Enabling FIPS for SSH (SFTP) Connections
(Requires the Advanced Security in EFT Enterprise, and Express Security module and SFTP module in EFT Express)
After you enable or disable FIPS mode, you must restart the EFT server service.
To enable FIPS for SSH connections
-
In the administration interface, connect to EFT and click the Server tab.
-
On the Server tab, click the Server node on which you want to enable FIPS mode.
-
In the right pane, click the Security tab.
-
In the Federal Information Processing Standards (FIPS) area, select the Use FIPS certified cryptographic libraries for SSH connections check box.
-
Click Apply to save the changes on EFT.
-
On EFT's General tab, review the Statistics area to verify that the service started.
When the EFT Site is started, if FIPS is enabled, a message displays the protocols in use and which of the protocols in use are FIPS certified. When you enable FIPS, the ciphers, key, and hash lengths/types that are not FIPS-approved are not available. If a FIPS-approved state cannot be achieved when FIPS is enabled, all Sites will stop, and an error is written to the Windows Event Log.