sftp broken after applying September 2018 9.x API Gateway Patch
Article ID: 116978
STARTER PACK-7CA Rapid App SecurityCA API Gateway
Unable to use sftp connections after applying CA_API_PlatformUpdate_64bit_v9.X-RHEL-2018-09-19.L7P for 9.x CA API Gateway hosts. This includes standard sftp command line instructions and use of ftp clients like winScp and FileZilla.
API Gateway 9.x
Updates in the September monthly have instituted security measures to stop the authenticated ssgconfig user from obtaining a shell into Gateway. API Gateway Development is researching this issue as of the publish date of this kb and this kb should eventually be retired with a permanent fix.
Disable the /etc/ssh/ssh_force_command.sh entries from /etc/ssh/sshd_config file and restart the ssh daemon as below:
#Match user ssgconfig # ForceCommand /etc/ssh/ssh_force_command.sh
Restart sshd daemon with: # service sshd restart
The /etc/ssh/ssh_force_command.sh file is referencing to /opt/SecureSpan/Platform/bin/configuser_profile_menu.sh which is a ssgconfig wizard menu file. After disabling the /etc/ssh/ssh_force_command.sh entries from sshd_config file and restarting the ssh daemon, sftp connections work in 9.x Gateways.