How to Create a Secure SFTP Service Using Azure Storage Account and Make It Publicly Accessible

Creating a Secure File Transfer Protocol (SFTP) service using an Azure Storage Account offers a cost-effective, scalable, and highly available solution for transferring files. This guide will walk you through the process of setting up an SFTP service on Azure Storage and configuring it to be publicly accessible while focusing on the most secure options.

Step 1: Create an Azure Storage Account

1.1 Sign in to Azure Portal

Go to the Azure Portal and sign in with your Azure account.

1.2 Create a New Storage Account

1. In the Azure portal, select Create a resource > Storage > Storage account.

2. In the "Basics" tab, configure the storage account:

   • Subscription: Select your subscription.
   • Resource group: Create a new resource group or select an existing one.
   • Storage account name: Enter a unique name for your storage account.
   • Region: Select the region closest to you.
   • Performance: Choose Standard.
   • Redundancy: Choose the redundancy option that fits your needs (e.g., Locally-redundant storage (LRS)).

3. In the "Advanced" tab, configure the storage account:

• Hierarchical Namespace: Enable hierarchical namespace.

• Access Protocols: Enable SFTP.

4. Click Review + create and then Create.

Step 2: Creating the container

2.1 Create a Container

1. In the storage account settings, select Containers.
2. Click + Container and enter a name for your container (e.g., sftp-data).
3. Set the public access level to Private (no anonymous access).

Step 3: Configure SFTP Users

3.1 Add Local Users for SFTP

1. In the storage account settings, select SFTP under Settings.
2. Click Add local user.
3. Enter a username and set the authentication method to SSH password and key pair for added security.
4. Assign the user appropriate permissions (e.g., read, write, list) for the SFTP service.

3.2 Generate and Save SSH Keys

1. Generate an SSH key pair on your local machine (if you don’t already have one):

bash

ssh-keygen -t rsa -b 4096 –C dummyuser@getpractical.co.uk

1. Copy the public key to the clipboard and paste it into the SSH public key field for the SFTP user.

3.3 Save the User Configuration

1. Click Create to save the user configuration.
2. Make sure to note down the SFTP server endpoint and the user credentials.

Step 4: Make the SFTP Service Publicly Accessible

4.1 Configure Network Rules

• In the storage account settings, select Networking under Security + networking.
• Configure the Firewall and virtual networks settings:
  • Select Selected networks.
  • Add any virtual networks and IP addresses that should have access to the SFTP service.
  • Ensure the public IP addresses you want to allow are included in the list.

Conclusion

By following these steps, you can set up a secure SFTP service using an Azure Storage Account and make it publicly accessible. Always prioritize security by using SSH keys, configuring network rules, and monitoring access. Azure’s flexibility and robust management tools make it an excellent choice for hosting your SFTP service.

For further reading and detailed documentation, visit the Azure Documentation.