Updated on November 14, 2023

SSH Support for the New Data Center

As part of your migration to our new Data Centers it is important to confirm that your systems are compatible with the new cryptography settings and can successfully connect to our new servers. You can validate your connection by performing a self-test using the instructions provided on the New Data Center Client Acceptance Testing page but using the URL below.

Your current security credentials have been installed in the new environment, but there may be some scenarios where you will need to provide new production keys or certificates.

Depending on your firewall configuration, changes may be required. The new IPs for connections you initiate are listed below. If you receive files automatically pushed to you, those IP ranges will not change.

Full end to end testing is not required as only the front-end servers are changing.

All file transmissions must utilize the new Data Center by June 20, 2024 or risk disruption in service.

Production URL:

URL IP Address 1 IP Address 2 Port
SFTP      

transmissions.jpmorgan.com

(Primary)

198.36.3.140 198.36.2.140 22

SFTP Protocol SSH Key

The current Secure Shell (SSH) Key for transport and authentication on the following J.P. Morgan Host-to-Host URLs:

  • Production: transmissions.jpmorgan.com

If you connect via SFTP to transmissions.jpmorgan.com on port 22, please download the J.P. Morgan public key and rename as needed. The fingerprint is: 3a:d0:17:c5:ee:37:39:70:b6:ad:24:48:56:cc:1a:4e and will expire on March 9, 2024.

If J.P. Morgan pushes files to you via SFTP, please download the J.P. Morgan public host key and rename as needed. The fingerprint is: fc:42:7b:c1:27:a4:37:6e:3f:62:7c:ee:4a:f8:92:2e and will expire on March 9, 2024.

Host-to-Host Supported Cryptography Settings

Only the following settings are supported for internet-based connections via applications that use Secure File Transfer Protocol (SFTP):

Supported SSH Ciphers

  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com

  • hmac-sha2-512
  • hmac-sha2-256
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512-etm@openssh.com

  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256
  • curve25519-sha256
  • curve25519-sha256@libssh.org

  • ecdsa-sha2-nistp256-cert-v01@openssh.com
  • ecdsa-sha2-nistp384-cert-v01@openssh.com
  • ecdsa-sha2-nistp521-cert-v01@openssh.com
  • ssh-ed25519-cert-v01@openssh.com
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-ed25519

If your application does not support the available ciphers or does not have the required encryption capabilities, it may be necessary to change its configuration, upgrade it to current version, switch to another protocol or replace it.

Application Compatibility

Client software applications that are known to connect successfully to Host-to-Host are shown below. Note that this list may change over time, and it is best practice to only use supported current versions of third-party applications. The use and functionality of third-party software is subject to change without notice, and, is therefore not recommended or endorsed. J.P. Morgan makes no representation, explicit or implied, as to the functionality, quality, or suitability of any third-party software referenced below.

  • Axway Secure Client 6.1, 6.2, 6.3
  • Curl 7.58.0
  • FileZilla Client 3.10.x
  • PSCP (PuTTY) 0.70
  • PSFTP (PuTTY SFTP) 0.70
  • VanDyke SecureFX 8.3
  • WinSCP 5.13
  • OpenSSH 7.6