Symptom
SAP SuccessFactors will issue a new site host key on Secure File Transfer Protocol(SFTP) server sftp10.successfactors.com, in DC66 - MS Azure Australia East Data center. The previously planned schedule for this change has been slightly delayed, this KBA will be updated once the new schedule is confirmed.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors HXM Suite
Reproducing the Issue
The current host key fingerprint of the site.
The new host key fingerprint of the site.
Cause
This change is in alignment with our continuous effort to improve the product security. Without this change, it will not be possible for us to upgrade the SFTP server to latest x64 bit version.
Resolution
Any action needed from the customer end?
The first login of any automated setup with SFTP can require a new key to be accepted from the new SFTP SSH Key pair. Therefore, post the SFTP host key change from our side customers will need to accept the new fingerprint one-time, during the first connection attempt.
Example screenshot -
This will vary depending on the system/application in use that is connecting to our SFTP.
If there is no strict key check configured on the customer side, there is no action needed and connection will happen without any manual intervention.
Note:
- The requirement of this key check is on the external system/application connecting to SuccessFactors SFTP, it is not controlled by SuccessFactors.
- Please find the new site hostkey attached DC10 Key-2023.zip
Is there any change to customer SFTP user account and URL? Does this impact Username/password based login to SFTP?
There will be no change to SFTP URL, username and password. This change does not impact username/password based HTTP login.
Does this impact scheduled Jobs in Provisioning or Integration Center that are configured with SFTP parameters?
Scheduled Jobs will not be impacted
Is there any impact to SFTP user login via SSH based authentication?
There is no change or impact to SSH based authentication for customers. The only change is SFTP server host key will be updated to new one.
Is there any impact to CPI connection to SFTP?
The new hostkey should be added to known_hosts of CPI tenants to keep the connection to SFTP functional, this process is explained in KBA 2448457. The new hostkey can be found in this KBA, in the attached zip file DC10 Key-2023.zip.
For any queries on how to add the new hostkey to CPI, please raise support ticket to LOD-HCI-PI-CON-SOAP component.
Keywords
SFTP,SSH,RSA,server,fingerprint,DC66,sftp10,key , KBA , LOD-SF-PLT-FTPS , SFTP Account Creation, Reset Password & Install SSH Service , How To
Product
Attachments
Pasted image.png |
Pasted image.png |
DC10 Key-2023.zip |