Custom SSH Assertion - fails when using service resolution - Failed (NullPointerException) to create command for subsystem=sftp: null
search cancel

Custom SSH Assertion - fails when using service resolution - Failed (NullPointerException) to create command for subsystem=sftp: null

book

Article ID: 378581

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Broadcom has provided a custom SSH assertion that provides early response capability for SFTP transactions (filename:SshAssertion-1.0.4.002-SNAPSHOT.aar) . 

It was recently determined that this assertion does not allow users to use service resolution.  


- When using the stock SSH assertion, the SFTP client gets prompted for a password, and then after entering one, users are dropped to an SFTP prompt where they can enter commands.

- When using the custom assertion and not identifying a service in Listen Port Properties > Advanced > Associate port with published service (bypass resolution).

- When using the provided assertion, the gateway closes the SFTP connection immediately after the password is sent..

Logs attached.

Relevant error message:
2024-08-20T16:01:44.805+0000 WARNING 171 com.l7tech.external.assertions.ssh.server.SshServerModule$GatewaySshChannelSession: handleSubsystem(GatewaySshChannelSession[id=0, recipient=0]-ServerSessionImpl[myuser@/192.168.15.185:51298]) Failed (NullPointerException) to create command for subsystem=sftp: null

Environment

CA API Gateway 10.1, 11.0, 11.1

SshAssertion-1.0.4.002-SNAPSHOT.aar

 

Cause

Defect DE613074

Resolution

1. Please open a support case to review the conditions and/or request the fix as needed.

2. SshAssertion-1.0.4.003-SNAPSHOT.aar has the fix for the sftp Nullpointer Issue.

     This was built on the latest hotfix SshAssertion-1.0.4.002-SNAPSHOT.aar 

      NOTE: Please take the backup / snapshot before applying the Hotfix. 

 

Powered by Wolken Software