Outbound SFTP connections to Tumbleweed SecureTransport (TST) server fail and SSH HMAC check fails


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server, all versions
  • EFT v4.x to v7.4.x stores advanced properties in the registry.
  • EFT v8.x stores Advanced Properties in a JSON file.
    • When you upgrade to EFT v8, the non-default settings that you have defined in the registry will be added to the Advanced Properties file during upgrade. (Default settings are part of the EFT configuration files.)
      Please refer to the help for your version of EFT for a spreadsheet of advanced properties.

SYMPTOM

Outbound SFTP connections to Tumbleweed SecureTransport (TST) server fail and SSH HMAC check fails

RESOLUTION

This is a known issue in SecureTransport v4.9.1 SP1, with the MACs hmac-MD5-96 and hmac-sha1-96. The resolution is to disable hmac-MD5-96 and hmac-sha1-96 in the registry for EFT Server outbound SFTP connections.

To disable the MACs in the registry

Edit the following registry settings:

HKLM\SOFTWARE\GlobalSCAPE\TED 6\Settings\SecuritySFTP2\

Set the following DWORD values to ‘0’ (Zero):

SFTP2_MD5_96

SFTP2_SHA1_96

MORE INFORMATION

Other Tumbleweed SecureTransport-related articles:

SecureTransport and EFT Server SSL: https://kb.globalscape.com/KnowledgebaseArticle10181.aspx