/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Post KSA migration from DC23 to DC82, new site host key will be applicable for the DC82 SaaS and iContent SFTP servers.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors HCM Suite
Cause
As part of KSA migration from DC23 to DC82, SAP SuccessFactors will issue a new site host key on the below new SFTP servers-
- sftp-sa20.hr.cloud.sap
- sftp-content-sa20.hr.cloud.sap
Resolution
New host key fingerprint of the SFTP servers-
- SFTP URL: sftp-sa20.hr.cloud.sap
- Fingerprint: SHA256:Go9ZAGJ4hTd8vxYqalMRiy8KfWzXC+bRky2JRcmRLuI
- Pubkey: attached (DC82_SaaS.zip)
- SFTP URL: sftp-content-sa20.hr.cloud.sap
- Fingerprint: SHA256:AqoJJHrMJdiT+ahVAS5R0wqMynXszri0jaBnQVVWBJk
- Pubkey: attached (DC82_iContent.zip)
Any action needed from the customer end?
The first login of any automated setup with SFTP can require a new key to be accepted from the new SFTP SSH Key pair. Therefore, post the SFTP migration from DC23 to DC82 customers will need to accept the new fingerprint one-time, during the first connection attempt.
Example screenshot -
This will vary depending on the system/application in use that is connecting to our SFTP.
If there is no strict key check configured on the customer side, there is no action needed and connection will happen without any manual intervention.
Note:
- The requirement of this key check is on the external system/application connecting to SuccessFactors SFTP, it is not controlled by SuccessFactors.
- Please find the new site hostkey attached DC10 Key-2023.zip
Does this impact scheduled Jobs in Provisioning or Integration Center that are configured with SFTP parameters?
Scheduled Jobs will not be impacted.
Is there any impact to SFTP user login via SSH based authentication?
There is no change or impact to SSH based authentication for customers. The only change is SFTP server host key will be updated to new one.
Is there any impact to CPI connection to SFTP?
Please make sure to update the known_hosts file of your Cloud Integration tenant, steps below (reference KBA 2448457):
- Download the new SSH host. The key is available in the Attachments section.
- Download the known_hosts file from the Cloud Integration web UI.
- Add the new SSH key to the known_hosts file. Format of the line should be as below:
-> <SFTP URL> <SSH key> - Save and upload.
Note: Do not remove the old key from known_hosts file when you add the new key. Remove the old key only after the switch by SuccessFactors is complete and you confirm that the connection continues to work as is. For any queries on how to add the new hostkey to CPI, please raise support ticket to LOD-HCI-PI-CON-SOAP component.
See Also
Keywords
SSH,KSA,Migration,DC82,Host,Key,DC23,SFTP,SSH , KBA , LOD-SF-PLT-FTPS , SFTP Account Creation, Reset Password & Install SSH Service , How To
Product
Attachments
| DC82_iContent.zip |
| DC82_SaaS.zip |
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)