If you are an Integration Suite user, you have probably received a notification SAP is going to upgrade JSCH library, used to connect to SFTP servers, from version 0.1.55 to 0.2.8. This is documented in note 3300095.

One consequence of this upgrade is the risk the public keys stored in the known_host file in Integration Suite are no longer matched, therefore secure communication towards the SFTP servers might suddenly fail. SAP indicated there is no way to test the functionality before the new library is made available as part of the maintenance, although we could give it a try with a simple Java application.

As prerequisite activities, download the known_host file from your Cloud Integration tenant and the JSCH JAR version 0.2.8 archive, and store them in the same folder you are going to save and execute the program below.

Then, you can use the following snippet, after making sure to adjust the connection parameters to the ones you are using for your SFTP servers:

import com.jcraft.jsch.*;


public class CPISFTPTest {

    private static final String USERNAME = "myusername";
    private static final String PASSWORD = "mypassword";
    private static final String HOST = "127.0.0.1";
    private static final int PORT = 22;

    public static void main(String[] args) {

        JSch jsch = new JSch();
        Session jschSession = null;
        System.out.printf("Compiled with jsch version %s%n", jsch.VERSION);

        try {
            jsch.setKnownHosts("known_hosts");
            jschSession = jsch.getSession(USERNAME, HOST, PORT);
            jschSession.setPassword(PASSWORD);
            jschSession.connect();
            HostKey hostKey = jschSession.getHostKey();
            System.out.printf("Connected to %s, using key %s having fingerprint %s%n",
                              HOST, hostKey.getKey(), hostKey.getFingerPrint(jsch));
        } catch (Exception exception) {
            exception.printStackTrace();
        } finally {
            jschSession.disconnect();
        }

    }

}

You can then compile the application, make sure to adjust the classpath to the correct location of the jsch-0.2.8.jar archive you have downloaded previously:

javac -cp "jsch-0.2.8.jar" CPISFTPTest.java

Finally, you can execute the program, make sure to adjust the classpath as explained above:

java -cp ".:jsch-0.2.8.jar" CPISFTPTest

If everything works fine, you should be able to get an output like the following:

If, on the other hand, communication can’t be established properly, an exception will be thrown and you’ll have to make sure to align the keys stored in the known_host file:

I hope this helps to make sure our Integration Suite IFlows are safe after the library upgrade! Happy CPI’ing!