgraded to 4.3.30 and encountered a similar issue with not being able to authenticate.
Turns out the upgrade moved the binary from /bin/bash to /usr/bin/bash. I just made a copy and that fixed things.
$this->bbcode_second_pass_code('', '[user@pogoplug ~]$ grep user /etc/passwd
user:x:1000:1000::/home/user:/bin/bash
[user@pogoplug ~]$ chsh -s /usr/bin/bash
Changing shell for user.
Password:
chsh: "/usr/bin/bash" is not listed in /etc/shells.
[user@pogoplug ~]$ sudo cp /usr/bin/bash /bin/bash
[sudo] password for user:
[user@pogoplug ~]$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test
[user@pogoplug ~]$ echo $BASH_VERSION
4.3.30(1)-release
')