Loading

Update your Enhanced SFTP Host Key Fingerprint

Publish Date: Oct 13, 2022
Description
As part of our ongoing commitment to customer trust and security, Marketing Cloud will be rotating the Enhanced SFTP host keys in Stack 1 and Stack 4 on June 22, 2022 at 7am EST.

This change will affect Marketing Cloud Stack 1 and Stack 4 customers who utilize the Enhanced SFTP and validate the host key when connecting to the SFTP service.
 
Resolution

How do I know if I am impacted by this change?

1) First, confirm your organization’s account is provisioned on Marketing Cloud Stack 1 or Stack 4. Click here to learn how to find the stack location for your Marketing Cloud account. Only customers on Stack 1 or Stack 4 may be impacted.

2) Second, if your account is on Stack 1 or Stack 4, confirm your organization utilizes the Enhanced SFTP. If any of the MIDs in your account have created and use an FTP User, you may be impacted. FTP Users can be found under Setup > Data Management > FTP Accounts.

3) Lastly, if your account is on Stack 1 or Stack 4 and utilizes Enhanced SFTP, confirm which, if any, FTP User integrations validate the host key.

If an integration is validating the host key, an update will be required to prevent any impact or downtime.

 

What update do I need to make?

If an update is required, review your 3rd-party FTP client to determine the change required to support a new host key.
  • If your FTP client supports multiple host key fingerprints, add the new host key fingerprint ahead of time to avoid disruption.
  • If your FTP client does not support multiple host key fingerprints, you may need to manually accept the new host key fingerprint after it has been updated.
NOTE: This is not an update to the authentication methods configured within Marketing Cloud Setup, but a change to the FTP clients connecting to Marketing Cloud. 
 

What is the new host key fingerprint?

Stack 1 - For impacted Stack 1 Enhanced SFTP integrations, the new host key fingerprint details are:
  • Host Key Algorithm: SSH-RSA
  • Host Key Bit Strength: 3072
    • SHA-256: bFCXgHdgCzL7mYTH8PZoSmYyiq0ryMDkYzk1Z2YfIeE=
    • MD5: 64:3d:25:0e:46:4e:71:ee:f6:de:91:9e:51:7c:1c:6e

Stack 4 - For impacted Stack 4 Enhanced SFTP integrations, the new host key fingerprint details are:
  • Host Key Algorithm: SSH-RSA
  • Host Key Bit Strength: 3072
    • SHA-256: JHRuyRx1d6tdQnzHRixFRp3PlNOTqp8RIkA3SbkcLcc=
    • MD5: e2:38:37:71:f0:23:6f:74:bc:86:f4:2f:ed:c4:40:d5
 

When will the current host key be removed?

The SFTP servers will be updated with the new host keys beginning at 7am EST on June 22nd, 2022. All servers are expected to be updated within one hour. Only one host key is supported per stack. The current host keys in both Stack 1 and Stack 4 will be removed with this update.
 

What error message returns in the Salesforce SFTP log?

Because SFTP host key validation is completed client-side, Salesforce is unable to monitor and report on host key validation errors. Please check the logs and/or configuration of your FTP client.
 

What if I am using SFTP Tenant-specific Endpoints?

The endpoint used to connect to the Enhanced SFTP service does not determine whether your FTP Client is validating the host key. Customers using either the stack or tenant-specific SFTP endpoints can be impacted.
 
Knowledge Article Number

000392392

 
Loading
Salesforce Help | Article