How to setup SFTP using Azure Blob Storage (Manual)
Since 2022 Microsoft supports the SSH FTP protocol on the Azure Blob Storage accounts. In this manual I will show you how to setup SFTP on Azure Blob storage.
Before you can use SFTP, you will need to know a few things. One of them is that SFTP relies on the hierarchical namespace. Hierarchical namespace organizes objects (files) into a hierarchy of directories and subdirectories in the same way that the file system on your computer is organized.
Azure Blob storage unfortunatly doesn’t support Microsoft Entra ID (B2b) authentication, instead it uses local users. Local users must use either a password or a Secure Shell (SSH) private key credential for authentication. You can have a maximum of 1000 local users for a storage account.
When you create a local user, Azure will generate a password for you when you choose password authentication. Make sure to copy that password and save it in a location where you can find it later. You won’t be able to retrieve that password from Azure again. If you lose the password, you’ll have to generate a new one. For security reasons, you can’t set the password yourself.
If you choose to authenticate with private-public key pair, you can either generate one, use one already stored in Azure, or provide Azure the public key of an existing public-private key pair. You can have a maximum of 10 public keys per local user. You can use multiple keys to do a rolling update.
Cost
If you want to deploy an SFTP resource in Azure, you will have to keep in mind that Microsoft will charge you extra for each running SFTP instance. Price consists out of the following components for the Azure SFTP service:
| Price in Dollars | Price in Euros | |
| Storage per GB per month | $ 0,0036 – 0,15 | € 0,000341 – 0,14180 |
| Storage transactions per 10k | $ 0,00 – 0,234 | € 0,00 – 0,2212 |
| SFTP per Hour | $ 0,30 | € 0,29 |
Manual
STEP 1: Create the Storage account
Go to the Azure Portal, and go to Storage Accounts and Create a new storage account.
Now fill in the Storage account name, select a region and redundancy.
On the advanced tab we will need to select 2 options. Select the Enable hierarchical namespace and Enable SFTP.
Fill in all other tabs with your own requirements
Create the storage account when ready.
STEP 2: Create Container
Now go to Containers and create a new Container. For this manual I just created an sftp container.
STEP 3: Configure SFTP
Now go to your newly created Azure Resource and go to SFTP. And click on Add local user
Now create a Username, select an Authentication method. When completed go to Container permissions
Now select the just created Container (or create a new one) and select the desired permissions for each container.
When the local user is created you will get a popup with the key or password, and it will be shown only once! So save the password. You can only reset it, never retrieve it:
Now lets get the connection information: Copy the connection string, and change <CONTAINER_NAME> with the name of the container we just created, in our case it looks like this with the container name sftp:
2azuresftdemo.sftp.2azuredemo@2azuresftdemo.blob.core.windows.net
Now lets try to connect to our new SFTP share:
We just got a succesful login and we are able to read all shares and files.
More information:
SFTP Pricing: Azure Storage Blobs Pricing | Microsoft Azure
About The Author
