SAP Knowledge Base Article - Public

3364272 - Update to SFTP Server RSA Key fingerprint - DC66 - SAP SuccessFactors

Symptom

SAP SuccessFactors will issue a new site host key on Secure File Transfer Protocol(SFTP) server sftp10.successfactors.com, in DC66 - MS Azure Australia East Data center. The previously planned schedule for this change has been slightly delayed, this KBA will be updated once the new schedule is confirmed.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP SuccessFactors HXM Suite

Reproducing the Issue

The current host key fingerprint of the site.
 

 

The new host key fingerprint of the site. 

Cause

This change is in alignment with our continuous effort to improve the product security. Without this change, it will not be possible for us to upgrade the SFTP server to latest x64 bit version.

Resolution

Any action needed from the customer end?

The first login of any automated setup with SFTP can require a new key to be accepted from the new SFTP SSH Key pair. Therefore, post the SFTP host key change from our side customers will need to accept the new fingerprint one-time, during the first connection attempt.

Example screenshot -

This will vary depending on the system/application in use that is connecting to our SFTP.

If there is no strict key check configured on the customer side, there is no action needed and connection will happen without any manual intervention.

Note:

  • The requirement of this key check is on the external system/application connecting to SuccessFactors SFTP, it is not controlled by SuccessFactors.
  •  Please find the new site hostkey attached DC10 Key-2023.zip 

Is there any change to customer SFTP user account and URL? Does this impact Username/password based login to SFTP?

There will be no change to SFTP URL, username and password. This change does not impact username/password based HTTP login.

Does this impact scheduled Jobs in Provisioning or Integration Center that are configured with SFTP parameters?

Scheduled Jobs will not be impacted

Is there any impact to SFTP user login via SSH based authentication?

There is no change or impact to SSH based authentication for customers. The only change is SFTP server host key will be updated to new one.

Is there any impact to CPI connection to SFTP?

The new hostkey should be added to known_hosts of CPI tenants to keep the connection to SFTP functional, this process is explained in KBA 2448457.  The new hostkey can be found in this KBA, in the attached zip file DC10 Key-2023.zip.
For any queries on how to add the new hostkey to CPI, please raise support ticket to LOD-HCI-PI-CON-SOAP component.



Keywords

SFTP,SSH,RSA,server,fingerprint,DC66,sftp10,key , KBA , LOD-SF-PLT-FTPS , SFTP Account Creation, Reset Password & Install SSH Service , How To

Product

SAP SuccessFactors HXM Suite 2211

Attachments

Pasted image.png
Pasted image.png
DC10 Key-2023.zip