Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The SFTP agent uses a file with known host keys to validate the server identity during connection setup. The location and naming of this file is managed through the Execution Context property:

mz.ssh.known_hosts_file

It is set in the <pico name>.xml file of the relevant EC to manage where the file is saved. The default value is ${mz.home}/etc/ssh/known_hosts.

The SSH implementation uses JCE (Java Cryptography Extension), which means that there may be limitations on key sizes for your Java distribution. This is usually not a problem. However, there may be some cases where the unlimited strength cryptography policy is needed. For instance, if the host RSA keys are larger than 2048 bits (depending on the SSH server configuration). This may require that you update the Java Platform that runs the EC.

For unlimited strength cryptography on the Oracle JRE, download the JCE Unlimited Strength Jurisdiction Policy Files from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html. Replace the jar files in $JAVA_HOME/jre/lib/security with the files in this package.

The OpenJDK JRE does not require special handling of the JCE policy files for unlimited strength cryptography.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.