THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Enterprise v6.3 and later
EFT currently does not provide the ability to configure the SFTP cipher/mac algorithms for outbound connections in the administration interface. The Site-level SFTP configuration for the inbound protocols in the interface does not affect the outbound settings. The ability to configure algorithms for outbound connections is available via registry settings to enable/disable the various ciphers and macs.
The SFTP registry keys are automatically created by the ClientFTP.dll. The ClientFTP.dll writes to the registry when it finishes a transfer; therefore, you should edit the settings when there are no transfers occurring so that it loads your custom settings, and then it will save your custom settings back to the registry when it finishes the transfer. (Once ClientFTP.dll writes your custom settings to the registry, it will continue to use those settings.) You may have to run an initial outbound transfer after a clean install before the keys are created, or you can create them manually. (Again, do this when there is no outbound activity to avoid overwriting your changes.)
The registry settings reside under:
- 32-bit Windows: HKLM\SOFTWARE\GlobalSCAPE\TED 6\Settings\SecuritySFTP2\
- 64-bit Windows: HKLM\SOFTWARE\Wow6432Node\GlobalSCAPE\TED 6\Settings\SecuritySFTP2\
You can verify which ciphers are available by opening the registry and expanding the SecuritySFTP2 node. Setting the DWORD value to 1 enables the algorithm.
In 7.2.1 and later:
In v6.3 to 7.20:
The following snippet from the ClientFTP log file shows the output when only SFTP2_TWOFISH128 and SFTP2_MD5_96 are enabled:
STATUS:> Host key match found in certificate database -- accepted.
STATUS:> First key exchange completed
kex alg: diffie-hellman-group14-sha1
host key alg: ssh-rsa
c2s encr alg: twofish128-cbc
s2c encr alg: twofish128-cbc
c2s mac alg: hmac-md5-96
s2c mac alg: hmac-md5-96