/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
SAP SuccessFactors will issue a new site host key on Secure File Transfer Protocol (SFTP) server.
Site:
sftp22.sapsf.com
Datacenter:
DC22
Cloud Stack:
EMEA Region/UAE/Dubai/CC Dubai 1
Scheduled on:
Postponed, new date to be declared
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors HCM Suite
Resolution
Why this change?
This change is in alignment with our continuous effort to improve the product security.
What is the change?
The current host key fingerprint of the site.
sftp22.sapsf.com
SHA256:OPHoNTK/MkX03wUQoRGAnbOJ+WoCRACCTZZZXt5PmeY
New host key fingerprint (ECDSA)
Attached the .zip file which contains the .pub key.
Any action needed from the customer end?
The first login of any automated setup with SFTP can require a new key to be accepted from the new SFTP SSH Key pair. Therefore, following the SFTP host key change from our side customers will need to accept the new fingerprint one-time, during the first connection attempt.
Example screenshot -
This will vary depending on the system/application in use that is connecting to our SFTP.
If there is no strict key check configured on the customer side, there is no action needed and connection will happen without any manual intervention.
Note:
- The requirement of this key check is on the external system/application connecting to SuccessFactors SFTP, it is not controlled by SuccessFactors.
- Please find the new site hostkey attached .
Is there any change to customer SFTP user account and URL? Does this impact Username/password based login to SFTP?
There will be no change to SFTP URL, username and password. This change does not impact username/password based HTTP login.
Does this impact scheduled Jobs in Provisioning or Integration Center that are configured with SFTP parameters?
Scheduled Jobs will not be impacted
Is there any impact to SFTP user login via SSH based authentication?
There is no change or impact to SSH based authentication for customers. The only change is SFTP server host key will be updated to new one.
Is there any impact to CPI connection to SFTP?
Please make sure to update the known_hosts file of your Cloud Integration tenant before proposed scheduled date ,see above planned upgrade.
Please follow below steps (reference KBA 2448457):
- Download the new SSH host key. The key is available in the Attachments section-> DC22_SAASKey_2025.zip.
- Download the known_hosts file from the Cloud Integration web UI.
- Add the new SSH key to the known_hosts file. Format of the line should look as below:
-> sftp22.sapsf.com ssh-rsa AAAAB3NzaC1yc2EAAA..... - Save and upload.
Note: Do not remove the old key from known_hosts file when you add the new key. Remove the old key only after the switch by SuccessFactors is complete and you confirm that the connection continues to work as is.
For any queries on how to add the new host key to CPI:
Documentation of How to update known hosts file:
https://help.sap.com/docs/cloud-integration/sap-cloud-integration/update-known-hosts-file#updating-the-known-hosts-file
Sample of how the relevant hostkey lines should look like:
Since we are talking about dedicated SF SFTP services, not random ones hosted by customer, the relevant hostkey lines should be static.
Besides that, SFTP related issues now fall into the component: LOD-HCI-PI-CON-FTP.
Keywords
SFTP,SSH,RSA,ECDSA,server,fingerprint,DC22, sftp22.sapsf.com,key , KBA , LOD-SF-PLT-FTPS , SFTP Account Creation, Reset Password & Install SSH Service , How To
Product
Attachments
| DC22_SAASKey_2025.zip |
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)