Migration Impact on SFTP Configurations
Prior to Integration Server 9.12, Preferred Key Exchange Algorithms and Proxy Alias fields were specified in the SFTP user alias. These fields are now specified in the SFTP server alias. When you migrate to Integration Server 9.12 or later from an earlier version, Integration Server determines the values of the Preferred Key Exchange Algorithms and Proxy Alias fields as follows:
If an SFTP server alias was never used in an SFTP user alias,
Integration Server uses the default order for the
Preferred Key Exchange Algorithms and the default value of
None for the
Proxy Alias.
If an SFTP server alias was used in only one SFTP user alias,
Integration Server migrates the order of
Preferred Key Exchange Algorithms and the value of
Proxy Alias from the SFTP user alias to the SFTP server alias.
If an SFTP server alias was used in multiple SFTP user alias,
Integration Server migrates the order of
Preferred Key Exchange Algorithms and value of
Proxy Alias from the first SFTP user alias associated with the SFTP server alias.
Upgrade Impact on Existing Server Alias Data
For Version 1 SFTP client
Version 1 SFTP client fields are populated with the values of the watt.ssh.jsch.* properties in the following manner:
Preferred Key Exchange Algorithms: The algorithms included in the value of the
watt.ssh.jsch.kex server property are added to "Preferred Key Exchange Algorithms", and all other algorithms are added to "Excluded Key Exchange Algorithms". If the value of the watt property is empty, the default Key Exchange algorithms are added to "Preferred Key Exchange Algorithms".
Preferred MAC Algorithms S2C: The algorithms included in the value of the
watt.ssh.jsch.mac_s2c server property are added to "Preferred MAC Algorithms S2C" and all other algorithms are added to "Excluded MAC Algorithms S2C". If the value of the watt property is empty, then the default server-to-client MAC algorithms are added to "Preferred MAC Algorithms S2C".
Preferred MAC Algorithms C2S: The algorithms included in the value of the
watt.ssh.jsch.mac_c2s server property are added to "Preferred MAC Algorithms C2S" and all other algorithms are added to "Excluded MAC Algorithms C2S". If the value of the watt property is empty, then the default client-to-server MAC algorithms are added to "Preferred MAC Algorithms C2S".
Preferred Ciphers S2C: The ciphers included in the value of the
watt.ssh.jsch.ciphers server property are added to "Preferred Ciphers S2C" and all other ciphers are added to "Excluded Ciphers S2C".
Preferred Ciphers C2S: The ciphers included in the value of the
watt.ssh.jsch.ciphers server property are added to "Preferred Ciphers C2S" and all other ciphers are added to "Excluded Ciphers C2S ".
For Version 2 SFTP client
The latest Version 2 SFTP client supports OpenSSH format host keys, and the existing key may be in the unsupported SSH2 format. So, you may not be able to save the server alias successfully. In such cases, regenerate the host key in the OpenSSH format, and click
Get Host Key to get the regenerated key for the server alias.
The Preferred MAC Algorithms list excludes hmac-sha256, hmac-sha256@ssh.com, hmac-sha512, hmac-sha512@ssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com as they are not supported by the latest Version 2 SFTP client.
Note:
The upgrade impact for SFTP Version 2 SFTP client is applicable after installing IS_10.11_Core_Fix9, which upgrades maverick-client-1.7.23.jar to 1.7.34 for PIE-77771.
Note:
All
watt.ssh.jsch.* parameters, except
watt.ssh.jsch.logging, are deprecated. Do not use the deprecated parameters because the preferred key exchange algorithms, ciphers, and MAC algorithms are configured from the user interface.
Integration Server uses the
watt.ssh.jsch.logging server configuration property to enable logging for both versions of the SFTP client.