Each district has a SameGoal SFTP account. This account is most often used to store ephemeral data files uploaded and processed nightly for integrations with your student information system. It can also be used to transfer large amounts of data securely during the district onboarding.
Each SameGoal SFTP account uses public key authentication to ensure secure access. Public key authentication is a more secure means of identifying yourself to a login server than using a password.
When using public key authentication, you generate a public/private key pair consisting of a public key (which everybody is allowed to know) and a private key (which you keep secret and do not give to anybody). Your public key is placed on the server you wish to connect to (in this case, on the SameGoal SFTP server in an authorized_keys file) and your private key is kept on your local workstation. When you use your private key to connect, it generates a signature. A signature created using your private key cannot be forged by anybody who does not have that key, but anyone who has your public key can verify that a particular signature is genuine.
Mac or Linux. Use the ssh-keygen utility to generate an OpenSSH-style public/private key pair on the command line.
Open a terminal.
Enter file in which to save the key (/home/<user>/.ssh/id_rsa): Press enter to accept default location
Enter passphrase (empty for no passphrase): Press enter to leave passphrase empty
Enter same passphrase again: Press enter to leave passphrase empty
Once your keys have been generated, they will be saved in your ~/.ssh directory:
Private key: /home/<user>/.ssh/id_rsa.pub
Public key: /home/<user>/.ssh/id_rsa
Windows. Use PuTTYgen to generate a PPK-style public/private key pair.
Launch the program. Set "Type of keys to generate" to "RSA" if not set by default. Click the "Generate" button.
Click the "Save public key" button. Recommended file name: id_rsa.pub
Click the "Save private key" button. When prompted "Are you sure you want to save this key without a passphrase to protect it?" choose "Yes." Recommended file name: id_rsa.ppk
Copy the key from the PuTTYgen window to your clipboard to paste into SameGoal when syncing your public key.
NOTE: If necessary, you may convert an OpenSSH-style private key to a PPK-style private key or vice versa easily.
Sync Public Key
Add your public key to your SFTP account authorized_keys file using the SameGoal web interface:
Login with an administrative account.
Visit "Settings > Technical Settings".
Copy/paste the contents of id_rsa.pub into the SFTP Account "authorized_keys files" box. (If you are having trouble opening the file, use "notepad" or "wordpad" one of which should be a default program on your Windows machine.) NOTE: If using Windows machine, copy and paste the public key from the PuTTYgen window. This will ensure that the line breaks are removed.
Scroll to the bottom of the page and click the "Save" button.
It can take up to 60 minutes to propagate new key information to the server after updating the authorized_keys file.
Verify you are able to connect to your SFTP account 60 minutes after updating your keys.
Use an SFTP tool to connect. Connection information:
Each SFTP account has the following directory structure:
/upload/ - Uploads to this directory are automatically detected and inspected by SameGoal processes.
If the uploaded data files (in a date-time epoch directory) are recognized to be in a format expected for a particular integration, SameGoal will automatically process the files.
If the uploaded information format is not recognized (eg. a one-time data dump from a previous system), the data will be ignored until a SameGoal staff member is notified and manually processes.
This directory is the only directory the district can write to.
If the district uses an SFTP-based (push-based) integration, a district process will write to this directory.
If the district uses a SIF-based (pull-based) integration, a SameGoal process will write to this directory.
/upload-processed/ - After an epoch directory in /upload/ is automatically processed, it is moved to /upload-processed/ with additional logging inserted to indicate whether processing succeeded or failed. Processed epochs are stored in this directory for a short while (typically 30 days), but may be deleted at any time without notice.