Manual to start using SCP upload

Manual to start using SCP upload

You can upload files in the Spend Cloud to have them automatically processed in the import planning. To make the uploading process of these files as automated and secure as possible, it is recommended 
to upload these files via SCP upload using puclib/private key authentication. The following steps explain how to establish the connection. 
Alert: To use the SCP connection a subscription is needed. If you do not have it yet, contact your accountmanager. 

1. Install WinSCP
  1. Download and install WinSCP from https://winscp.net/eng/downloads.php if you have WinSCP installed make sure you have updated to the latest version of WinSCP.
2. Generate a key pair
  1. After installing WinSCP you also have access to the program 'puttygen'. When you start this program you will see this screen:

  1. Click on 'Generate' to generate a new key pair. You will get a screen like the one below:

  1. Click on 'Save private key' and save the private key in a safe place. The private key is, as the name implies, 'private'. This will allow you to log in to the SCP server of the Spend Cloud. It is essential to store this key securely. Anyone who has this key can log in to the SCP server of the Spend Cloud and access the uploaded files. We will need this key later when we log in
  2. The piece of text in the top frame at "Public key for pasting into OpenSSH authorized_keys file" must be copied to the Spend Cloud
3. Add the Public Key in the Spend Cloud
  1. Select and copy the text from the previous step and open the Spend Cloud. Navigate to "Application Manager > General > SCP". The screen looks as follows:

  1. The public key must be pasted in the input field and then click on 'Add key' to save the key.  This can take a while
  2. The Spend Cloud is now ready to connect via SCP
4. Connect via SCP
  1. Launch WinSCP. You will see the screen below:

  1. Enter the following information:
    1. Hostname for production: sftp.spend.cloud
    2. Hostname for test: sftp.test.spend.cloud
    3. Username : The name of the environment in lowercase. 
  2. Click on advanced, and select 'Authentication' under 'SSH'. Here the private key file can be generated from step 2, bullet three 
  3. Click 'OK' and "Login". A connection will now be made with the Spend Cloud. When logging in for the first time, the key fingerprint of the server must be accepted
  4. When successfully logged in, you will see two folders, 'auto_export 'and auto_import'. The files you want to submit for automatic processing should be placed in the folder 'auto_import'
5. Automatic upload for WinSCP batch mode
  1. For automatic processing, WinSCP has a batch mode, with which uploading files can be automated. WinSCP can continually get commands through a script. Such a script could look like this: 

The paths and file names can be changed to the name you see fit.
  1. Calling this script on the console is as follows: WinSCP/console/script=environmentname.txt. This of course from the directory where environmentname.txt is located and where the WinSCP command is recognized
  2. This call can then be scheduled to run at set times. An automatic import can then be set up in the Spend Cloud. Please allow some time between these two assignments
  3. So that it is certain that the upload of the data is completed as soon as the import is running.
Is uploading files via SCP safe?

Uploading files via SCP (Secure Copy Protocol) is generally considered a secure method. SCP uses SSH (Secure Shell) to transmit data securely between computers. Here are some reasons why SCP is safe:

- Encryption: SCP utilizes the same encryption standards as SSH. This means that data is encrypted during transfer, preventing third parties from intercepting and reading the files.

- Authentication: SCP relies on SSH authentication, which requires either a username and password or an SSH key to access the server. This reduces the risk of unauthorized access. Above, you could read about how to generate and apply this SSH key.

- Integrity: Since SCP operates over SSH, it benefits from SSH's capabilities to ensure data integrity. This means that if the data is tampered with during transmission, it can be detected.

- Simplicity: SCP is straightforward and direct, which means there is less room for configuration errors that could undermine security.

While SCP is generally secure, there are a few considerations:
  1. Trusted SSH Keys: Ensure that your SSH keys are well-managed. Loss or theft of a private key can lead to unauthorized access.
  2. Server Security: SCP's security is dependent on the underlying SSH configuration and the security of the server to which you're uploading. If the server is vulnerable, SCP could also pose risks.
  3. Alternatives: For some use cases, alternatives like SFTP (Secure File Transfer Protocol) and rsync over SSH offer similar or better functionalities, potentially with more control over the transfer, such as resuming interrupted transfers.
In summary, SCP is a secure method for file transfer, provided it is properly configured and used in a secure environment.

    • Related Articles

    • Import planning

      With the Spend Cloud, it's possible to schedule automated imports. In the overview under the menu section 'Import Planning', you can find when scheduled imports will be executed, and you can add new import schedules or edit existing ones. The ...

    • Adding a ledger

      In the menu section 'Ledger', you'll find an overview of all general ledger accounts. Here, you can also add new accounts and modify data. Adding General Ledger Accounts At the top of the general ledger account overview, you'll find the 'Add' button. ...

    • Employee and role import

      This article describes how to set up an employee and role import in the Spend Cloud. The combination of both imports automates user management in the Spend Cloud. Employee Import In organizations with a large number of employees, hiring and departure ...

    • Visma.net - connecting via Service API based on the OAUTH 2.0-protocol

      Renewed authentication visma.net As of June 1st, Visma.net will no longer support the current method of linking with Spend Cloud. The current method, which requires fetching a new access token (a key for accessing Visma.net) annually, will be ...

    • General config settings

      In the menu section "Configuration Settings / General," you will find settings that apply to the entire Spend Cloud. These settings cover aspects such as login settings, password requirements, language settings, and organization details as configured ...