Connecting securely to Microsoft Azure service with SFTP or FTPS

Before starting you should have WinSCP installed.

First, collect information about your virtual machine instance, on the Azure portal:

• Host name:
  • Use IP address you find in the Public IP address section on your virtual machine instance page;
  • Or setup a DNS name for the virtual machine by clicking on the Configure link in DNS name section. A Configuration panel opens. There, in the DNS name label, enter a sub domain for your virtual machine. Click Save button. A full hostname now appears in the DNS name section in a format subdomain.location.cloudapp.azure.com.
• Username: Use the username, that you created, when creating the virtual machine.
• Host key fingerprint: On the first connect you will be prompted to verify server host key.
  To securely acquire a fingerprint of the host key:
  • On your virtual machine instance page, use Run command function. You will find it in the virtual machine menu, in Operations group.
  • Select “RunShellScript” command.
  • Paste the following command:

    for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -f "$f"; done

  • You will get an output like:

    256 SHA256:bKKCom8yh5gOuBNWaHHJ3rrnRXmCOAyPN/WximYEPAU /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
    256 SHA256:IYeDl+gseYk46Acg4g2mcXGvCr7Z8FqOd+pCJz/KLHg /etc/ssh/ssh_host_ed25519_key.pub (ED25519)
    2048 SHA256:rA0lIXvHqFq7VHKQCqHwjsj28kw+tO0g/X4KnPpEjMk root@myazurevm (RSA)

    The set of key types will vary with your virtual machine image.
• When creating new virtual machine, prefer setting up public key authentication by pasting your public key to SSH public key box in the Basics step in the Administrator account section. If you want to setup public key authentication later, you have to set it up manually.

To connect to a virtual machine instance with SFTP, start WinSCP. Login dialog will appear. On the dialog:

• Make sure New site node is selected.
• On the New site node, make sure SFTP protocol is selected.
• Enter Host name.
• Enter User name.
• Enter a password for the username. Or specify a private key, if you set up a public key authentication..
• Save your site settings using the Save button.
• Login using the Login button.
• Verify the host key by comparing fingerprints with those collected before (see above).

First you need to install a FTPS server on the virtual machine.

To connect to the virtual machine with FTPS, start WinSCP. Login dialog will appear. On the dialog:

• Make sure New site node is selected.
• On the New site node, select FTP protocol and TLS/SSL Explicit encryption.
• In Host name box enter an address of your virtual machine:
  • Use IP address you find in the Public IP address section on your virtual machine instance page on the Azure portal.
  • Or setup a DNS name for the virtual machine by clicking on the Configure link in DNS name section. A Configuration panel opens. There, in the DNS name label, enter a sub domain for your virtual machine. Click Save button. A full hostname now appears in the DNS name section in a format subdomain.location.cloudapp.azure.com.
• Enter username and password of an account you want to connect with. Use the account you have specified when creating the instance or any other account you have created on the instance.
• Save your site settings using the Save button.
• Login using the Login button.
• If you are using self-signed certificate, you will be prompted to accept it.

First, collect information about your app service (previously web site), on the Azure portal:

• Host name: Copy host name from FTPS hostname section on the Overview page.
• User Name: Copy username from the FTP/deployment username section on the Overview page. If you did not set up an FTP account yet, goto Deployment Center page and select FTP in Manual Deployment section and switch to User Credentials tab. User name has a form name\user. You need to use both parts when authenticating.

To connect to the web site with FTPS, start WinSCP. Login dialog will appear. On the dialog:

• Make sure New site node is selected.
• On the New site node, select FTP protocol and TLS/SSL Explicit encryption.
• In Host name box paste a host name of your instance in format waws-prod-xxx-xxx.ftp.azurewebsites.windows.net. You can also paste a complete URL to select protocol, encryption and insert host name at once.
• Enter the User name and the Password.
• Save your site settings using the Save button.
• Login using the Login button.
• Web site TLS/SSL certificate is signed by a trusted authority, so you won’t be prompted to verify it.

See example for automating update of a WebJob on an App Service/Web Site.

• Guide to uploading files to SFTP/FTPS server;
• Guide to automating operations (including upload);
• Guide to connecting to Amazon EC2 server with SFTP;
• Guide to connecting to Google Compute Engine server with SFTP.