sftp broken after applying September 2018 9.x API Gateway Patch

Document ID : KB000116978
Last Modified Date : 05/10/2018
Show Technical Document Details
Issue:
Unable to use sftp connections after applying CA_API_PlatformUpdate_64bit_v9.X-RHEL-2018-09-19.L7P for 9.x CA API Gateway hosts.
This includes standard sftp command line instructions and use of ftp clients like winScp and FileZilla.
Environment:
API Gateway 9.x
Cause:
Updates in the September monthly have instituted security measures to stop the authenticated ssgconfig user from obtaining a shell into Gateway.
API Gateway Development is researching this issue as of the publish date of this kb and this kb should eventually be retired with a permanent fix.
Resolution:
Disable the /etc/ssh/ssh_force_command.sh entries from /etc/ssh/sshd_config file and restart the ssh daemon as below:

#Match user ssgconfig
#       ForceCommand /etc/ssh/ssh_force_command.sh

Restart sshd daemon with:
# service sshd restart

The /etc/ssh/ssh_force_command.sh file is referencing to /opt/SecureSpan/Platform/bin/configuser_profile_menu.sh which is a ssgconfig wizard menu file. After disabling the /etc/ssh/ssh_force_command.sh entries from sshd_config file and restarting the ssh daemon, sftp connections work in 9.x Gateways.