Merge pull request #202935 from mikewill4/patch-29

PRMerger18 · web-flow · commit 10690535211b · 2022-06-27T13:54:29.000-07:00
[SFTP] Add more crypto algorithm considerations
diff --git a/articles/storage/blobs/secure-file-transfer-protocol-known-issues.md b/articles/storage/blobs/secure-file-transfer-protocol-known-issues.md
@@ -74,8 +74,10 @@ The following clients are known to be incompatible with SFTP for Azure Blob Stor
 ## Security
 
 - Host keys are published [here](secure-file-transfer-protocol-host-keys.md). During the public preview, host keys may rotate frequently.
-  
-- User supplied passwords are not supported. Passwords are generated by Azure and minimum 88 characters in length.
+
+- RSA keys must be minimum 2048 bits in length.
+
+- User supplied passwords are not supported. Passwords are generated by Azure and are minimum 88 characters in length.
 
 ## Integrations
 
diff --git a/articles/storage/blobs/secure-file-transfer-protocol-support.md b/articles/storage/blobs/secure-file-transfer-protocol-support.md
@@ -110,13 +110,20 @@ You can use many different SFTP clients to securely connect and then transfer fi
 
 | Host key | Key exchange | Ciphers/encryption | Integrity/MAC | Public key |
 |----------|--------------|--------------------|---------------|------------|
-| rsa-sha2-256 | ecdh-sha2-nistp384 | aes128-gcm@openssh.com | hmac-sha2-256 | ssh-rsa |
-| rsa-sha2-512 | ecdh-sha2-nistp256 | aes256-gcm@openssh.com | hmac-sha2-512 | ecdsa-sha2-nistp256 |
+| rsa-sha2-256 <sup>1</sup> | ecdh-sha2-nistp384 | aes128-gcm@openssh.com | hmac-sha2-256 | ssh-rsa <sup>1</sup> |
+| rsa-sha2-512 <sup>1</sup> | ecdh-sha2-nistp256 | aes256-gcm@openssh.com | hmac-sha2-512 | ecdsa-sha2-nistp256 |
 | ecdsa-sha2-nistp256 | diffie-hellman-group14-sha256 | aes128-cbc| hmac-sha2-256-etm@openssh.com | ecdsa-sha2-nistp384 |
 | ecdsa-sha2-nistp384| diffie-hellman-group16-sha512 | aes256-cbc | hmac-sha2-512-etm@openssh.com | 
 ||| aes192-cbc ||
 
-SFTP support for Azure Blob Storage currently limits its cryptographic algorithm support based on security considerations. We strongly recommend that customers utilize Microsoft Security Development Lifecycle (SDL) approved algorithms to securely access their data. More details can be found [here](/security/sdl/cryptographic-recommendations).
+<sup>1</sup>    Requires minimum key length of 2048 bits.
+
+SFTP support for Azure Blob Storage currently limits its cryptographic algorithm support based on security considerations. We strongly recommend that customers utilize [Microsoft Security Development Lifecycle (SDL) approved algorithms](/security/sdl/cryptographic-recommendations) to securely access their data.
+
+> [!IMPORTANT]
+> At this time, we do not plan on supporting the following: `ssh-dss`, `diffie-hellman-group14-sha1`, `diffie-hellman-group1-sha1`, `hmac-sha1`, `hmac-sha1-96`.
+
+Algorithm support is subject to change in the future.
 
 ### Known supported clients
 
