IBM Sterling Ideas

formerly Watson Supply Chain

Submit new product ideas for IBM Sterling solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed. Order Management, Store Engagement, Watson Order Optimizer, Inventory Visibility, CPQ and Call Center are now part of Watson Supply Chain

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

Support for Additional SSH Key Formats Required

As our customer, one of the biggest banks in Turkey is using SB2Bi and they have a set of customers that have a limitation on their SSH configuration so that they have only support the following formats for the SSH Known Host Key:

ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-dss

We opened a PMR and they informed us that only the following three formats are supported:

rsa1
ssh-dsa
ssh-rsa

However, this is totaly unacceptable for our customer since they need to cover those trading partners as well in order consolidate all of their FTP/SFTP servers on B2Bi.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Dec 19 2017
  • Delivered
How will this idea be used?
What is your industry?
What is the idea priority? Medium
DeveloperWorks ID DW_ID43137
RTC ID RTC_ID406999
Link to original RFE http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=43137
  • Attach files
  • Admin
    Ryan Wood commented
    September 20, 2018 00:00

    Version 6.0 introduced updated SFTP Ciphers. Please review the following documentation

    https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.0/integrating/integrating/integrator/SFTP_Client_Begin_Session_svc.html

    You cannot configure the SSH Key Exchange algorithms to be used with SFTP in the Sterling B2B Integrator UI. To select strong SSH Key Exchange algorithms, specify the values to be used in SSHKeyExchangeAlgList in the security.properties file. For example, SSHKeyExchangeAlgList=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1. You can verify the algorithm used in the SFTP Client Begin Session service status report.

    Sterling B2B Integrator also supports the following key exchange algorithms:
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521
    You can set this in the security.properties file as shown below:
    copy to clipboard

    The EDCSA keys specified are used only for the duration of the exchange. The host keys used to identify the server can be any of the supported public key types and need not be the ECDSA keys for this key exchange to work.