SAP Knowledge Base Article - Public

3364272 - Update to SFTP Server RSA Key fingerprint - DC66 - SAP SuccessFactors

Symptom

SAP SuccessFactors will issue a new site host key on Secure File Transfer Protocol(SFTP) server sftp10.successfactors.com, in DC66 - MS Azure Australia East Data center. Scheduled on 2nd December 2023.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP SuccessFactors HXM Suite

Reproducing the Issue

The current host key fingerprint of the site.
 

 

The new host key fingerprint of the site. 

Cause

This change is in alignment with our continuous effort to improve the product security. Without this change, it will not be possible for us to upgrade the SFTP server to latest x64 bit version.

Resolution

Any action needed from the customer end?

The first login of any automated setup with SFTP can require a new key to be accepted from the new SFTP SSH Key pair. Therefore, post the SFTP host key change from our side customers will need to accept the new fingerprint one-time, during the first connection attempt.

Example screenshot -

This will vary depending on the system/application in use that is connecting to our SFTP.

If there is no strict key check configured on the customer side, there is no action needed and connection will happen without any manual intervention.

Note:

  • The requirement of this key check is on the external system/application connecting to SuccessFactors SFTP, it is not controlled by SuccessFactors.
  •  Please find the new site hostkey attached DC10 Key-2023.zip 

Is there any change to customer SFTP user account and URL? Does this impact Username/password based login to SFTP?

There will be no change to SFTP URL, username and password. This change does not impact username/password based HTTP login.

Does this impact scheduled Jobs in Provisioning or Integration Center that are configured with SFTP parameters?

Scheduled Jobs will not be impacted

Is there any impact to SFTP user login via SSH based authentication?

There is no change or impact to SSH based authentication for customers. The only change is SFTP server host key will be updated to new one.

Is there any impact to CPI connection to SFTP?

Please make sure to update the known_hosts file of your Cloud Integration tenant before 2nd December 2023, which is the current planned date for this planned upgrade.

Please follow below steps (reference KBA 2448457):

  1. Download the new SSH host.The key is available in the Attachments section-> DC10 Key-2023.zip.
  2. Download the known_hosts file from the Cloud Integration web UI.
  3. Add the new SSH key to the known_hosts file. Format of the line should look as below: 
    -> sftp10.successfactors.com ssh-rsa AAAAB3NzaC1yc2EAAA.....
  4. Save and upload.

Note: Do not remove the old key from known_hosts file when you add the new key. Remove the old key only after the switch by SuccessFactors is complete and you confirm that the connection continues to work as is.

For any queries on how to add the new hostkey to CPI, please raise support ticket to LOD-HCI-PI-CON-SOAP component.



Keywords

SFTP,SSH,RSA,server,fingerprint,DC66,sftp10,key , KBA , LOD-SF-PLT-FTPS , SFTP Account Creation, Reset Password & Install SSH Service , How To

Product

SAP SuccessFactors HXM Suite 2211

Attachments

Pasted image.png
Pasted image.png
DC10 Key-2023.zip