Migrating SFTP Workloads to Azure Blob Storage

Azure Blob Storage supports SFTP (SSH File Transfer Protocol), allowing users to leverage object storage economics and features for their SFTP workloads. Users can provision a fully managed, highly scalable SFTP endpoint for their storage account with just one click during the storage provisioning process.

SFTP support and protocol support for NFS 3.0, Blob REST, and Azure Data Lake Storage help customers migrate their applications without any changes. Building on top of the Blob Storage foundation also allows SFTP-enabled accounts to inherit the security, durability, scalability, and cost efficiency of Azure Blob Storage. You can read more about the SFTP capabilities in Azure Blob Storage on the Microsoft Azure documentation website.

In this tip, you will learn how to enable SFTP on Azure Blob Storage and build a .NET application that uploads files via SFTP.

To enable SFTP support for your Azure storage account, you first need to enable the hierarchical namespace feature of the storage account by opting into Azure Data Lake Storage Gen2 capabilities, as shown in the screenshot below. If you wish to use PowerShell to provision an Azure Storage account with SFTP capabilities, ensure the Az.Storage module is up to date.
MicrosoftTeams-image 612

Figure 1 – Enable SFTP on Azure Storage account

Once the account is ready, you can add a local user for SFTP by selecting SFTP from the Settings section and following the wizard’s instructions to create a user that authenticates with an SSH password, as shown in the screenshot below:
MicrosoftTeams-image 621

Figure 2 – Create a new local user

In the wizard’s next step, grant the user access to a blob storage container, as shown in the following screenshot. It is sufficient to grant only the Write permission to restrict the user’s activities to upload files to the container.
MicrosoftTeams-image 631

Figure 3 – Grant container access to the user

You will be able to see the SSH password for the user after it has been created. Be sure to note down this password since you cannot see it again.
MicrosoftTeams-image 642

Figure 4 – SSH password of the user

This new feature provides a seamless way to integrate SFTP workloads with Azure Blob Storage and its many benefits.

You can upload a file via SFTP to Azure Blob Storage using C# and the SSH.NET library.

First, install the SSH.NET NuGet package in your ASP.NET Core application with the following command:

$ dotnet add package SSH.NET

Plain textCopy

Use the following code to upload a file to the container you gave access to the SFTP user. You will need to replace placeholders with actual values in the code.

using Renci.SshNet;
var host = "<storage-acc-name>.blob.core.windows.net";
var username = "<storage-acc-name>.<container-name>.<username>";
var password = "<password>";

var sftpClient = new SftpClient(host, username, password);
sftpClient.Connect();
using (var fileStream = File.OpenRead("<path-to-file>"))
{
    sftpClient.UploadFile(fileStream, "<blob-name>");
}
sftpClient.Disconnect();