Tool Search: Data Extract Utility SFTP Key Exchange Manager
The Data Extract Utility SFTP Key Exchange Manager allows SFTP configurations within the Data Extract Utility to utilize a keypair between Infinite Campus and a third-party server(s) to bolster security for the data transferring process. Users can use this tool to generate an Infinite Campus public key to be shared with a third-party system.
In order to use established SFTP keys, an extract within the Data Extract Utility must be configured to use a Delivery Mode of SFTP.
Users should have full tool rights (RWAD) to the Data Extract Utility SFTP Key Exchange Manager in order to properly access and use its functionality. Tool rights for this tool should only be granted to system administrators.
Create and Connect an Infinite Campus-Generated SFTP Key
- Click the New button. The SFTP Key Exchange Configuration editor will appear.
- Enter a Name for the key. Choose a name that can be easily identified and differentiated from other keys.
The Select Files... button (SFTP Server Public Key Upload (.pub file) field) is optional and should be ignored unless your vendor has supplied you with a .pub file from their server. If you have not been supplied a .pub file from the individual who administers the SFTP server/your vendor, do not hit Select Files. Proceed to the next step.
If you do have a .pub file from your vendor/SFTP server and wish to use it, we will cover this later in the article.
NOTE: Infinite Campus must have a private key stored on its server in order to successfully complete the SFTP Key Exchange. This means you must generate a key within the Data Extract Utility SFTP Key Exchange and enter the generated .pub file into your SFTP server/vendor. Skipping this step and only importing your server's .pub file into Infinite Campus will not complete the authentication and will not successfully connect your extract from Infinite Campus to your server/vendor.
- Click Save. When the key successfully generates, a green notification box displays (see image above).
- A Key Management Options section is now available. Click the Download Client SFTP Public Key button. This generates a private key within your Infinite Campus server as well as a public key (.pub file). Download and save this .pub file.
- Once the key (.pub file) is downloaded, you will need to supply this file to whoever administers the SFTP server/your vendor and have them add it to their server, typically in the authorized_keys area of the server.
Some vendors require you to provide them the key itself which can be obtained by opening the .pub file within a text editor (or compatible program) and copying the entire key (see below for example). - Paste this key within your external SFTP system/server where you store your other authentication keys and save.
- Once this Infinite Campus-generated key has been successfully added and saved in your system's/server's key store, a new extract can be configured using the SFPT protocol with an SSH key within the Data Extract Utility or you can modify an existing extract to begin using the SFPT protocol with an SSH key.
- Navigate to the Data Extract Utility Setup Screen.
- To utilize this new key for an existing or new Data Extract Utility configuration:
- Select the SFTP Delivery Mode
- Mark the SFTP Key Exchange checkbox
- Select the key you just set up in the SFTP Key Exchange Configuration dropdown list (see the image below for an example).
- Once these are selected, select the Test Connection button to test and make sure the connection between Infinite Campus and your system is authenticating correctly. If tested and working correctly, click the Save icon.
NOTE: Do NOT use SFTP Legacy (Being Deprecated). If you have previously set up the Data Extract Utility to use this Delivery Mode, you must update the configuration to use SFTP to avoid issues once the old SFTP mode is removed.
Import a Third-Party SFTP Key
To bolster security and create an even more secure connection between Infinite Campus and your SFTP server/vendor, you can import your server's .pub file and upload it within the Data Extract Utility SFTP Key Exchange tool. This is an optional layer of security and is not required in order to utilize SFTP Key Exchange functionality.
NOTE: Infinite Campus must have a private key stored on its server in order to successfully complete the SFTP Key Exchange. This means you must generate a key within the Data Extract Utility SFTP Key Exchange and enter the generated .pub file into your SFTP server/vendor. Skipping this step and only importing your server's .pub file into Infinite Campus will not complete the authentication and will not successfully connect your extract from Infinite Campus to your server/vendor.
To upload your server's/vendor's .pub file (public key):
- Click the New button OR if you're reinforcing security for an existing key exchange configuration, select an existing configuration and skip to step 3.
- Enter a Name for the key. Choose a name that can be easily identified and differentiated from other keys.
- Click the Select Files button and select the key file (.pub file) from your local hard drive or network. NOTE: The key MUST be a .pub file.
- Once the key has been selected, it is uploaded into Infinite Campus and displays below the Select files button.
- Click the Save button. The key is now successfully imported and saved into Infinite Campus and extra layer of authentication security is now enabled.
Manage SFTP Keys
The Key Management Options section allows you to do the following:
Refresh the Client SFTP Keypair | This generates a new keypair (private and public key). This is useful in the event of a potential security breach or any scenario in which a brand new keypair between Infinite Campus and your SFTP server/vendor would be needed. NOTE: Refreshing the Client SFT Keypair means you will need to go through the process of placing the new .pub file on your SFTP server/vendor. |
Download Client SFTP Public Key | This is useful if you need access to an Infinite Campus SSH key. |
Delete Server SFTP Public Key | This is useful for deleting an expired, incorrect, or compromised key. Often this option will work in conjunction with the Refresh Client SFTP Keypair option where a user would first delete an old key, upload a new key and then refresh and repair the connection between Infinite Campus and your system. |