SSH authentication uses SSH keys to authenticate SFTP connections instead of, or in combination with, a user ID and password. An SSH public key and private key pair are required in this case. Generate a key pair on your computer (SFTP client), and copy the public key to the SFTP server. Sysax Multi Server is a Secure FTP Server and SSH2 Secure Shell Server combined into a single product. It simultaneously supports remote access and file transfer using FTP, FTPS, SFTP, Telnet, and Secure Shell. It also supports web based file transfer using HTTP and HTTPS. The interface is very user friendly and easy to setup.
-->APPLIES TO: Azure Data Factory Azure Synapse Analytics
This article outlines how to copy data from and to the secure FTP (SFTP) server. To learn about Azure Data Factory, read the introductory article.
Supported capabilities
The SFTP connector is supported for the following activities:
- Copy activity with supported source/sink matrix
Specifically, the SFTP connector supports:
- Copying files from and to the SFTP server by using Basic, SSH public key or multi-factor authentication.
- Copying files as is or by parsing or generating files with the supported file formats and compression codecs.
Prerequisites
If your data store is located inside an on-premises network, an Azure virtual network, or Amazon Virtual Private Cloud, you need to configure a self-hosted integration runtime to connect to it.
Alternatively, if your data store is a managed cloud data service, you can use Azure integration runtime. If the access is restricted to IPs that are approved in the firewall rules, you can add Azure Integration Runtime IPs into the allow list.
For more information about the network security mechanisms and options supported by Data Factory, see Data access strategies.
Get started
To perform the Copy activity with a pipeline, you can use one of the following tools or SDKs:
The following sections provide details about properties that are used to define Data Factory entities specific to SFTP.
Linked service properties
The following properties are supported for the SFTP linked service:
| Property | Description | Required |
|---|---|---|
| type | The type property must be set to Sftp. | Yes |
| host | The name or IP address of the SFTP server. | Yes |
| port | The port on which the SFTP server is listening. The allowed value is an integer, and the default value is 22. | No |
| skipHostKeyValidation | Specify whether to skip host key validation. Allowed values are true and false (default). | No |
| hostKeyFingerprint | Specify the fingerprint of the host key. | Yes, if the 'skipHostKeyValidation' is set to false. |
| authenticationType | Specify the authentication type. Allowed values are Basic, SshPublicKey and MultiFactor. For more properties, see the Use basic authentication section. For JSON examples, see the Use SSH public key authentication section. | Yes |
| connectVia | The integration runtime to be used to connect to the data store. To learn more, see the Prerequisites section. If the integration runtime isn't specified, the service uses the default Azure Integration Runtime. | No |
Use basic authentication
To use basic authentication, set the authenticationType property to Basic, and specify the following properties in addition to the SFTP connector generic properties that were introduced in the preceding section:
| Property | Description | Required |
|---|---|---|
| userName | The user who has access to the SFTP server. | Yes |
| password | The password for the user (userName). Mark this field as a SecureString to store it securely in your data factory, or reference a secret stored in an Azure key vault. | Yes |
Example:
Use SSH public key authentication
To use SSH public key authentication, set 'authenticationType' property as SshPublicKey, and specify the following properties besides the SFTP connector generic ones introduced in the last section:
| Property | Description | Required |
|---|---|---|
| userName | The user who has access to the SFTP server. | Yes |
| privateKeyPath | Specify the absolute path to the private key file that the integration runtime can access. This applies only when the self-hosted type of integration runtime is specified in 'connectVia.' | Specify either privateKeyPath or privateKeyContent. |
| privateKeyContent | Base64 encoded SSH private key content. SSH private key should be OpenSSH format. Mark this field as a SecureString to store it securely in your data factory, or reference a secret stored in an Azure key vault. | Specify either privateKeyPath or privateKeyContent. |
| passPhrase | Specify the pass phrase or password to decrypt the private key if the key file or the key content is protected by a pass phrase. Mark this field as a SecureString to store it securely in your data factory, or reference a secret stored in an Azure key vault. | Yes, if the private key file or the key content is protected by a pass phrase. |
Note
The SFTP connector supports an RSA/DSA OpenSSH key. Make sure that your key file content starts with '-----BEGIN [RSA/DSA] PRIVATE KEY-----'. If the private key file is a PPK-format file, use the PuTTY tool to convert from PPK to OpenSSH format.
Example 1: SshPublicKey authentication using private key filePath
Example 2: SshPublicKey authentication using private key content
Use multi-factor authentication
To use multi-factor authentication which is a combination of basic and SSH public key authentications, specify the user name, password and the private key info described in above sections.
Example: multi-factor authentication
Dataset properties
For a full list of sections and properties that are available for defining datasets, see the Datasets article.
Azure Data Factory supports the following file formats. Refer to each article for format-based settings.
The following properties are supported for SFTP under location settings in the format-based dataset:
| Property | Description | Required |
|---|---|---|
| type | The type property under location in dataset must be set to SftpLocation. | Yes |
| folderPath | The path to the folder. If you want to use a wildcard to filter the folder, skip this setting and specify the path in activity source settings. | No |
| fileName | The file name under the specified folderPath. If you want to use a wildcard to filter files, skip this setting and specify the file name in activity source settings. | No |
Example:
Copy activity properties
For a full list of sections and properties that are available for defining activities, see the Pipelines article. This section provides a list of properties that are supported by the SFTP source.
SFTP as source
Azure Data Factory supports the following file formats. Refer to each article for format-based settings.
The following properties are supported for SFTP under the storeSettings settings in the format-based Copy source:
| Property | Description | Required |
|---|---|---|
| type | The type property under storeSettings must be set to SftpReadSettings. | Yes |
| Locate the files to copy | ||
| OPTION 1: static path | Copy from the folder/file path that's specified in the dataset. If you want to copy all files from a folder, additionally specify wildcardFileName as *. | |
| OPTION 2: wildcard - wildcardFolderPath | The folder path with wildcard characters to filter source folders. Allowed wildcards are * (matches zero or more characters) and ? (matches zero or a single character); use ^ to escape if your actual folder name has a wildcard or this escape char inside. For more examples, see Folder and file filter examples. | No |
| OPTION 2: wildcard - wildcardFileName | The file name with wildcard characters under the specified folderPath/wildcardFolderPath to filter source files. Allowed wildcards are * (matches zero or more characters) and ? (matches zero or a single character); use ^ to escape if your actual file name has wildcard or this escape char inside. For more examples, see Folder and file filter examples. | Yes |
| OPTION 3: a list of files - fileListPath | Indicates to copy a specified file set. Point to a text file that includes a list of files you want to copy (one file per line, with the relative path to the path configured in the dataset). When you use this option, don't specify the file name in the dataset. For more examples, see File list examples. | No |
| Additional settings | ||
| recursive | Indicates whether the data is read recursively from the subfolders or only from the specified folder. When recursive is set to true and the sink is a file-based store, an empty folder or subfolder isn't copied or created at the sink. Allowed values are true (default) and false. This property doesn't apply when you configure fileListPath. | No |
| deleteFilesAfterCompletion | Indicates whether the binary files will be deleted from source store after successfully moving to the destination store. The file deletion is per file, so when copy activity fails, you will see some files have already been copied to the destination and deleted from source, while others are still remaining on source store. This property is only valid in binary files copy scenario. The default value: false. | No |
| modifiedDatetimeStart | Files are filtered based on the attribute Last Modified. The files are selected if their last modified time is within the range of modifiedDatetimeStart to modifiedDatetimeEnd. The time is applied to the UTC time zone in the format of 2018-12-01T05:00:00Z. The properties can be NULL, which means that no file attribute filter is applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, it means that the files whose last modified attribute is greater than or equal to the datetime value are selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, it means that the files whose last modified attribute is less than the datetime value are selected.This property doesn't apply when you configure fileListPath. | No |
| modifiedDatetimeEnd | Same as above. | No |
| enablePartitionDiscovery | For files that are partitioned, specify whether to parse the partitions from the file path and add them as additional source columns. Allowed values are false (default) and true. | No |
| partitionRootPath | When partition discovery is enabled, specify the absolute root path in order to read partitioned folders as data columns. If it is not specified, by default, - When you use file path in dataset or list of files on source, partition root path is the path configured in dataset. - When you use wildcard folder filter, partition root path is the sub-path before the first wildcard. For example, assuming you configure the path in dataset as 'root/folder/year=2020/month=08/day=27': - If you specify partition root path as 'root/folder/year=2020', copy activity will generate two more columns month and day with value '08' and '27' respectively, in addition to the columns inside the files.- If partition root path is not specified, no extra column will be generated. | No |
| maxConcurrentConnections | The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections. | No |
Example:
SFTP as a sink
Azure Data Factory supports the following file formats. Refer to each article for format-based settings.
The following properties are supported for SFTP under storeSettings settings in a format-based Copy sink:
| Property | Description | Required |
|---|---|---|
| type | The type property under storeSettings must be set to SftpWriteSettings. | Yes |
| copyBehavior | Defines the copy behavior when the source is files from a file-based data store. Allowed values are: - PreserveHierarchy (default): Preserves the file hierarchy in the target folder. The relative path of the source file to the source folder is identical to the relative path of the target file to the target folder. - FlattenHierarchy: All files from the source folder are in the first level of the target folder. The target files have autogenerated names. - MergeFiles: Merges all files from the source folder to one file. If the file name is specified, the merged file name is the specified name. Otherwise, it's an autogenerated file name. | No |
| maxConcurrentConnections | The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections. | No |
| useTempFileRename | Indicate whether to upload to temporary files and rename them, or directly write to the target folder or file location. By default, Azure Data Factory first writes to temporary files and then renames them when the upload is finished. This sequence helps to (1) avoid conflicts that might result in a corrupted file if you have other processes writing to the same file, and (2) ensure that the original version of the file exists during the transfer. If your SFTP server doesn't support a rename operation, disable this option and make sure that you don't have a concurrent write to the target file. For more information, see the troubleshooting tip at the end of this table. | No. Default value is true. |
| operationTimeout | The wait time before each write request to SFTP server times out. Default value is 60 min (01:00:00). | No |
Tip
If you receive the error 'UserErrorSftpPathNotFound,' 'UserErrorSftpPermissionDenied,' or 'SftpOperationFail' when you're writing data into SFTP, and the SFTP user you use does have the proper permissions, check to see whether your SFTP server support file rename operation is working. If it isn't, disable the Upload with temp file (useTempFileRename) option and try again. To learn more about this property, see the preceding table. If you use a self-hosted integration runtime for the Copy activity, be sure to use version 4.6 or later.
Example:
Folder and file filter examples
This section describes the behavior that results from using wildcard filters with folder paths and file names.
| folderPath | fileName | recursive | Source folder structure and filter result (files in bold are retrieved) |
|---|---|---|---|
Folder* | (empty, use default) | false | FolderA File1.csv File2.json Subfolder1 File3.csv File4.json File5.csv AnotherFolderB File6.csv |
Folder* | (empty, use default) | true | FolderA File1.csv File2.json Subfolder1 File3.csv File4.json File5.csv AnotherFolderB File6.csv |
Folder* | *.csv | false | FolderA File1.csv File2.json Subfolder1 File3.csv File4.json File5.csv AnotherFolderB File6.csv |
Folder* | *.csv | true | FolderA File1.csv File2.json Subfolder1 File3.csv File4.json File5.csv AnotherFolderB File6.csv |
File list examples
This table describes the behavior that results from using a file list path in the Copy activity source. It assumes that you have the following source folder structure and want to copy the files that are in bold type:
| Sample source structure | Content in FileListToCopy.txt | Azure Data Factory configuration |
|---|---|---|
| root FolderA File1.csv File2.json Subfolder1 File3.csv File4.json File5.csv Metadata FileListToCopy.txt | File1.csv Subfolder1/File3.csv Subfolder1/File5.csv | In the dataset: - Folder path: root/FolderAIn the Copy activity source: - File list path: root/Metadata/FileListToCopy.txtThe file list path points to a text file in the same data store that includes a list of files you want to copy (one file per line, with the relative path to the path configured in the dataset). |
Lookup activity properties
For information about Lookup activity properties, see Lookup activity in Azure Data Factory.
GetMetadata activity properties
For information about GetMetadata activity properties, see GetMetadata activity in Azure Data Factory.
Delete activity properties
For information about Delete activity properties, see Delete activity in Azure Data Factory.
Legacy models
Ssh To Sftp Server Linux
Note
The following models are still supported as is for backward compatibility. We recommend that you use the previously discussed new model, because the Azure Data Factory authoring UI has switched to generating the new model.
Legacy dataset model
| Property | Description | Required |
|---|---|---|
| type | The type property of the dataset must be set to FileShare. | Yes |
| folderPath | The path to the folder. A wildcard filter is supported. Allowed wildcards are * (matches zero or more characters) and ? (matches zero or a single character); use ^ to escape if your actual file name has a wildcard or this escape char inside. Examples: rootfolder/subfolder/, see more examples in Folder and file filter examples. | Yes |
| fileName | Name or wildcard filter for the files under the specified 'folderPath'. If you don't specify a value for this property, the dataset points to all files in the folder. For filter, the allowed wildcards are * (matches zero or more characters) and ? (matches zero or a single character).- Example 1: 'fileName': '*.csv'- Example 2: 'fileName': '???20180427.txt'Use ^ to escape if your actual folder name has wildcard or this escape char inside. | No |
| modifiedDatetimeStart | Files are filtered based on the attribute Last Modified. The files are selected if their last modified time is within the range of modifiedDatetimeStart to modifiedDatetimeEnd. The time is applied to UTC time zone in the format of 2018-12-01T05:00:00Z. The overall performance of data movement will be affected by enabling this setting when you want to do file filter from large numbers of files. The properties can be NULL, which means that no file attribute filter is applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, it means that the files whose last modified attribute is greater than or equal to the datetime value are selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, it means that the files whose last modified attribute is less than the datetime value are selected. | No |
| modifiedDatetimeEnd | Files are filtered based on the attribute Last Modified. The files are selected if their last modified time is within the range of modifiedDatetimeStart to modifiedDatetimeEnd. The time is applied to UTC time zone in the format of 2018-12-01T05:00:00Z. The overall performance of data movement will be affected by enabling this setting when you want to do file filter from large numbers of files. The properties can be NULL, which means that no file attribute filter is applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, it means that the files whose last modified attribute is greater than or equal to the datetime value are selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, it means that the files whose last modified attribute is less than the datetime value are selected. | No |
| format | If you want to copy files as is between file-based stores (binary copy), skip the format section in both input and output dataset definitions. If you want to parse files with a specific format, the following file format types are supported: TextFormat, JsonFormat, AvroFormat, OrcFormat, and ParquetFormat. Set the type property under format to one of these values. For more information, see Text format, Json format, Avro format, Orc format, and Parquet format sections. | No (only for binary copy scenario) |
| compression | Specify the type and level of compression for the data. For more information, see Supported file formats and compression codecs. Supported types are GZip, Deflate, BZip2, and ZipDeflate. Supported levels are Optimal and Fastest. | No |
Tip
To copy all files under a folder, specify folderPath only.
To copy a single file with a specified name, specify folderPath with the folder part and fileName with the file name.
To copy a subset of files under a folder, specify folderPath with the folder part and fileName with the wildcard filter.
Note
If you were using fileFilter property for the file filter, it is still supported as is, but we recommend that you use the new filter capability added to fileName from now on.
Ssh Sftp Server Android
Example:
Legacy Copy activity source model
| Property | Description | Required |
|---|---|---|
| type | The type property of the Copy activity source must be set to FileSystemSource | Yes |
| recursive | Indicates whether the data is read recursively from the subfolders or only from the specified folder. When recursive is set to true and the sink is a file-based store, empty folders and subfolders won't be copied or created at the sink. Allowed values are true (default) and false | No |
| maxConcurrentConnections | The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections. | No |
Example:
Next steps
For a list of data stores that are supported as sources and sinks by the Copy activity in Azure Data Factory, see supported data stores.