/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
What are the supported SSH Encryption for Integration center Outbound connection to Non-SuccessFactors/Private SFTP
Environment
- SAP SuccessFactors HCM Suite
- Integration Center
Resolution
Integration Center is using SFTP java client jsch jar with version 0.2.16 in BIZX to connect to SFTP hosts.
It supports the following SFTP communication algorithms:
- Key Exchange Algorithm :
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1 - Encryption Algorithm/SFTP Ciphers:
aes128-ctr
aes128-cbc
aes192-ctr
aes192-cbc
aes256-ctr
aes256-cbc
aes128-gcm@openssh.com
aes256-gcm@openssh.com
3des-ctr
3des-cbc
blowfish-cbc - Message Authentication code Algorithms/MAC:
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1 - Server Host-Key Algorithms:
ssh-ed25519
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
rsa-sha2-512
rsa-sha2-256
ssh-rsa
ssh-dss
Notes:
- For SFTP authentication, Integration center supports both Basic Auth and certificate based Auth, and in certificate based Auth, it supports Asymmetric algorithms - RSA ssh keys.
- For more information please refer to the Integration Center - User Assistance Guide
- If you wish to find out how to convert downloaded Public key to ssh-rsa format please note there are a number of resources available online. Please also note the SAP SuccessFactors does not support the OpenSSH format key generation and therefore we do not recommend its use.
- To clarify, OpenSSH is a SSH communication utility developed on SSH Protocol and SAP SuccessFactors' Integration Center supports OpenSSH. If you want to use the key based authentication, you will need to generate the SSH keys in the Security Center. These SSH keys that are generated in the Security Center do not currently support the new OpenSSH key format which was made available from OpenSSH version 7.6 onwards. In other words, the Security Center always generates old format SSH keys so you still can use those SSH keys to connect to SFTP Servers running on the newer OpenSSH versions.
- Port 22 is a standard port at SAP and is allowed to have Outbound connection to external ftp with this port.
See Also
3564902 - Security Center - Other Keys - Outdated SHA1 encryption used in key pair
2395508 - IP addresses to be added into allow list when customer's own sftp is used with Integration Center
What's New Viewer: Improvements to SSH Key Generation Functionality in Security Center
Keywords
Integration Center, 3rd Party SFTP, SSH, Oubound Integration, SFTP, Ciphers, Key Exchange Algorithm, Encryption Algorithm, Message Authentication code Algorithms, Host-Key Algorithm, RSA, DSA, ic, key, keys, cipher, ciphers, algorithm, sf, successfactors, use, ftp, key exchange, Algorithm negotiation fail, Server Host Key, Server Host Key algorithms, SHA-1, SHA, SHA-2, Security Center, Security Centre , KBA , LOD-SF-INT-INC , Integration Center , LOD-SF-INT , Integrations , LOD-SF-INT-INC-JOB , Integration Center Job , How To
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)