You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/blobs/secure-file-transfer-protocol-known-issues.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -55,32 +55,32 @@ To transfer files to or from Azure Blob Storage via SFTP clients, see the follow
55
55
| Cross Container Operations | Traversing between containers or performing operations on multiple containers from the same connection are unsupported.
56
56
| Undelete | There is no way to restore a soft-deleted blob with SFTP. The `Undelete` REST API must be used.|
57
57
58
-
## Authentication and authorization
58
+
## Authentication and Authorization
59
59
60
60
-_Local users_ are the only form of identity management that is currently supported for the SFTP endpoint.
61
61
62
62
- Microsoft Entra ID isn't supported for the SFTP endpoint.
63
63
64
64
To learn more, see [SFTP permission model](secure-file-transfer-protocol-support.md#sftp-permission-model) and see [Access control model in Azure Data Lake Storage](data-lake-storage-access-control-model.md).
65
65
66
-
## Networking
67
-
68
-
- To access the storage account using SFTP, your network must allow traffic on port 22.
69
-
70
-
- Static IP addresses aren't supported for storage accounts. This isn't an SFTP specific limitation.
71
-
72
-
- There's a 2-minute time out for idle or inactive connections. OpenSSH will appear to stop responding and then disconnect. Some clients reconnect automatically.
73
-
74
66
### Access ACLs and Default ACLs
75
67
76
68
- SFTP doesn't currently support **Default ACLs** or additional **Access ACLs** (ACL entries beyond the POSIX `user::`, `group::`, and `other::` entries, such as named users or named groups).
77
69
78
70
- If any directory in the access path (including the user's home directory) has Default ACLs or additional Access ACLs set, SFTP operations will fail with `Permission denied`, even when the connecting user has required permissions.
79
71
80
-
**Temporary Workaround:** Remove Default ACLs and additional Access ACLs from all directories in the SFTP access path (including the user's home directory) so that only POSIX `user::`, `group::`, and `other::` entries remain.
72
+
**Workaround:** Remove Default ACLs and additional Access ACLs from all directories in the SFTP access path (including the user's home directory) so that only POSIX `user::`, `group::`, and `other::` entries remain.
81
73
82
74
For more details about ACLs and how you can edit them, see [Access control lists (ACLs)](data-lake-storage-access-control.md).
83
75
76
+
## Networking
77
+
78
+
- To access the storage account using SFTP, your network must allow traffic on port 22.
79
+
80
+
- Static IP addresses aren't supported for storage accounts. This isn't an SFTP specific limitation.
81
+
82
+
- There's a 2-minute time out for idle or inactive connections. OpenSSH will appear to stop responding and then disconnect. Some clients reconnect automatically.
83
+
84
84
## Other
85
85
86
86
- For performance issues and considerations, see [SSH File Transfer Protocol (SFTP) performance considerations in Azure Blob storage](secure-file-transfer-protocol-performance.md).
0 commit comments