Differences
This shows you the differences between the selected revisions of the page.
| guide_microsoft_azure 2014-09-05 | guide_microsoft_azure 2023-07-03 (current) | ||
| Line 1: | Line 1: | ||
| - | ~~NOINDEX~~ | + | ====== Connecting securely to Microsoft Azure service with SFTP or FTPS ====== |
| - | ====== Connecting Securely to Microsoft Azure Service with SFTP or FTPS ====== | + | |
| With WinSCP you can easily upload and manage files on your Microsoft Azure instance/service over [[sftp|SFTP protocol]] or [[ftps|FTPS]] protocol. | With WinSCP you can easily upload and manage files on your Microsoft Azure instance/service over [[sftp|SFTP protocol]] or [[ftps|FTPS]] protocol. | ||
| + | |||
| + | ===== Before Starting ===== | ||
| Before starting you should [[guide_install|have WinSCP installed]]. | Before starting you should [[guide_install|have WinSCP installed]]. | ||
| - | ===== Connecting to a Linux Virtual Machine with SFTP ===== | + | ===== [[linux]] Connecting to a Linux Virtual Machine with SFTP ===== |
| - | Collect information about your virtual machine instance from your instance dashboard on [[http://manage.windowsazure.com/|Azure Management Portal]]: | + | First, collect information about your virtual machine instance, on the [[https://portal.azure.com/|Azure portal]]: |
| - | * Host name: //DNS name// section on a //Quick glance// sidebar. Host name has a form ''name.cloudapp.net''. | + | * Host name: |
| - | * Host key fingerprint: //SSH Certificate Thumbprint// section. | + | * Use IP address you find in the //Public IP address// section on your virtual machine instance page; |
| - | * Consider [[http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-use-ssh-key/|setting up public key authentication]]. | + | * Or setup a DNS name for the virtual machine by clicking on the //Configure// link in //%%DNS%% name// section. A //Configuration// panel opens. There, in the //%%DNS%% name label//, enter a sub domain for your virtual machine. Click //Save// button. A full hostname now appears in the //%%DNS%% name// section in a format ''subdomain.location.cloudapp.azure.com''. |
| + | * Username: Use the username, that you created, when creating the virtual machine. | ||
| + | * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify server host key]]. \\ To securely acquire a fingerprint of the host key: | ||
| + | ····* On your virtual machine instance page, use [[https://learn.microsoft.com/en-us/azure/virtual-machines/linux/run-command|//Run command// function]]. You will find it in the virtual machine menu, in //Operations// group. | ||
| + | * Select //"RunShellScript"// command. | ||
| + | * Paste the following command: <code bash>for f in /etc/<nohilite>ssh</nohilite>/ssh_host_*_key; do ssh-keygen -l -f "$f"; done</code> | ||
| + | * You will get an output like: <code>256 SHA256:bKKCom8yh5gOuBNWaHHJ3rrnRXmCOAyPN/WximYEPAU /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA) | ||
| + | 256 SHA256:IYeDl+gseYk46Acg4g2mcXGvCr7Z8FqOd+pCJz/KLHg /etc/ssh/ssh_host_ed25519_key.pub (ED25519) | ||
| + | 2048 SHA256:rA0lIXvHqFq7VHKQCqHwjsj28kw+tO0g/X4KnPpEjMk root@myazurevm (RSA)</code> The set of key types will vary with your virtual machine image. | ||
| + | * When creating new virtual machine, prefer setting up public key authentication by pasting your public key to //%%SSH%% public key// box in the //Basics// step in the //Administrator account// section. If you want to setup public key authentication later, you have to [[guide_public_key|set it up manually]]. | ||
| To connect to a virtual machine instance with SFTP, start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | To connect to a virtual machine instance with SFTP, start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | ||
| Line 18: | Line 28: | ||
| * On the //New site// node, make sure //%%SFTP%%// protocol is selected. | * On the //New site// node, make sure //%%SFTP%%// protocol is selected. | ||
| * Enter //Host name//. | * Enter //Host name//. | ||
| - | * Enter ''azureuser'' for //User name//. | + | * Enter //User name//. |
| - | * Enter your instance password. | + | * Enter a password for the username. Or [[ui_login_authentication|specify a private key]], if you set up a public key authentication.. |
| * Save your site settings using the //Save// button. | * Save your site settings using the //Save// button. | ||
| * Login using the //Login// button. | * Login using the //Login// button. | ||
| - | * [[ssh_verifying_the_host_key|Verify the host key]] by comparing fingerprints with those collected before (see above). The thumbprint as shown on dashboard uses a slightly different format than a fingerprint used by WinSCP. Particularly the thumbprint does not include key type and size in the front and lack color separators. I.e. WinSCP's fingerprint ''ssh-rsa 2048 aa:bb:cc...'' is equivalent to dashboard thumbprint ''aabbcc...''. | + | * [[ssh_verifying_the_host_key|Verify the host key]] by comparing fingerprints with those collected before (see above). |
| &screenshotpict(azure_linux) | &screenshotpict(azure_linux) | ||
| Line 30: | Line 40: | ||
| First you need to [[guide_azure_ftps_server|install a FTPS server on the virtual machine]]. | First you need to [[guide_azure_ftps_server|install a FTPS server on the virtual machine]]. | ||
| - | To connect to the instance with FTPS, start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | + | To connect to the virtual machine with FTPS, start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: |
| * Make sure //New site// node is selected. | * Make sure //New site// node is selected. | ||
| - | * On the //New site// node, select //FTP// protocol and //TLS Explicit encryption//. | + | * On the //New site// node, select //FTP// protocol and //TLS/SSL Explicit encryption//. |
| - | * In //Host name// box enter a host name of your instance in format ''name.cloudapp.net''. You will find it in //DNS Name// section on //Quick glance// sidebar of your instance dashboard on [[http://manage.windowsazure.com/|Azure Management Portal]]. | + | * In //Host name// box enter an address of your virtual machine: |
| + | * Use IP address you find in the //Public IP address// section on your virtual machine instance page on the [[https://portal.azure.com/|Azure portal]]. | ||
| + | * Or setup a DNS name for the virtual machine by clicking on the //Configure// link in //%%DNS%% name// section. A //Configuration// panel opens. There, in the //%%DNS%% name label//, enter a sub domain for your virtual machine. Click //Save// button. A full hostname now appears in the //%%DNS%% name// section in a format ''subdomain.location.cloudapp.azure.com''. | ||
| * Enter username and password of an account you want to connect with. Use the account you have specified when creating the instance or any other account you have created on the instance. | * Enter username and password of an account you want to connect with. Use the account you have specified when creating the instance or any other account you have created on the instance. | ||
| * Save your site settings using the //Save// button. | * Save your site settings using the //Save// button. | ||
| * Login using the //Login// button. | * Login using the //Login// button. | ||
| - | * If you are using [[guide_windows_ftps_server#certificate|self-signed certificate]], you will be prompted to [[ftps#certificate|accept it]]. | + | * If you are using [[guide_windows_ftps_server#certificate|self-signed certificate]], you will be prompted to [[tls#certificate|accept it]]. |
| &screenshotpict(azure_windows) | &screenshotpict(azure_windows) | ||
| - | ===== Connecting to a Web Site with FTPS ===== | + | ===== [[appservice]] Connecting to an App Service (Web Site) with FTPS ===== |
| - | Collect information about your web site from your web site dashboard on [[http://manage.windowsazure.com/|Azure Management Portal]]: | + | First, collect information about your app service (previously web site), on the [[https://portal.azure.com/|Azure portal]]: |
| - | * Host name: Copy host name from //FTPS host name// section on a //Quick glance// sidebar (skip the ''%%ftps://%%'' prefix). //With the latest beta version, you can copy whole %%URL%%, including the prefix.// &beta | + | * Host name: Copy host name from //FTPS hostname// section on the //Overview// page. |
| - | * User Name: See //Deployment / FTP user// section. If you did not set up %%FTP%% account yet, use //Set up deployment credentials// link. User name has form ''name\user''. You need to use both parts when authenticating. | + | · * User Name: Copy username from the //FTP/deployment username// section on the //Overview// page. If you did not set up an %%FTP%% account yet, goto //Deployment Center// page and select //FTP// in //Manual Deployment// section and switch to //User Credentials// tab. User name has a form ''name\user''. You need to use both parts when authenticating. |
| To connect to the web site with %%FTPS%%, start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | To connect to the web site with %%FTPS%%, start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | ||
| * Make sure //New site// node is selected. | * Make sure //New site// node is selected. | ||
| - | * On the //New site// node, select //FTP// protocol and //TLS Explicit encryption//. | + | * On the //New site// node, select //FTP// protocol and //TLS/SSL Explicit encryption//. |
| - | * In //Host name// box paste a host name of your instance in format ''name.azurewebsites.net''. //With the latest beta version, you can paste complete %%URL%% to select protocol, encryption and insert host name at once.// &beta | + | * In //Host name// box paste a host name of your instance in format ''%%waws-prod-xxx-xxx.ftp.azurewebsites.windows.net%%''. You can also paste a complete %%URL%% to select protocol, encryption and insert host name at once. |
| - | * Enter //User name// and //Password// (had you forgotten your password, use //Reset your deployment credentials// link on the web site dashboard). | + | * Enter the //User name// and the //Password//. |
| * Save your site settings using the //Save// button. | * Save your site settings using the //Save// button. | ||
| * Login using the //Login// button. | * Login using the //Login// button. | ||
| - | * Web site [[ftps#certificate|TLS/SSL certificate]] is signed by a trusted authority, so you won't be prompted to verify it. | + | * Web site [[tls#certificate|TLS/SSL certificate]] is signed by a trusted authority, so you won't be prompted to verify it. |
| &screenshotpict(azure_website) | &screenshotpict(azure_website) | ||
| - | ==== Using Host Name Link ==== | + | ==== Automating Access to the App Service ==== |
| - | Instead of copying web site URLs from dashboard to WinSCP, you can also directly click on the link to open the session in WinSCP. After entering your credentials and opening session, go to //Session > Save Session as Site// to save your opened site for future use. | + | See example for [[guide_microsoft_azure_webjob_sftp#deploying_auto|automating update of a WebJob on an App Service/Web Site]]. |
| ===== Further reading ===== | ===== Further reading ===== | ||
| * Guide to [[guide_upload|uploading files to SFTP/FTPS server]]; | * Guide to [[guide_upload|uploading files to SFTP/FTPS server]]; | ||
| * Guide to [[guide_automation|automating operations]] (including upload); | * Guide to [[guide_automation|automating operations]] (including upload); | ||
| - | * Guide to [[guide_amazon_ec2|connecting to Amazon EC2 server with SFTP]]. | + | * Guide to [[guide_amazon_ec2|connecting to Amazon EC2 server with SFTP]]; |
| + | * Guide to [[guide_google_compute_engine|connecting to Google Compute Engine server with SFTP]]. | ||
| + | |||