Enabling SFTP (SSH) on the Server
Specify ciphers, macs, and KEX ciphers before enabling SFTP connections. After you have enabled SFTP for the server, SFTP connections can be enabled on the Site, Settings Template, and/or for each user. Each level can inherit the settings from the parent.
To configure SFTP on the Server
-
In the administration interface, connect to EFT and click the Server tab.
-
On the Server tab, click the server node that you want to configure.
-
In the right pane, click the Security tab.
-
Next to SFTP security settings, click Configure. The SSH Settings dialog box appears.
-
Select the check box of one or more ciphers, macs, and KEX ciphers to use; clear check boxes of ciphers, macs, and KEX ciphers that you don't want to use. At least one cipher must be specified.
-
Click Apply to save the changes to EFT.
EFT's SFTP library implementation is based on the 8.1 version of OpenSSH portable: https://github.com/PowerShell/openssh-portable, which is a fork of https://github.com/openssh/openssh-portable, which in turn is a fork of the canonical OpenSSH. EFT will be updated once the fork that EFT is using is updated to 8.2, 8.3, or newer version. Also note that the EFT implementation contains some modified OpenSSH files, modified via use of a Fedora patch, for purposes of FIPS certification when FIPS mode is enabled (where EFT leverages OpenSSL’s LibEay32.dll for SFTP’s cryptographic functions).