A few days ago Microsoft announced that you will be able to use an Azure Storage Account as SFTP (Secure File Transfer Protocol). This is a feature that a lot of people have been waiting for a long time. Please bear in mind that SFTP on a Storage Account is still in preview and lot might change in the regards to functionalities.
Azure SFTP is the right now the closest thing that you can get to FTP-as-a-Service, it’s something that I have been looking forward to myself for a long time (I can now finally shutdown my FTP server maybe). The need for (S)FTP has been in decline for a long time because there are a lot of great tools out there that can be used to share files and collaborate on said files. (Microsoft SharePoint, OneDrive etc.)
The need for SFTP is from my point of view still valid, when you need to share a large file with another company. One case for it is that you need to share a big database (.bak) with another person. Another case is you need to receive a lot of files from a vendor that you need in a program. Then SFTP might be more suited for your needs.
As I said, there are still many valid needs for SFTP.
Before we start creating things in Azure, there is some important things you need to know first.
It is NOT possible as of this writing to access a storage accounts SFTP using Azure AD credentials, you need to create a local account for each person that should be able to access the SFTP. The password will be provide to you by Microsoft.
Also the SFTP feature uses containers – A feature of Storage Accounts you might be familiar with.
Enabling SFTP feature
The first thing you need to do is enable the feature on Subscription, since it’s a preview feature.
Select your Subscriptions -> Select “Preview features” -> In the search box, type: SFTP -> Select “SFTP support for Azure Blob Storage” -> Press “Register” in the fly-out menu on your right side and wait a few seconds.
Creating the Storage Account to be used with SFTP
Next up we need to create a Storage Account in Azure. It’s in the creating process of setting up the Storage Account you will be able to enabled the SFTP feature.
Please note that this preview feature is only available in selected regions – Keep this in mind when you are creating your storage account – Region availability list: https://docs.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support#regional-availability
Now we are ready to create the Storage Account in Azure that will host the SFTP. Below is a screenshot series on how to create it.
I will not go into details on every step on how to create a Storage Account in Azure. I’ll assume you are familiar with creating a Storage Account and how to navigate the menu in a Storage Account – If you are not Microsoft has very detailed documentation on that subject here – https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create
The rest of the settings in setting up the Storage Account are ‘dealers’ choice’ (you decide) – When the Storage Account with SFTP enabled is created, we are then ready to create users, password, and directory’s to be used in SFTP.
To access the SFTP part of the Storage Account you need to select SFTP in the Settings menu on the left. This is where you have options to create the local account
Creating users and directory’s
In order to create a new local SFTP user, you need to select the Add local user button in the top of the SFTP screen
Start by clicking Add local user, and then name the local user what you like – OBS: only small letters and numbers are valid in the username.
Then select SSH password – The password will be auto generated for you, and you will not be able to set one yourself, but you do have the option to reset it to a new one.
Press Next when the username is type in, and you have selected SSH password.
The next step is to create a container for the user to use for upload and download of files
First of you need to create a container if don’t already have one created in the Storage Account.
Start by clicking on Create new and name it – OBS, only small letters and numbers are valid.
Next you need to select the permissions you want to give to the user. Note that multiple users can use the same container with different permissions.
The Home directory is not mandatory to fill out, but it’s very IMPORTENT that you do, because otherwise you will get a connection error when trying to connect saying: “home directory not found“.
In Home directory you can type in the name of your container follow by a dash (/) – This way the Home directory will be at the root of the container and you will be able to create folders later on when you access it.
If you do want to specify a Home directory, you then need to type in the container name follow by a dash (/) and then the name of the folder you want to be the default folder the user access on connecting using SFTP.
Note that the folder will NOT be created in this step. You need to go to the container and then create the folder by clicking “Add directory’ in the container.
When you are finished, press “Add” – You will then be presented with the password for the new local user. Make sure to save the password, as you will not be able to view it again.
You are now ready to connect to the SFTP service in the newly created Storage Account using the local users you just created.
Connecting to SFTP using PowerShell
In order for you to connect to SFTP in your Storage Account you need to run the following command, and then type the password you save earlier – Please note that you might get a warning about accepting the “Fingerprint“.
Connecting to SFTP using FTP client (WinSCP)
To connect to your newly created SFTP service in your Storage account using WinSCP you need connection string for the local user (can be found on the list of local users) – Then you ‘just’ need to copy/paste the connection string in to “Hostname” and the password in the password box. – Remember to set the protocol to SFTP
Then press “Login” and you should be able to see your files and folders in your SFTP service.