APAR status
Closed as program error.
Error description
After having updated the IBM Spectrum Protect Plus appliance, the sshd service does not start. For example, if the last line in /etc/ssh/sshd_config is : PasswordAuthentication yes Looking into the journal for the sshd service with the command: sudo journalctl -t sshd The error will be : ... /etc/ssh/sshd_config line <xx>: Bad yes/no argument: yesCiphers Starting with version 10.1.9, the allowed ciphers to use for ssh communication are added during install/upgrade to the /etc/ssh/sshd_config file. The problem will happen only on an upgrade of an existing environment when the sshd configuration file /etc/ssh/sshd_config does not end with an empty line. In that case, the upgrade process will append the sshd option 'Ciphers <list of allowed ciphers>' directly to that last line causing the configuration to become corrupt. With above example, the last line would change from : PasswordAuthentication yes to : PasswordAuthentication yesCiphers <list of allowed ciphers> Depending on the last line contents, the actual error text can be different. IBM Spectrum Protect Plus Versions Affected: IBM Spectrum Protect Plus 10.1.9 and later Additional Keywords: SPP, SPPLUS, TS007890567, tech doc 6529262
Local fix
To prevent the problem before the upgrade, ensure /etc/ssh/sshd_config ends with an empty line. If the upgrade process already appended the last config line, edit the /etc/ssh/sshd_config file to change from : <original last line>Ciphers <list of allowed ciphers> to <original last line> Ciphers <list of allowed ciphers>
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Protect Plus level 10.1.9 and 10.1.10. * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is currently * * projected to be fixed in IBM Spectrum Protect Plus level * * 10.1.11. Note that this is subject to change at the * * discretion of IBM. * ****************************************************************
Problem conclusion
The problem has been resolved by fixing the upgrade process to ensure that a newline is appended to the existing line before new lines are added by the upgrade process.
Temporary fix
Comments
APAR Information
APAR number
IT39533
Reported component name
SP PLUS
Reported component ID
5737SPLUS
Reported release
A19
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-01-04
Closed date
2022-04-12
Last modified date
2022-04-12
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Platform Upgrade
Fix information
Fixed component name
SP PLUS
Fixed component ID
5737SPLUS
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A19","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
31 January 2024