Zero Bytes

Some of the IBM Sterling B2B Integrator(SI) customers wants to avoid SSH handshake using CBC Cipher as it is vulnerable. The link  http://www.kb.cert.org/vuls/id/958563  explains that CBC Ciphers are security vulnerable and the solution is to use CTR Cipher instead of CBC Cipher. However, in SI versions 5020602 and 5020603, maverick (the third party api used for SSH/SFTP) version used is 1.4.60 which mandates that CBC Cipher should be present in Client side. Hence, disabling the CBC support using the security property supportCBCCiphers=false will result in SFTP communication failure with key based authentication. To enforce the use of CTR Cipher in SI, we have introduced two new properties : SSHServerCipherList, SSHClientCipherList a) security.SSHServerCipherList is the property to restrict the list of server side ciphers. In the SFTP Server adapter, "Preferred Cipher" drop down will pick the values specified in this property list. b) security.SSHClientCipherList is...

Generate PGP Keys gpg --gen-key Enter Key details, Email, Expiration etc., Export Secret Key gpg --export-secret-key -a MY_PGP_KEY >> /tmp/MY_PGP_KEY.key Export Public Key gpg --export -a MY_PGP_KEY >> /tmp/MY_PGP_KEY.asc Import Secret Key gpg --import /tmp/MY_PGP_KEY.key Import Public Key gpg --import /tmp/MY_PGP_KEY.asc Update Key Trust Trust after importing the Key gpg --edit-key $trust $5 $save

Add the following lines of code to the file called config under .ssh folder, If you don't find a file with the name config create one, .ssh\config Host * HostkeyAlgorithms +ssh-dss PubkeyAcceptedKeyTypes +ssh-dss Note: When server respond with ssh-dss some ssh clients don't accept the connection. If you get ssh returns “Bad owner or permissions on ~/.ssh/config” then please change the permissions as follows, chmod 600 ~/.ssh/config

openssl req -newkey rsa:2048 -sha512 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem openssl x509 -text -noout -in certificate.pem openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12 openssl pkcs12 -in certificate.p12 -noout -info openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12 openssl pkcs12 -in certificate.p12 -noout -info openssl pkcs12 -in /tmp/certificate.p12 -nokeys -out sirish_test.cer

Active Worksflows in Sterling Integrator select DISTINCT NAME , WC2.WORKFLOW_ID, sysdate - START_T AS TIMEDIFF From WORKFLOW_CONTEXT WC, ( SELECT MAX(STEP_ID) STEP_ID , MIN(START_TIME) START_T, WORKFLOW_ID FROM WORKFLOW_CONTEXT GROUP BY WORKFLOW_ID ) WC2, WFD WHERE WC.WORKFLOW_ID = WC2.WORKFLOW_ID AND WC.STEP_ID = WC2.STEP_ID AND WC.NEXT_AI_ID != -1 AND WC.WFD_ID = WFD.WFD_ID AND WC.WFD_VERSION = WFD.WFD_VERSION AND BASIC_STATUS = 0 Sterling Integrator User & User Associated Groups List  select YFS_USER.LOGINID, YFS_USER_GROUP.USERGROUP_NAME from YFS_USER, YFS_USER_GROUP, YFS_USER_GROUP_LIST where YFS_USER.USER_KEY=YFS_USER_GROUP_LIST.USER_KEY and YFS_USER_GROUP.USERGROUP_KEY=YFS_USER_GROUP_LIST.USERGROUP_KEY

http://www-01.ibm.com/support/docview.wss?uid=swg21628336 Sometimes SSHKeyGrabber don't work when we trying to extract Known Host Key from Sterling Integrator UI. The work around for this is disable StrictHostKeyChecking and download the Key from Linux/Windows and Check in the key to Sterling Integrator. $ssh -o StrictHostKeyChecking=no user@sftp.host.com -p 22 Above command will save host key to known_hosts file located .~/.ssh/known_hosts Note: Remove excess content from host key and just keep the key from ssh-rsa followed the key. 

asset.jar b2b_aee.jar b2b_base.jar b2b_oba.jar ebics.jar entities.jar gis.jar install_foundation.jar mailbox.jar maverick-all.jar perimeter.jar platform_activemq.jar platform_activity.jar platform_afc.jar platform_afc_security.jar platform_aop.jar platform_asi.jar platform_baseutils.jar platform_dv.jar platform_ifcbase.jar platform_ifcui.jar platform_osgi.jar platform_security.jar platform_services.jar resources.jar soap.jar standards.jar translator.jar