Merge pull request #271690 from normesta/sftp-2

Access control lists for SFTP

Author: Jill Grant

articles/storage/blobs/TOC.yml

@@ -166,8 +166,12 @@ items:
       items:
       - name: Overview
         href: secure-file-transfer-protocol-support.md
-      - name: Transfer data by using SFTP
+      - name: Enable or disable SFTP
         href: secure-file-transfer-protocol-support-how-to.md
+      - name: Authorize access
+        href: secure-file-transfer-protocol-support-authorize-access.md
+      - name: Connect from an SFTP client
+        href: secure-file-transfer-protocol-support-connect.md
       - name: Performance considerations
         href: secure-file-transfer-protocol-performance.md
       - name: Limitations and known issues

articles/storage/blobs/media/secure-file-transfer-protocol-support-authorize-access/add-local-user-configuration-page.png

@@ -6,9 +6,8 @@ author: normesta
 
 ms.service: azure-blob-storage
 ms.topic: conceptual
-ms.date: 10/20/2022
+ms.date: 04/30/2024
 ms.author: normesta
-ms.reviewer: michawil
 
 ---
 
@@ -21,15 +20,15 @@ This article describes limitations and known issues of SFTP support for Azure Bl
 
 ## Known unsupported clients
 
-The following clients are known to be incompatible with SFTP for Azure Blob Storage. See [Supported algorithms](secure-file-transfer-protocol-support.md#supported-algorithms) for more information.
+The following clients are known to be incompatible with SFTP for Azure Blob Storage. For more information, see [Supported algorithms](secure-file-transfer-protocol-support.md#supported-algorithms).
 
 - Five9
 - Kemp
 - Mule
 - paramiko 1.16.0
 - SSH.NET 2016.1.0
 
-The unsupported client list above isn't exhaustive and may change over time.
+This list isn't exhaustive and might change over time.
 
 ## Client settings
 
@@ -52,7 +51,7 @@ To transfer files to or from Azure Blob Storage via SFTP clients, see the follow
 | Extensions | Unsupported extensions include but aren't limited to: [email protected], [email protected], [email protected], [email protected] |
 | SSH Commands | SFTP is the only supported subsystem. Shell requests after the completion of key exchange will fail. |
 | Multi-protocol writes | Random writes and appends (`PutBlock`,`PutBlockList`, `GetBlockList`, `AppendBlock`, `AppendFile`)  aren't allowed from other protocols (NFS, Blob REST, Data Lake Storage Gen2 REST) on blobs that are created by using SFTP. Full overwrites are allowed.|
-| Rename Operations | Rename operations where the target file name already exists is a protocol violation. Attempting such an operation will return an error. See [Removing and Renaming Files](https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02#section-6.5) for more information.|
+| Rename Operations | Rename operations where the target file name already exists is a protocol violation. Attempting such an operation returns an error. See [Removing and Renaming Files](https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02#section-6.5) for more information.|
 | Cross Container Operations | Traversing between containers or performing operations on multiple containers from the same connection are unsupported.
 
 ## Authentication and authorization
@@ -83,7 +82,7 @@ To learn more, see [SFTP permission model](secure-file-transfer-protocol-support
 
 - Maximum file upload size via the SFTP endpoint is 100 GB. 
 
-- To change the storage account's redundancy/replication settings or initiate account failover, SFTP must be disabled. SFTP may be re-enabled once the conversion has completed. 
+- To change the storage account's redundancy/replication settings or initiate account failover, SFTP must be disabled. SFTP may be re-enabled once the conversion has completed.
 
 - Special containers such as $logs, $blobchangefeed, $root, $web aren't accessible via the SFTP endpoint.