Skip to content

SFTP⚓︎

Overview⚓︎

This document provides guidance on configuring Secure File Transfer Protocol (SFTP) connections to securely transfer Call Detail Billing Records (CDR) reports. These reports, available in GZIP format, can be accessed through REST API calls by default or delivered via SFTP for enhanced automation and security.

Key highlights include:

  • SFTP Configuration: Detailed instructions on setting up an SFTP connection, including required parameters such as hostname, port, username, private key, and optional remote directory paths.

  • SSH Key Pair Generation: Steps to create the public and private keys used for secure encryption and decryption in OpenSSH format. The guide also emphasizes the importance of passphrases for encrypting private keys.

  • Supported Algorithms: Information on recommended cryptographic algorithms, such as RSA and ECDSA, with examples of their usage and customizable key sizes.

This process ensures encrypted file transfer and facilitates the secure delivery of CDR reports for billing and informational purposes.

 

Configure an SFTP Connection⚓︎

Call Detail Billing Records (CDR) reports are provided in compressed GZIP format. These reports can be accessed via REST API calls (default) or delivered through a configured SFTP connection. Each file includes a timestamp in its name, representing the GMT time of generation in the format yyyyMMdd_HHmmss.

Example

ExpetoDailyDetailedTraffic20210214_114423_Prod.gz This file was generated on February 14th, 2021, at 11:44:23.

Secure File Transfer Protocol (SFTP) enables encrypted, secure server-to-server file transfers. Configuring an SFTP connection involves setting up specific parameters to establish the connection and facilitate the secure delivery of reports.

Steps to Configure an SFTP Connection⚓︎

Provide the following information to set up an SFTP connection:

Parameter Description
Name A unique identifier for the SFTP connection configuration.
Hostname The hostname or IP address of the target machine.
Port The port number for the SFTP connection. Default: 22.
Username The username associated with the target SFTP server.
Private Key The private key required to establish the connection. Paste the key contents into the provided field.
Remote Directory (Optional) The folder path on the remote server where files will be delivered.

By completing this configuration, you enable secure and automated file delivery through SFTP.

 

Generate an SSH Key Pair⚓︎

SFTP connections rely on an SSH key pair, which consists of a public and private key. The public key encrypts data, while the private key decrypts it. The keys are generated in OpenSSH format using the ssh-keygen command.

After generating the keys, the private key must be copied and added to the SFTP connection configuration.

Steps to Generate an SSH Key Pair⚓︎

  1. Run the ssh-keygen Command Use the command line to generate the key pair, specifying the desired algorithm and key size. Example command: ssh-keygen -t rsa -b 4096 -m PEM For details on supported algorithms and key sizes, see the Algorithms section.

  2. Specify the Save Location Enter the file name or accept the default location to store the generated keys.

  3. Set a Passphrase (Optional) Enter a passphrase to encrypt the private key. Without a passphrase, the private key will be stored as plain text. Verify the passphrase by re-entering it.

  4. Locate the Generated Files Two files will be created:

    • key_filename — Contains the private key.
    • key_filename.pub — Contains the public key.

Example

id_rsa id_rsa.pub

  1. Copy the Private Key Open the private key file (e.g., id_rsa) in a text editor and copy its contents.

  2. Paste the Private Key into Expeto xControl In Expeto xControl, click Add SFTP Connection and paste the private key contents into the Private Key field.

Once configured, the private key ensures secure authentication for your SFTP connection.

 

Algorithms⚓︎

When generating SSH key pairs, the choice of algorithm and key size determines the level of encryption and compatibility. Below are the supported algorithms for SFTP key generation.

RSA Algorithm⚓︎

The RSA algorithm is widely used and supports variable key sizes for enhanced security. The recommended key size is 4096 bits.

Commands:

  • Generate a 4096-bit key: ssh-keygen -t rsa -b 4096 -m PEM
  • Generate keys with alternate sizes: ssh-keygen -t rsa -m PEM ssh-keygen -t rsa -b 2048 -m PEM ssh-keygen -t rsa -b 8192 -m PEM

Default Size: If the -b flag is not specified, the default key size is 3072 bits.

ECDSA Algorithm⚓︎

ECDSA (Elliptic Curve Digital Signature Algorithm) offers enhanced security with smaller key sizes compared to RSA.

Commands:

  • Generate a key with the default size (256 bits): ssh-keygen -t ecdsa -m PEM
  • Generate keys with specific sizes: ssh-keygen -t ecdsa -b 384 -m PEM ssh-keygen -t ecdsa -b 521 -m PEM

Warning

DSA Algorithm: DSA key types are not supported and should not be used.