SFTP on Azure Blob Storage and https custom domain

Question

Hello, I have a storage blob that I use for sftp on a custom domain. My penentration scan shows my custom domain as non secure and I need to upload a certificate to remediate. I've setup a front door with a backend pool to the storage account. I have setup a routing rule to forward traffic http to https toward the storage account url from microsoft. However, I still can not connect to sftp through front door. Any recommendations?

Answer 1

Azure Front Door supports custom domain names and can manage TLS certificates for those domains, thus enabling secure HTTPS connections, it does not directly support SFTP traffic. SFTP, being a different protocol designed for file transfer and not web traffic, operates outside the scope of what Azure Front Door is built to handle.

https://learn.microsoft.com/en-us/azure/frontdoor/scenario-storage-blobs

In Azure Blob Storage, when setting up SFTP, you don't exactly "add a certificate" in the traditional sense used for HTTPS traffic. Instead, for SFTP, the security is based on SSH key pairs (public and private keys). When you're configuring SFTP access, you can either generate a new key pair or use an existing one

https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support-how-to

Answer 2

Hello zasin,

Greetings! Welcome to Microsoft Q&A Forum.

I understand that you are not able to connect with SFTP through Azure Frontdoor,

• Verify that SFTP is enabled on your Azure Storage Account. You can do this by checking the settings of the storage account in the Azure portal.
• Ensure that you are using the correct SFTP credentials, including the username and password. You can also try generating a new set of credentials and see if that resolves the issue.
• Check that your firewall rules are properly configured to allow incoming and outgoing traffic on the SFTP port (typically port 22). You may need to add an exception to your firewall to allow traffic from your IP address to the storage account.
• Check that your network connection is stable and that you are not experiencing any disruptions or outages. You can also try connecting from a different network or using a VPN to see if the issue persists.
• Check if there are any NSGs associated with your storage account or Front Door. Ensure that they allow the necessary traffic.

Limitations and known issues with SSH File Transfer Protocol (SFTP) support for Azure Blob Storage

This article provided the steps to Connect to Azure Blob Storage by using the SSH File Transfer Protocol (SFTP)

Try connecting to your Azure Storage Account using a different SFTP client or tool. This can help isolate whether the issue is with the SFTP client you are using or with the storage account itself.

refer - https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support-how-to?source=recommendations&tabs=azure-portal, https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?source=recommendations&tabs=powershell, https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https?source=recommendations for detailed guidance.

Please let us know if you have any further queries. I’m happy to assist you further.If the issue occurs, please share the screenshot.

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.