IBM Sterling Ideas

Submit new product ideas for IBM Sterling solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed.

IBM is transforming its request for enhancement (RFE) process. The purpose of the transformation is to provide a more consistent experience for you to submit requests and to enable IBM product owners to respond to your requests more quickly. For more information click here.

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

Connection to AWS-hosted SFTP server needs to bypass known Host Key checking

We are using Sterling to connect to a SFTP server hosted in AWS services, to push and pull files into our new Data Lake.

This is causing serious issues, as AWS servers are frequently rebuilt automatically, and when they are, a new SSH Host Key is created. This then causes all our transfers to fail, until we have (manually) downloaded the new host key, and updated all (100+) remote SSH profiles.

Is there a way to bypass the Known Host Key check - as this is pretty much redundant these days anyway??

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Nov 1 2018
  • Declined
How will this idea be used?

It will enable Sterling to use SFTP with load-balanced cloud service SFTP servers

What is your industry? Banking
What is the idea priority? High
  • Attach files
  • Admin
    Ryan Wood commented
    13 Nov 04:53pm

    While we cannot fully accept this enhancemennt request at this time, we have added a SSH Host Identity Key Grabber RestAPI in v6.1 which can be scheduled and automated.
    https://www.ibm.com/support/knowledgecenter/SS3JSW_6.1.0/developing/developing/filegateway/B2B_APIs_avail.html

  • Admin
    Ryan Wood commented
    28 Aug 04:48pm

    Hello, I'm happy to have further conversation on this idea. We have added many enhanements with 6.0 and the upcoming v6.1 due shortly. We have accepted many ideas to the 2021 roadmap as well that we can share when appropriate. Feel free to reach out to me directly at woodry@us.ibm.com

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    28 Aug 02:37pm

    An S3 client adapter is a fix for just S3. A C:D container is deploying a whole container for what should be a flag on the SFTP adapter.

    I submitted this almost 2 years ago because my team deals with SFTP connections to many different systems across many different companies. And due to our networking setup, the host key utility doesn't work properly. So it's an extra step to get the host key and import it. And we have work arounds for companies who don't cluster properly and have servers with a different host key per server.

    And that doesn't take into consideration companies who update hardware and don't use software that authenticates the host key like Sterling does - one day the connection suddenly fails due to a host key error.

    And this is on connections that are already authenticating with an SSH key, username, and password. Host key validation is just entirely unnecessary - even two years after I submitted this "idea".

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    28 Aug 01:56pm

    Could you not just use the S3 Client adapter to remove the need for the AWS SFTP Server?Alternatively deploy a C:D container in AWS to transfer the files to/from?

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    23 May, 2019 03:11pm

    Seconded.  Host key checking is a thorn in our side when it comes to AWS and customers with improperly clustered environments.