CA API Gateway - Facing SocketTimeoutException in patchServiceApi while applying patch

book

Article ID: 141346

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

Some environment may experience this issue due to a security feature implemented in ssh configuration.

In the most recent version of our product maintenance, we implemented a sub-script "ssh_force_command.sh" which is intended to prevent users from running commands remotely over ssh (*"/bash, *"/sh", "bash", "sh"). It's a feature that is still on an ongoing development and may have some side effect. 

Environment

Release : 9.x 

Component : API GATEWAY

Resolution

Please follow these steps on the affected Gateway:

1. Remove the patch status file in order to allow patch to be applied again

rm -f /opt/SecureSpan/Controller/var/patches/<patch_name>.status

(for example: rm -f /opt/SecureSpan/Controller/var/patches/CA_API_PlatformUpdate_64bit_v9.X-RHEL-2019-10-24.status)

2. Edit the sshd_config file  

vi /etc/ssh/sshd_config

3. Scroll to the bottom of the file and comment out "ForceCommand /etc/ssh/ssh_force_command.sh" line by adding a "#" character in the beginning of the line

# ForceCommand /etc/ssh/ssh_force_command.sh

4. Restart ssh service to allow change to take effect

service sshd restart

5. Re-apply patch

6. Restore line that was commented out in step 3 and restart once again sshd daemon as per step 4.