Using the SFTP Crypto Configuration

The SFTP Crypto Configuration function can be modified to connect to a less secure SFTP server, but Infor's approval must be obtained before use. On the IPA side, the SFTP configuration is used for EDI carriers, file channels, and FTP nodes. On the Landmark side, you can use the SFTP for exporting CSV files.

When creating a configuration for a host, the settings will apply across all components where it is used, such as FTP nodes, file channels, EDI carriers, and Landmark.
Note: The default delivered cipher suites are selected based on industry best practices. Changing the cipher suites in use may reduce security and should be done at your own risk. Infor cannot be held responsible for the security of SFTP transfer payloads when less secure cipher suites are chosen. Please consult your vendor for compatibility.
  1. Select Process Server Administrator > Configuration > SFTP Crypto Configuration.
  2. Click Create then specify these information:
    Host Name
    Specify the host name. For example, sftp.inforcloudsuite.com.
    Expires On
    The expiration date of the SFTP crypto configuration is automatically populated based on the SFTP expiry date in the Parameter Value field, specified in yyyymmdd format on a configuration set. Approval at the tenant level, not yet supported at the data area level, is required before you can create this configuration.
    Approved By Infor
    This checkbox is selected if the configuration is approved by Infor, with an expiration date set for the tenant.
    Send to Users (Comma Separated)
    The Send to Users and From Email fields are used to send approval expiration reminders. By default, these fields are populated with the user who is logged in or creating the configuration. You can also add additional users if the reminder needs to be sent to more recipients.
    From Email
    This is the sender of the reminder email, which can be changed. It is not a regular email notification but a Landmark user notification.
    Crypto Algorithms
    Here are the crypto algorithms, which you can modify from the default list supported by Apache. These algorithms are categorized into four types: Key Exchange, Message Authorization Code (MAC), Cipher (Encryption), and Host Key Signature. They are used when connecting to an SFTP server, where the server and client must agree on a single algorithm for each category.
    In the Crypto Algorithm section, there are two parts: Available Crypto Algorithms on the left and Crypto Algorithms to Modify on the right, for all four categories. The Available Crypto Algorithms section lists all deprecated algorithms that are not supported by default, while the Crypto Algorithms section displays all algorithms supported by default. Users can perform the these actions:
    • Add an algorithm from the Available section to the right side. Any other action will result in an error when saving.
    • Delete existing algorithm from the right side. Deleted algorithms will be moved back to the Available section on the left.
    • Modify the order of the algorithms on the right side.
    Key Exchange (Kex)
    Specify or add a Kex to the list.
    Message Authorization Code (MAC)
    Specify or add a MAC to the list.
    Cipher (Encryption)
    Specify or add a Cipher to the list.
    Host Key Signature
    Specify or add a Host Key Signature to the list.
  3. Click Save.