Each district has a SameGoal SFTP account. This account is most often used to store ephemeral data files uploaded and processed nightly for integrations with your student information system. It can also be used to transfer large amounts of data securely during the district onboarding.
Each SameGoal SFTP account uses public key authentication to ensure secure access. Public key authentication is a more secure means of identifying yourself to a login server than using a password.
When using public key authentication, you generate a public/private key pair consisting of a public key (which everybody is allowed to know) and a private key (which you keep secret and do not give to anybody). Your public key is placed on the server you wish to connect to (in this case, on the SameGoal SFTP server in an authorized_keys file) and your private key is kept on your local workstation. When you use your private key to connect, it generates a signature. A signature created using your private key cannot be forged by anybody who does not have that key, but anyone who has your public key can verify that a particular signature is genuine.
Mac or Linux. Use the ssh-keygen utility to generate an OpenSSH-style public/private key pair on the command line.
- Open a terminal.
- <user>@dev1:~$ ssh-keygen
- Enter file in which to save the key (/home/<user>/.ssh/id_rsa): Press enter to accept default location
- Enter passphrase (empty for no passphrase): Press enter to leave passphrase empty
- Enter same passphrase again: Press enter to leave passphrase empty
- Once your keys have been generated, they will be saved in your ~/.ssh directory:
- Private key: /home/<user>/.ssh/id_rsa.pub
- Public key: /home/<user>/.ssh/id_rsa
Windows. Use PuTTYgen to generate a PPK-style public/private key pair.
- Download PuTTYgen from the PuTTY download page
- Launch the program. Set "Type of keys to generate" to "SSH-2 RSA" if not set by default. Click the "Generate" button.
- Click the "Save public key" button. Recommended file name: id_rsa.pub
- Click the "Save private key" button. When prompted "Are you sure you want to save this key without a passphrase to protect it?" choose Yes. Recommended file name: id_rsa.ppk
NOTE: If necessary, you may convert an OpenSSH-style private key to a PPK-style private key or vice versa easily.
Sync Public Key
Add your public key to your SFTP account authorized_keys file using the SameGoal web interface:
- Login with an administrative account.
- Visit "Settings > Technical Settings".
- Copy/paste the contents of id_rsa.pub into the SFTP Account "authorized_keys files" box.
- Scroll to the bottom of the page and click the "Save" button.
- It can take up to 60 minutes to propagate new key information to the server after updating the authorized_keys file.
- Verify you are able to connect to your SFTP account 60 minutes after updating your keys.
Use an SFTP tool to connect. Connection information:
- Host: upload.iepanywhere.com
- Username: your district domain
- Authentication: Public key only
- Upload directory: /upload/
- If you recently added or changed key information, wait 60 minutes before trying to connect.
- Do not use SSH or SCP to test the connection. You do not have shell access and these programs will appear to "hang" when you appear to connect.
- If you are having trouble connecting, make sure you are using keys compatible with the SFTP tool you are using. For example:
- WinSCP uses a PPK-style private key. Use your id_rsa.ppk file to connect.
- SG Agent, Cyberduck, OpenSSH and SG-SFTP require OpenSSH-style public/private keys. Use your id_rsa.pub and id_rsa files to connect.
Each SFTP account has the following directory structure:
- /upload/ - Uploads to this directory are automatically detected and inspected by SameGoal processes.
- If the uploaded data files (in a date-time epoch directory) are recognized to be in a format expected for a particular integration, SameGoal will automatically process the files.
- If the uploaded information format is not recognized (eg. a one-time data dump from a previous system), the data will be ignored until a SameGoal staff member is notified and manually processes.
- This directory is the only directory the district can write to.
- If the district uses an SFTP-based (push-based) integration, a district process will write to this directory.
- If the district uses a SIF-based (pull-based) integration, a SameGoal process will write to this directory.
- /upload-processed/ - After an epoch directory in /upload/ is automatically processed, it is moved to /upload-processed/ with additional logging inserted to indicate whether processing succeeded or failed. Processed epochs are stored in this directory for a short while (typically 30 days), but may be deleted at any time without notice.