IBM Support

PH31732: Restricting ip access in ssh keys in authorized_keys, results in ssh key being appended when collective member is restarted.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • If a user restricts the ssh keys (by adding the
    'from=pattern' option) in the authorized_keys file, the ssh
    keys will be appended to the authorized_keys file when the
    collective member is restarted.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty collectives configured with  *
    *                  RXA and private SSH keys                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: Restricting IP access for SSH keys in   *
    *                      the authorized_keys file results in the *
    *                      SSH key being appended when a           *
    *                      collective member is restarted.         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    If a user restricts the SSH keys (by adding the 'from=pattern'
    option) in the authorized_keys file, the SSH key will be
    appended to the authorized_keys file when the collective member
    is restarted.
    

Problem conclusion

  • The code was modified to properly check if the keys, restricted
    or otherwise, are present in the authorized_keys file. If they
    are, there is no need to re-append them.
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 21.0.0.1.  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH31732

  • Reported component name

    LIBERTY PROFILE

  • Reported component ID

    5724J0814

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-11-16

  • Closed date

    2021-01-12

  • Last modified date

    2021-01-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROFILE

  • Fixed component ID

    5724J0814

Applicable component levels

[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0"}]

Document Information

Modified date:
13 January 2021