Symptom
What are the supported SSH Encryption for Integration center Outbound connection to Non-SuccessFactors/Private SFTP
Environment
- SAP SuccessFactors HCM Suite
- Integration Center
Resolution
Integration Center is using SFTP java client jsch jar with version 0.1.54 in BIZX to connect to SFTP hosts.
It supports the following SFTP communication algorithms:
- Key Exchange Algorithm :
ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1 - Encryption Algorithm:
aes128-ctr, aes128-cbc, 3des-ctr, 3des-cbc, blowfish-cbc, aes192-ctr, aes192-cbc, aes256-ctr, aes256-cbc - Message Authentication code Algorithms:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 - Host-Key Algorithm:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
Notes:
- For SFTP authentication, Integration center supports both Basic Auth and certificate based Auth, and in certificate based Auth, it supports Asymmetric algorithms - RSA ssh keys.
- For more information please refer to the Integration Center - User Assistance Guide
- If you wish to find out how to convert downloaded Public key to ssh-rsa format please note there are a number of resources available online. Please also note the SAP SuccessFactors does not support the OpenSSH format key generation and therefore we do not recommend its use.
- To clarify, OpenSSH is a SSH communication utility developed on SSH Protocol and SAP SuccessFactors' Integration Center supports OpenSSH. If you want to use the key based authentication, you will need to generate the SSH keys in the Security Center. These SSH keys that are generated in the Security Center do not currently support the new OpenSSH key format which was made available from OpenSSH version 7.6 onwards. In other words, the Security Center always generates old format SSH keys so you still can use those SSH keys to connect to SFTP Servers running on the newer OpenSSH versions.
- Port 22 is a standard port at SAP and is allowed to have Outbound connection to external ftp with this port.
See Also
3564902 - Security Center - Other Keys - Outdated SHA1 encryption used in key pair
2395508 - IP addresses to be added into allow list when customer's own sftp is used with Integration Center
What's New Viewer: Improvements to SSH Key Generation Functionality in Security Center
Keywords
Integration Center, 3rd Party SFTP, SSH, Oubound Integration, SFTP, Ciphers, Key Exchange Algorithm, Encryption Algorithm, Message Authentication code Algorithms, Host-Key Algorithm, RSA, DSA, ic, key, keys, cipher, ciphers, algorithm, sf, successfactors, use, ftp, key exchange, Algorithm negotiation fail, Server Host Key, Server Host Key algorithms, SHA-1, SHA, SHA-2, Security Center, Security Centre , KBA , LOD-SF-INT-INC , Integration Center , LOD-SF-INT , Integrations , LOD-SF-INT-INC-JOB , Integration Center Job , How To