Merge pull request #200455 from normesta/sftp

Some fixes

Author: denrea

articles/storage/blobs/secure-file-transfer-protocol-known-issues.md

@@ -5,7 +5,7 @@ author: normesta
 ms.subservice: blobs
 ms.service: storage
 ms.topic: conceptual
-ms.date: 03/04/2022
+ms.date: 06/03/2022
 ms.author: normesta
 ms.reviewer: ylunagaria
 
@@ -26,15 +26,11 @@ This article describes limitations and known issues of SFTP support for Azure Bl
 
 The following clients are known to be incompatible with SFTP for Azure Blob Storage (preview). See [Supported algorithms](secure-file-transfer-protocol-support.md#supported-algorithms) for more information.
 
-- Axway
 - Five9
 - Kemp
-- Moveit
 - Mule
 - paramiko 1.16.0
-- Salesforce
 - SSH.NET 2016.1.0
-- XFB.Gateway
 
 > [!NOTE]
 > The unsupported client list above is not exhaustive and may change over time.
@@ -48,38 +44,36 @@ The following clients are known to be incompatible with SFTP for Azure Blob Stor
 | Random writes and appends | <li>Operations that include both READ and WRITE flags. For example: [SSH.NET create API](https://github.com/sshnet/SSH.NET/blob/develop/src/Renci.SshNet/SftpClient.cs#:~:text=public%20SftpFileStream-,Create,-(string%20path))<li>Operations that include APPEND flag. For example: [SSH.NET append API](https://github.com/sshnet/SSH.NET/blob/develop/src/Renci.SshNet/SftpClient.cs#:~:text=public%20void-,AppendAllLines,-(string%20path%2C%20IEnumerable%3Cstring%3E%20contents)). |
 | Links |<li>`symlink` - creating symbolic links<li>`ln` - creating hard links<li>Reading links not supported |
 | Capacity Information | `df` - usage info for filesystem |
-| Extensions | Unsupported extensions include but are not limited to: [email protected], [email protected], [email protected], [email protected] |
+| Extensions | Unsupported extensions include but aren't limited to: [email protected], [email protected], [email protected], [email protected] |
 | SSH Commands | SFTP is the only supported subsystem. Shell requests after the completion of the key exchange will fail. |
-| Multi-protocol writes | Random writes and appends (`PutBlock`,`PutBlockList`, `GetBlockList`, `AppendBlock`, `AppendFile`)  are not allowed from other protocols on blobs that are created by using SFTP. Full overwrites are allowed.|
+| Multi-protocol writes | Random writes and appends (`PutBlock`,`PutBlockList`, `GetBlockList`, `AppendBlock`, `AppendFile`)  aren't allowed from other protocols on blobs that are created by using SFTP. Full overwrites are allowed.|
 
 ## Authentication and authorization
 
 - _Local users_ is the only form of identity management that is currently supported for the SFTP endpoint.
 
-- Azure Active Directory (Azure AD) is not supported for the SFTP endpoint.
+- Azure Active Directory (Azure AD) isn't supported for the SFTP endpoint.
 
-- POSIX-like access control lists (ACLs) are not supported for the SFTP endpoint.
+- POSIX-like access control lists (ACLs) aren't supported for the SFTP endpoint.
 
   > [!NOTE]
   > After your data is ingested into Azure Storage, you can use the full breadth of Azure storage security settings. While authorization mechanisms such as role-based access control (RBAC) and access control lists aren't supported as a means to authorize a connecting SFTP client, they can be used to authorize access via Azure tools (such Azure portal, Azure CLI, Azure PowerShell commands, and AzCopy) as well as Azure SDKS, and Azure REST APIs. 
 
-- Account and container level operations are not supported for the SFTP endpoint.
+- Account and container level operations aren't supported for the SFTP endpoint.
 
 ## Networking
 
 - To access the storage account using SFTP, your network must allow traffic on port 22.
 
-- When a firewall is configured, connections from non-allowed IPs are not rejected as expected. However, if there is a successful connection for an authenticated user then all data plane operations will be rejected.
-
-- There's a 4 minute timeout for idle or inactive connections. OpenSSH will appear to stop responding and then disconnect. Some clients reconnect automatically. 
+- There's a 4-minute timeout for idle or inactive connections. OpenSSH will appear to stop responding and then disconnect. Some clients reconnect automatically. 
 
 ## Security
 
 - Host keys are published [here](secure-file-transfer-protocol-host-keys.md). During the public preview, host keys may rotate frequently.
 
 ## Integrations
 
-- Change feed and Event Grid notifications are not supported.
+- Change feed and Event Grid notifications aren't supported.
 
 - Network File System (NFS) 3.0 and SFTP can't be enabled on the same storage account.
 
@@ -89,15 +83,15 @@ For performance issues and considerations, see [SSH File Transfer Protocol (SFTP
 
 ## Other
 
-- Special containers such as $logs, $blobchangefeed, $root, $web are not accessible via the SFTP endpoint. 
+- Special containers such as $logs, $blobchangefeed, $root, $web aren't accessible via the SFTP endpoint. 
 
-- Symbolic links are not supported.
+- Symbolic links aren't supported.
 
-- `ssh-keyscan` is not supported.
+- `ssh-keyscan` isn't supported.
 
-- SSH and SCP commands, that are not SFTP, are not supported.
+- SSH and SCP commands that aren't SFTP aren't supported.
 
-- FTPS and FTP are not supported.
+- FTPS and FTP aren't supported.
 
 ## Troubleshooting
 

articles/storage/blobs/secure-file-transfer-protocol-support.md

@@ -5,7 +5,7 @@ author: normesta
 ms.subservice: blobs
 ms.service: storage
 ms.topic: conceptual
-ms.date: 03/04/2022
+ms.date: 06/03/2022
 ms.custom: references_regions
 ms.author: normesta
 ms.reviewer: ylunagaria
@@ -14,7 +14,7 @@ ms.reviewer: ylunagaria
 
 # SSH File Transfer Protocol (SFTP) support for Azure Blob Storage (preview)
 
-Blob storage now supports the SSH File Transfer Protocol (SFTP). This support provides the ability to securely connect to Blob Storage accounts via an SFTP endpoint, allowing you to leverage SFTP for file access, file transfer, as well as file management.  
+Blob storage now supports the SSH File Transfer Protocol (SFTP). This support provides the ability to securely connect to Blob Storage accounts via an SFTP endpoint, allowing you to use SFTP for file access, file transfer, and file management.  
 
 > [!IMPORTANT]
 > SFTP support is currently in PREVIEW and is available on general-purpose v2 and premium block blob accounts. Complete [this form](https://forms.office.com/r/gZguN0j65Y) BEFORE using the feature in preview. Registration via 'preview features' is NOT required and confirmation email will NOT be sent after filling out the form. You can IMMEDIATELY access the feature.
@@ -27,7 +27,7 @@ Azure allows secure data transfer to Blob Storage accounts using Azure Blob serv
 
 Prior to the release of this feature, if you wanted to use SFTP to transfer data to Azure Blob Storage you would have to either purchase a third party product or orchestrate your own solution. You would have to create a virtual machine (VM) in Azure to host an SFTP server, and then figure out a way to move data into the storage account. 
 
-Now, with SFTP support for Azure Blob Storage, you can enable an SFTP endpoint for Blob Storage accounts with a single setting. Then you can set up local user identities for authentication to transfer data securely without the need to do any additional work. 
+Now, with SFTP support for Azure Blob Storage, you can enable an SFTP endpoint for Blob Storage accounts with a single setting. Then you can set up local user identities for authentication to transfer data securely without the need to do any more work. 
 
 This article describes SFTP support for Azure Blob Storage. To learn how to enable SFTP for your storage account, see [Connect to Azure Blob Storage by using the SSH File Transfer Protocol (SFTP) (preview)](secure-file-transfer-protocol-support-how-to.md).
 
@@ -42,11 +42,11 @@ Different protocols extend from the hierarchical namespace. The SFTP is one of t
 
 ## SFTP permission model
 
-Azure Blob Storage does not support Azure Active Directory (Azure AD) authentication or authorization via SFTP. Instead, SFTP utilizes a new form of identity management called _local users_. 
+Azure Blob Storage doesn't support Azure Active Directory (Azure AD) authentication or authorization via SFTP. Instead, SFTP utilizes a new form of identity management called _local users_. 
 
 Local users must use either a password or a Secure Shell (SSH) private key credential for authentication. You can have a maximum of 1000 local users for a storage account.
 
-To set up access permissions, you will create a local user, and choose authentication methods. Then, for each container in your account, you can specify the level of access you want to give that user.
+To set up access permissions, you'll create a local user, and choose authentication methods. Then, for each container in your account, you can specify the level of access you want to give that user.
 
 > [!CAUTION]
 > Local users do not interoperate with other Azure Storage permission models such as RBAC (role based access control), ABAC (attribute based access control), and ACLs (access control lists). 
@@ -57,11 +57,11 @@ For SFTP enabled storage accounts, you can use the full breadth of Azure Blob St
 
 ## Authentication methods
 
-You can authenticate local users connecting via SFTP by using a password or a Secure Shell (SSH) public-private keypair. You can configure both forms of authentication and let connecting local users choose which one to use. However, multifactor authentication, whereby both a valid password and a valid public-private key pair are required for successful authentication is not supported. 
+You can authenticate local users connecting via SFTP by using a password or a Secure Shell (SSH) public-private keypair. You can configure both forms of authentication and let connecting local users choose which one to use. However, multifactor authentication, whereby both a valid password and a valid public-private key pair are required for successful authentication isn't supported. 
 
 #### Passwords
 
-Passwords are generated for you. If you choose password authentication, then your password will be provided after you finish configuring a local user. Make sure to copy that password and save it in a location where you can find it later. You won't be able to retrieve that password from Azure again. If you lose the password, you will have to generate a new one. For security reasons, you can't set the password yourself.   
+Passwords are generated for you. If you choose password authentication, then your password will be provided after you finish configuring a local user. Make sure to copy that password and save it in a location where you can find it later. You won't be able to retrieve that password from Azure again. If you lose the password, you'll have to generate a new one. For security reasons, you can't set the password yourself.   
 
 #### SSH key pairs
 
@@ -71,7 +71,7 @@ If you choose to authenticate with private-public key pair, you can either gener
 
 ## Container permissions
 
-In the current release, you can specify only container-level permissions. Directory-level permissions are not supported. You can choose which containers you want to grant access to and what level of access you want to provide (Read, Write, List, Delete, and Create). Those permissions apply to all directories and subdirectories in the container. You can grant each local user access to as many as 100 containers. Container permissions can also be updated after creating a local user. The following table describes each permission in more detail.
+In the current release, you can specify only container-level permissions. Directory-level permissions aren't supported. You can choose which containers you want to grant access to and what level of access you want to provide (Read, Write, List, Delete, and Create). Those permissions apply to all directories and subdirectories in the container. You can grant each local user access to as many as 100 containers. Container permissions can also be updated after creating a local user. The following table describes each permission in more detail.
 
 | Permission | Symbol | Description |
 |---|---|---|
@@ -93,7 +93,7 @@ sftp [email protected]
 put logfile.txt
 ```
 
-If you set the home directory of a user to `mycontainer/mydirectory`, then they would connect to that directory. Then, the `logfile.txt` file would be uploaded to `mycontainer/mydirectory`. If you did not set the home directory, then the connection attempt would fail. Instead, connecting users would have to specify a container along with the request and then use SFTP commands to navigate to the target directory before uploading a file. The following example shows this:
+If you set the home directory of a user to `mycontainer/mydirectory`, then they would connect to that directory. Then, the `logfile.txt` file would be uploaded to `mycontainer/mydirectory`. If you didn't set the home directory, then the connection attempt would fail. Instead, connecting users would have to specify a container along with the request and then use SFTP commands to navigate to the target directory before uploading a file. The following example shows this:
 
 ```powershell
 sftp [email protected]
@@ -120,24 +120,28 @@ SFTP support for Azure Blob Storage currently limits its cryptographic algorithm
 
 ### Known supported clients
 
-The following clients have compatible algorithm support with SFTP for Azure Blob Storage (preview). See [Limitations and known issues with SSH File Transfer Protocol (SFTP) support for Azure Blob Storage](secure-file-transfer-protocol-known-issues.md) if you are having trouble connecting.
+The following clients have compatible algorithm support with SFTP for Azure Blob Storage (preview). See [Limitations and known issues with SSH File Transfer Protocol (SFTP) support for Azure Blob Storage](secure-file-transfer-protocol-known-issues.md) if you're having trouble connecting.
 
 - AsyncSSH 2.1.0+
+- Axway
 - Cyberduck 7.8.2+
 - edtFTPjPRO 7.0.0+
 - FileZilla 3.53.0+
 - libssh 0.9.5+
 - Maverick Legacy 1.7.15+
+- Moveit 12.7
 - OpenSSH 7.4+
 - paramiko 2.8.1+
 - PuTTY 0.74+
 - QualysML 12.3.41.1+
 - RebexSSH 5.0.7119.0+
+- Salesforce
 - ssh2js 0.1.20+
 - sshj 0.27.0+
 - SSH.NET 2020.0.0+
 - WinSCP 5.10+
 - Workday
+- XFB.Gateway
 
 > [!NOTE]
 > The supported client list above is not exhaustive and may change over time.