Menu

Search

GlobalSCAPE Knowledge Base


Configuring SFTP cipher/mac algorithms for EFT outbound connections in the registry


GlobalSCAPE 5
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Enterprise v6.3 and later

DISCUSSION

EFT currently does not provide the ability to configure the SFTP cipher/mac algorithms for outbound connections in the administration interface. The Site-level SFTP configuration for the inbound protocols in the interface does not affect the outbound settings. The ability to configure algorithms for outbound connections is available via registry settings to enable/disable the various ciphers and macs.

The SFTP registry keys are automatically created by the ClientFTP.dll. The ClientFTP.dll writes to the registry when it finishes a transfer; therefore, you should edit the settings when there are no transfers occurring so that it loads your custom settings, and then it will save your custom settings back to the registry when it finishes the transfer. (Once ClientFTP.dll writes your custom settings to the registry, it will continue to use those settings.) You may have to run an initial outbound transfer after a clean install before the keys are created, or you can create them manually. (Again, do this when there is no outbound activity to avoid overwriting your changes.)

The registry settings reside under:

  • 32-bit Windows: HKLM\SOFTWARE\GlobalSCAPE\TED 6\Settings\SecuritySFTP2\
  • 64-bit Windows: HKLM\SOFTWARE\Wow6432Node\GlobalSCAPE\TED 6\Settings\SecuritySFTP2\

You can verify which ciphers are available by opening the registry and expanding the SecuritySFTP2 node. Setting the DWORD value to 1 enables the algorithm.

In 7.2.1 and later:

In v6.3 to 7.20:

The following snippet from the ClientFTP log file shows the output when only SFTP2_TWOFISH128 and SFTP2_MD5_96 are enabled:

STATUS:> Host key match found in certificate database -- accepted.

STATUS:> First key exchange completed

Negotiated algorithms:

kex alg: diffie-hellman-group14-sha1

host key alg: ssh-rsa

c2s encr alg: twofish128-cbc

s2c encr alg: twofish128-cbc

c2s mac alg: hmac-md5-96

s2c mac alg: hmac-md5-96


Also In This Category


On a scale of 1-5, please rate the helpfulness of this article


Not Helpful
Very Helpful
Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: 2 Months Ago
Last Modified By: kmarsh
Type: HOWTO
Rated 1 star based on 7 votes.
Article has been viewed 29K times.
Options
Find Similar