After applying the September 2019 monthly platform patch, the end user is unable to login to 8.2 API Gateway hosts with ssgconfig user account.
The full patch name is CA_API_PlatformUpdate_64bit_v8.1-RHEL-2018-09-19.L7P
API Gateway 8.2
This potentially effects previous versions of API Gateway before 8.2 as well.
The September 2019 Monthly Platform patch has addressed security issues with the authenticated ssgconfig user limiting access to shell.
CA API Gateway Development is researching this issue to permanently fix it as of the date of this kb publishing. This article would be eventually retired.
After applying the patch, the file /opt/SecureSpan/Platform/bin/configuser_profile_menu.sh is not present in the API Gateway 8.2 release, nor was it before application of the patch.
The /etc/ssh/ssh_force_command.sh file is referencing to /opt/SecureSpan/Platform/bin/configuser_profile_menu.sh which is a ssgconfig wizard menu file.
You must have direct console access to perform this fix. This issue affects ssh logins and by default the API Gateway virtual appliance does not have root access.
Disable the /etc/ssh/ssh_force_command.sh entries from /etc/ssh/sshd_config file as below and restart the ssh daemon:
#Match user ssgconfig
# ForceCommand /etc/ssh/ssh_force_command.sh
Restart the sshd daemon:
# service sshd restart
This issue should not occur on API Gateway releases 8.3 or newer.