Watson Supply Chain Ideas

Use this form to submit an idea for a new product feature. The product team will review your input and provide status updates as decisions are made regarding the request.

Before you submit a new idea, please view requests that have already been submitted. If your idea has already been submitted, you can add comments or vote on the existing idea, thereby indicating your agreement with the idea. We may use this information to help prioritize development of new features.

 

Submit ideas for Watson Marketing and Watson Commerce products

Support for Additional SSH Key Formats Required

As our customer, one of the biggest banks in Turkey is using SB2Bi and they have a set of customers that have a limitation on their SSH configuration so that they have only support the following formats for the SSH Known Host Key:

ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-dss

We opened a PMR and they informed us that only the following three formats are supported:

rsa1
ssh-dsa
ssh-rsa

However, this is totaly unacceptable for our customer since they need to cover those trading partners as well in order consolidate all of their FTP/SFTP servers on B2Bi.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Dec 19 2017
  • Delivered
How will this idea be used?
What is your industry?
What is the idea priority? Medium
DeveloperWorks ID DW_ID43137
RTC ID RTC_ID406999
Link to original RFE http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=43137
  • Attach files
  • Admin
    Ryan Wood commented
    September 20, 2018 00:00

    Version 6.0 introduced updated SFTP Ciphers. Please review the following documentation

    https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.0/integrating/integrating/integrator/SFTP_Client_Begin_Session_svc.html

    You cannot configure the SSH Key Exchange algorithms to be used with SFTP in the Sterling B2B Integrator UI. To select strong SSH Key Exchange algorithms, specify the values to be used in SSHKeyExchangeAlgList in the security.properties file. For example, SSHKeyExchangeAlgList=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1. You can verify the algorithm used in the SFTP Client Begin Session service status report.

    Sterling B2B Integrator also supports the following key exchange algorithms:
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521
    You can set this in the security.properties file as shown below:
    copy to clipboard

    The EDCSA keys specified are used only for the duration of the exchange. The host keys used to identify the server can be any of the supported public key types and need not be the ECDSA keys for this key exchange to work.