21.02 r4 chsh causes ssh login to not work (maybe password related?)

I have not set root password (a new bug that needs to be fixed first)
I tried to change my shell to zsh with chsh /bin/zsh
when I do then sshing from my host to openwrt asks for password, when it didnt with ash selected as default (with public key login)

The first advice would be, don't - just don't.

Unless you build OpenWrt yourself, changing to a non-default shell (which means busybox ash) means that you'd lose it over the next sysupgrade --> invalid shell (non-existent) --> impossible to log in. I wouldn't be surprised at all if that wouldn't be at play here either, think about it - your non-default shell ends up on the overlay, meaning it only becomes available half-way through the boot process, but dropbear is started rather early in the boot process (because of failsafe mode and similar). Therefore it's quite imaginable (no, sorry, I didn't check the source) that dropbear gets started before the overlay is fully available, with an absent shell maybe creating some havoc.

The above is based on speculation and educated guessing, just starting points for further debugging - the next thing would be checking what happens with a different shell (e.g. bash, it's quite imaginable that features necessary for using zsh as login shell are disabled for size reasons), what happens if you build zsh directly into the image - before debugging the initscripts and environment involved (maybe not fully zsh safe), etc. pp.

tl;dr, just don't.

1 Like

I have changed the shell to zsh before 21, at 19v.
I just dont remember how. I thought it was with chsh but maybe I did something else.
I just know that when I sshed I would get a zsh shell.
and it would stay that way over upgrades from 19.x to 19.y

chsh shouldn't do anything but modifying /etc/passwd with some additional safeguards applied, compare them before- and after to rule out that misbehaving.

1 Like

I think this is because of this bug.

I think I should wait for that to be addressed first.

Well, a rather fundamental issue like that would need solving first, of course. However I would have a expected a lot more complaints earlier, if that were a common issue (and not some one-off freak accident).

I installed from the official rc4 image to be sure and it had the issue.
so.... I am not sure how to make this freak go away.

I think it is from shadow-chsh (with shadow-common)
when I use chsh (which only this package has) I get this issue with the password issue in luci too.

so I removed that and try to just switch to zsh after ssh

I've faced the same issue and got the same result - ssh asked for password. I was able to change back /etc/shells file via luci-app-commands. Install package, use 'sed -i ...' to change the content of the /etc/shells file

1 Like