We have passed the deadline for changes to be made in support of the data center migration. If you lose your connection and/or services due to this migration, finish your transition now by implementing the required changes to your Production environment. You will continue to experience connectivity failures until your updates have not been made.

Please contact us with questions or concerns, bookmark this page and check back often for updates.

Updated on September 26, 2024

SSH Support for the New Data Center

As part of your migration to our new Data Centers it is important to confirm that your systems are compatible with the new cryptography settings and can successfully connect to our new servers. You can validate your connection by performing a self-test using the instructions provided on the New Data Center Client Acceptance Testing page but using the URL below.

Your current security credentials have been installed in the new environment, but there may be some scenarios where you will need to provide new production keys or certificates.

Depending on your firewall configuration, changes may be required. The new IPs for connections you initiate are listed below. It is recommended that you open the J.P. Morgan owned IP range of 198.36.0.0/22. If you receive files automatically pushed to you, those IP ranges will also be changing. Please allow the following IP range to continue receiving files pushed to you: 146.143.0.0/16.

Full end to end testing is not required as only the front-end servers are changing. The list of steps needed to ensure compatibility with the new Data Centers can be found here: Data Center Migration Checklist.

All Production file transmissions must utilize the new Data Center by August 31, 2024 or risk disruption in service.

Production URL:

It is recommended that you open the J.P. Morgan owned IP range of 198.36.0.0/22

URL IP Address 1 IP Address 2 Port
SFTP      

transmissions.jpmorgan.com

(Primary)

198.36.3.140 198.36.2.140 22

SFTP Protocol SSH Key

The current Secure Shell (SSH) Key for transport and authentication on the following J.P. Morgan Host-to-Host URLs:

  • Production: transmissions.jpmorgan.com

The current Secure Shell (SSH) Key for transport and authentication on the following J.P. Morgan Host-to-Host URLs: The SSH Key for the SFTP protocol was updated on March 2, 2024. The new keys are now available to download below.

The current Secure Shell (SSH) Key for transport and authentication on the following J.P. Morgan Host-to-Host URLs:

  • Production: transmissions.jpmorgan.com

If you connect via SFTP to transmissions.jpmorgan.com on port 22, please download the J.P. Morgan public key and rename as needed. The fingerprint is: 96:53:6e:18:7d:84:d2:57:7f:00:c8:a3:23:8b:63:b4 and will expire on February 16, 2025.

Host-to-Host Supported Cryptography Settings

Only the following settings are supported for internet-based connections via applications that use Secure File Transfer Protocol (SFTP):

Supported SSH Ciphers

  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com
  • AES128-CTR (Support ending 2Q2025)
  • AES192-CTR (Support ending 2Q2025)
  • AES256-CTR (Support ending 2Q2025)

  • hmac-sha2-512
  • hmac-sha2-256

  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256
  • curve25519-sha256
  • curve25519-sha256@libssh.org

  • ecdsa-sha2-nistp256-cert-v01@openssh.com
  • ecdsa-sha2-nistp384-cert-v01@openssh.com
  • ecdsa-sha2-nistp521-cert-v01@openssh.com
  • ssh-ed25519-cert-v01@openssh.com
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-ed25519
  • ssh-rsa

If your application does not support the available ciphers or does not have the required encryption capabilities, it may be necessary to change its configuration, upgrade it to current version, switch to another protocol or replace it.

Application Compatibility

Client software applications that are known to connect successfully to Host-to-Host are shown below. Note that this list may change over time, and it is best practice to only use supported current versions of third-party applications. The use and functionality of third-party software is subject to change without notice, and, is therefore not recommended or endorsed. J.P. Morgan makes no representation, explicit or implied, as to the functionality, quality, or suitability of any third-party software referenced below.

  • Axway Secure Client 6.1, 6.2, 6.3
  • Curl 7.58.0
  • FileZilla Client 3.10.x
  • PSCP (PuTTY) 0.70
  • PSFTP (PuTTY SFTP) 0.70
  • VanDyke SecureFX 8.3
  • WinSCP 5.13
  • OpenSSH 7.6