How to Configure SFTP in Microsoft Azure

In today’s fast-paced digital world, securely transferring files between systems is crucial for many businesses. Whether you’re sharing sensitive documents, migrating data between servers, or collaborating on projects, SFTP (Secure File Transfer Protocol) ensures that your data is transmitted securely over encrypted channels. But while SFTP offers robust security, setting it up can sometimes be complex.

That’s where Microsoft Azure steps in. Azure provides a streamlined, scalable, and secure way to configure and manage SFTP services without the need for managing dedicated servers. By leveraging Azure Blob Storage, you can easily enable SFTP with minimal overhead, giving your business a flexible and cost-effective solution for secure file transfers.

In this post, I’ll walk you through how to set up an SFTP service in Azure, explore its benefits, and explain how Azure simplifies everything from setup to scalability. Whether you’re a seasoned IT pro or just starting out with Azure, this step-by-step guide will help you configure SFTP with ease.

Step 1: Create an Azure Storage Account

1. Login to Azure Portal:
   • Navigate to portal.azure.com and sign in.
2. Search for Storage Accounts:
   • Use the search bar to find “Storage Accounts” and select it.
3. Create a New Storage Account:
   • Click + Create.
   • Provide the necessary details:
     • Subscription: Select your active subscription.
     • Resource Group: Choose an existing group or create a new one.
     • Storage Account Name: Use a unique name for your storage (e.g., sftpdata2024).
     • Region: Choose a region close to your users for optimal performance.
     • Performance: Choose between Standard (more cost-effective) or Premium (for high-performance needs).
     • Replication: Select LRS for local redundancy or GRS for geo-redundancy.

1. Enable SFTP Access:
   • In the Advanced tab, ensure that Secure Transfer Required is enabled.
   • Toggle Enable SFTP to Yes.

1. Review and Create:
   • Click Review + Create to finalize the setup and wait for the deployment to finish.

Step 2: Set Up Networking for the Storage Account

1. Go to Networking Settings:
   • After deployment, head to the Networking section under Settings.
2. Configure Network Access:
   • For secure access, consider setting up a Private Endpoint or allow public access from specific IP ranges. In this scenario, I have limited access to only certain Virtual Networks in my Lab environment.

• • If necessary, add Firewall Rules to restrict access to trusted networks or IP addresses only. This is an important feature if you require the SFTP access to be available over public internet.

Step 3: Create a Blob Container for File Storage

1. Navigate to Blob Containers:
   • In your Storage Account, go to the left-hand menu and select Containers under the Data Storage section.

1. Create a New Container:
   • Click + Container at the top of the Containers page.

• • Provide a name for the container (e.g., sftp-data).
  • Under Public Access Level, choose Private (no anonymous access) to ensure that only authenticated users can access files.

1. Create the Container:
   • Click Create to set up the container. This container will now serve as the storage location for the files uploaded or accessed via SFTP.

1. Set Permissions:
   • Once the container is created, you can set granular permissions on this container by assigning access roles to users (e.g., Storage Blob Data Reader or Contributor).

Step 4: Create Local SFTP Users

1. Access the SFTP Management Section:
   • Under Settings, click on SFTP.

1. Add Local Users:
   • Click + Add local user.

• • Set the username (e.g., sftp_user1), and choose an authentication type:
    • Password: Create a secure password.
    • Or SSH Key: Upload the user’s public SSH key.

For this example, I will go ahead and create the user with and SSH Password.

1. Define User Permissions:
   • Define the Container permissions > select “Create New”

• • Assign the appropriate roles: Blob Data Reader or Blob Data Contributor.
  • Optionally, limit the user’s access to specific containers.

1. Save the User:
   • Once configured, click Create to generate the user. You will be presented with the password for the users.

Step 5: Set the Home Directory for the SFTP User

1. Navigate to the SFTP Configuration:
   • In your Storage Account, go to Settings > SFTP.
   • Find the local user you created and click on the user to edit their settings.

1. Specify the Home Directory:
   • Under Permissions Home Directory, specify the path where the user’s files will be stored.
   • The home directory is set relative to the Blob containers in your storage account. For example, if you have a container named sftp-data and want the user’s home directory to be a folder named user1-folder, the path would be:

/sftp-data/user1-folder

• • You can either create a new folder by typing in the path or select an existing folder.

1. Save Changes:
   • Once you’ve defined the home directory, save the configuration. You will notice that the user details has updated in the connection string.

Creating a New Folder in SFTP

To manage files effectively, SFTP users may need to create new folders or directories within their designated home directories. Here’s how users can create new folders using their SFTP client.

1. Connect to the SFTP Server:
   • Open your SFTP client (e.g., FileZilla, WinSCP).
   • Use the connection settings (hostname, port, username, and authentication) provided in the guide.
2. Navigate to the Home Directory:
   • Once connected, the user will be directed to the home directory you set earlier. If no home directory is specified, the root container will be used.
3. Create a New Folder:
   • In the SFTP client, navigate to the desired location (such as the home directory).
   • Right-click (or use the corresponding menu) and select Create Directory or New Folder.
   • Name the folder, and it will be created inside the current directory.
4. Verify Folder Creation:
   • The new folder should now appear in the SFTP client, and the user can upload or download files to/from this folder.

Step 6: Test the SFTP Connection

1. Choose an SFTP Client:
   • Download and install an SFTP client, such as FileZilla, WinSCP, or Cyberduck.
2. Connect to Azure SFTP:
   • Open your SFTP client and enter:
     • Host: The SFTP endpoint from Azure (e.g., youraccount.blob.core.windows.net).
     • Port: Use port 22.
     • Username: The SFTP username you just created.
     • Password/SSH Key: Based on the authentication method set in Step 3.

You will be presented with a pop up to access the host key as per below.

Once accepted you will then have a successful connection to your new SFTP solution.

1. Transfer Files:
   • Once connected, you can upload or download files to the Azure Blob containers.

Conclusion

Microsoft Azure makes setting up SFTP not only easy but also secure and scalable. By using Azure Blob Storage with built-in SFTP capabilities, you can manage secure file transfers without the need for complex on-prem infrastructure. From user management to monitoring, Azure provides a holistic solution that ensures your data is protected and easily accessible.

Whether you need to handle small-scale file transfers or support enterprise-level workloads, Azure’s flexibility and security make it the ideal platform for SFTP. Try it today and experience the simplicity of file transfers in the cloud.

Stay tuned for more tutorials on how to maximize your Azure environment!

Sharing is caring!