Azure Account Unlock service How to Transfer Files to Azure VM Using SFTP

Azure Account / 2026-05-20 13:50:43

Introduction: SFTP, but Make It Azure

Transferring files to a server can feel like a rite of passage. You start out optimistic: “It’s just files.” Then you discover ports, firewalls, authentication methods, and that one setting you swear you turned on. Luckily, SFTP is the adult in the room—secure, straightforward, and far less likely to accidentally expose your entire life story to the internet.

This guide walks you through transferring files to an Azure Virtual Machine using SFTP. We’ll cover what SFTP is, what you need to prepare on Azure, how to connect, how to upload files, and how to troubleshoot problems that tend to show up like uninvited guests at a party.

So, grab your coffee. We’re about to move files. Securely. Like responsible adults.

What You’ll Need Before You Begin

Before pressing the big “transfer” button, gather your essentials. Most SFTP failures come from missing one of these ingredients, like trying to bake a cake without eggs. (Unpleasant.)

Azure VM details

  • Your Azure VM public IP address (or DNS name)
  • The username you’ll log in with
  • Whether you have SSH keys configured (recommended) or a password (not recommended for long-term security)

Network access to the VM

SFTP runs on SSH, typically port 22. That means your local machine must be able to reach the VM on port 22. In Azure, this typically requires the right inbound rules in the VM’s Network Security Group (NSG). If port 22 isn’t allowed, your SFTP client will try politely, then fail loudly, then try again, and then start screaming in its logs.

Azure Account Unlock service An SFTP-capable client

You have options:

  • Azure Account Unlock service GUI: WinSCP (popular on Windows), Cyberduck, FileZilla (SFTP mode)
  • Command line: OpenSSH scp is not SFTP, but sftp is. We’ll use sftp in this article too.

Any SFTP client that supports SSH authentication works. The key point: it must use SFTP (SSH File Transfer Protocol), not some other file magic.

Step 1: Confirm SFTP (SSH) is Enabled on the Azure VM

Azure VMs vary based on OS. Most Linux images have SSH installed, but not always. Windows can also run SSH, but configuration differs. Since “How to Transfer Files to Azure VM Using SFTP” usually implies Linux-based SFTP, we’ll focus on Linux first. If you’re using Windows, tell me and I’ll tailor the steps.

For Linux VMs: check the SSH service

Connect to your VM using whatever access method you have (often SSH or the Azure portal’s console). Then check whether the SSH daemon is running.

Commands you might run (varies by distro):

  • sudo systemctl status ssh
  • or sudo systemctl status sshd

Azure Account Unlock service If it’s not running, start and enable it:

  • sudo systemctl start ssh
  • Azure Account Unlock service sudo systemctl enable ssh

Confirm it listens on the right port

By default, SSH listens on port 22. Verify:

  • sudo ss -tulpn | grep :22

If you changed SSH port (not common for new setups), your SFTP client must match that port too.

Step 2: Open Port 22 in Azure (NSG / Firewall)

This is the part that causes the most “Why won’t it connect?” moments. If you can SSH from the VM itself but not from your laptop, you likely have a network restriction.

Check the VM’s Network Security Group inbound rules

In Azure portal:

  1. Go to Virtual machines
  2. Select your VM
  3. Open Networking
  4. Find the associated Network security group
  5. Open the NSG rules and verify there’s an inbound allow rule for port 22

The rule typically includes:

  • Destination port range: 22
  • Azure Account Unlock service Protocol: TCP
  • Source: either your IP or “Any” (but “Any” is the cybersecurity equivalent of leaving your front door open because you like breeze.

Also consider the OS-level firewall

Even if Azure allows port 22, the VM OS might block it. Check basic firewall status:

  • sudo ufw status
  • or check iptables rules if you’ve inherited an ancient setup

If you need to allow SSH through UFW:

  • sudo ufw allow 22/tcp

Then test again.

Step 3: Choose Authentication (SSH Key Recommended)

Azure Account Unlock service SFTP works with SSH authentication. You can authenticate with a password or SSH keys. For most real-world setups, keys are preferred because they’re harder to guess and typically easier to automate securely.

Using SSH keys

Typical approach:

  • Generate an SSH key pair locally
  • Copy the public key to the VM user account (in ~/.ssh/authorized_keys)
  • Use the private key in your SFTP client

If you’re new to SSH keys, here’s a common (Linux/macOS) workflow:

  • ssh-keygen -t ed25519
  • Copy the public key to the VM (commonly via ssh-copy-id)

Windows users can generate keys using tools like PuTTYgen or built-in OpenSSH tools, depending on their setup.

Permissions matter (because Linux enjoys rules)

SSH and SFTP are picky about file permissions. If your ~/.ssh permissions or authorized_keys permissions are wrong, authentication might fail with errors that sound like they were written by a haunted typewriter.

Common safe permissions:

  • chmod 700 ~/.ssh
  • chmod 600 ~/.ssh/authorized_keys

Step 4: Test SFTP Connectivity First (Before Uploading Anything)

Try a basic connection check. If you jump straight into uploading files and something is wrong, you’ll lose time and sanity.

Test with the OpenSSH client

From your local machine (macOS/Linux/Windows with OpenSSH installed), run:

  • sftp <username>@<vm-public-ip>

If it connects, you’ll see an sftp> prompt. If it fails, read the error message carefully. Often it points to one of these:

  • Network/NSG blocking port 22
  • Wrong username
  • SSH service not running
  • Wrong authentication method

Step 5: Transfer Files Using a Command-Line SFTP Client

Command-line SFTP is reliable, scriptable, and generally immune to GUI drama. Here’s how to upload files once you’ve connected.

Connect

  • sftp <username>@<vm-public-ip>

If using a non-default SSH key, you can specify it:

  • sftp -i /path/to/private_key <username>@<vm-public-ip>

Navigate directories

In the SFTP session:

  • pwd shows the current remote directory
  • lpwd shows your local current directory
  • cd /remote/path changes remote directory
  • lcd ./local/path changes local directory
  • ls lists remote files
  • ls -l lists with details

Upload a file

In the SFTP prompt:

  • put localfile.txt

To upload with a different remote name:

  • put localfile.txt remotenewname.txt

Upload a whole folder (the sane way)

Standard SFTP can upload multiple files, but directory recursion depends on your client. A common approach is to upload a zip file, then extract it on the VM. That’s usually faster than wrestling with SFTP’s “it depends” behavior.

Example workflow:

  1. Create a zip locally
  2. Upload the zip using put
  3. Extract remotely using SSH or an SFTP command sequence

Download a file (if you ever need to reverse the flow)

  • get remotefile.txt

Quit

  • bye

Step 6: Transfer Files Using WinSCP (GUI Option)

If you prefer clicking buttons instead of typing commands (fair), WinSCP is a popular choice on Windows. The logic is the same, but the interface is friendlier than a terminal prompt that stares at you like it’s waiting for you to mess up.

Create a new site

  1. Open WinSCP
  2. Click New Site
  3. Choose File protocol: SFTP
  4. Enter Host name (your VM public IP or DNS)
  5. Enter Port (usually 22)
  6. Enter User name (your Linux user)

Authentication settings

  • For password: enter it (not recommended for production if you can avoid it)
  • For SSH key: provide the private key file in WinSCP’s advanced settings

Connect

Click Login. On first connection, you may be prompted to accept the server host key. That’s normal. WinSCP is basically saying, “Are you sure this is the correct server?”

If you know the key fingerprint matches what you expect, accept it. If not, stop and investigate. You don’t want to accidentally upload files to a stranger’s machine because the universe decided to be chaotic.

Upload files

Once connected:

  • Use the left pane for local files
  • Use the right pane for remote files
  • Drag and drop files to the remote directory you want

You’ll see upload progress, and you can confirm the file exists on the remote side.

Where Should You Upload Files On the VM?

Choosing the right destination directory saves you from permission headaches and “why can’t my app see this file?” mysteries.

Azure Account Unlock service Common locations

  • /home/<user>/uploads (friendly for user-level apps)
  • /var/www/html (web content for Apache/Nginx depending on setup)
  • Azure Account Unlock service /opt/<app>/ (applications you manage)
  • /tmp (temporary files; not for anything you want to survive a reboot)

Create the directory first

On the VM, create a destination folder if it doesn’t exist:

  • mkdir -p ~/uploads

Then upload into that path. This avoids the classic trap of uploading into / and discovering you can’t write there because you’re not running as the superuser (which is, honestly, a good thing).

Permissions and Ownership: The Usual Suspects

SFTP itself only moves files. It does not automatically solve permission problems. After uploading, check ownership and permissions if your application can’t read the files.

Check ownership

On the VM:

  • ls -l /path/to/file

If the file belongs to the correct user, you’re usually good. If it belongs to someone else (or a different group), your app might be unable to access it.

Adjust permissions if needed

Be cautious with permission changes—especially world-writable directories. Still, common fixes include:

  • Change ownership:

sudo chown <user>:<group> /path/to/file

  • Change permissions (only when appropriate):

chmod 644 /path/to/file

For directories:

chmod 755 /path/to/directory

Troubleshooting: When SFTP Won’t Cooperate

Let’s talk about the greatest hits of SFTP failure. You know the ones. The errors that sound like they were designed to humble you.

1) “Connection refused”

Meaning: the VM is not accepting connections on that port.

  • SSH service isn’t running on the VM
  • Wrong port number in the SFTP client
  • Azure NSG rule doesn’t allow inbound TCP/22
  • OS firewall blocks the port

2) “Timed out”

Meaning: packets aren’t getting to the VM (network path issue).

  • NSG inbound rule missing
  • Azure Account Unlock service Source IP not allowed
  • Public IP misconfigured or using the wrong IP

3) “Authentication failed”

Meaning: you reached the server, but credentials didn’t match.

  • Wrong username
  • Wrong password
  • SSH key not installed in ~/.ssh/authorized_keys
  • Key has wrong permissions on client or server

4) “Server unexpectedly closed connection”

Meaning: the server terminated the session, often due to configuration or permission issues.

  • SSH configuration restrictions (e.g., user denied)
  • Fail2ban or security policies triggered
  • Disk full or file permission problems causing the session to fail

Check SSH logs on Linux (command varies by distro):

  • sudo journalctl -u ssh --since "10 minutes ago"

5) “Permission denied” after upload

Meaning: the file arrived, but the destination directory permissions don’t allow your user to write there or your app can’t read it.

  • Upload to a directory under your user home
  • Fix ownership/permissions on the VM

Security Best Practices (So You Don’t Turn This into a Scary Story)

It’s tempting to set rules to “Any” and “Password” because it works… for five minutes. Then you wake up to an email titled something like “Suspicious login attempts detected.” Don’t become that person.

Prefer SSH keys over passwords

Keys are more secure and easier to rotate. If your workflow requires passwords, still consider reducing exposure with MFA or at least strong passwords and limited access.

Limit NSG inbound access

Restrict port 22 to your IP address range if possible. Or, if you have a corporate network, restrict it to your VPN IP range. Less exposure equals fewer drama tickets.

Use least-privilege accounts

Don’t upload files as root unless you truly mean it. Create a dedicated user for file uploads and application access.

Consider private connectivity (advanced)

If your environment supports it, you can avoid public exposure by using private networking patterns and bastion hosts. This article keeps things straightforward, but the security improvements can be significant.

Automation Option: Upload Files in Scripts

Once SFTP works manually, you can automate file transfers for deployments, backups, or routine updates.

Use sftp in batch mode

With command-line SFTP, you can create a batch file containing commands like:

  • cd /remote/path
  • put ./localfile.txt
  • bye

Then run SFTP with that batch file (exact syntax depends on your OS and OpenSSH version). The point is: you’re no longer clicking around. You’re just delegating tasks to the computer, like a proper wizard.

For larger deployments: consider CI/CD tools

Many teams use pipelines that combine artifact builds with secure transfers. SFTP can still be used, but sometimes tools like Azure DevOps, GitHub Actions, or configuration management utilities provide smoother workflows.

FAQ: Quick Answers to Common Questions

Do I need to install SFTP on the VM?

You typically need SSH server, not “SFTP” separately. SFTP is part of the SSH server on most systems. So enabling SSH is the real requirement.

Can I use a different port than 22?

Yes, but then you must configure your SSH daemon accordingly and update NSG rules and the SFTP client port. Port changes can reduce noise from random scans, but they also introduce configuration complexity.

Is SFTP encrypted?

Yes. SFTP encrypts the connection using SSH, which is why it’s generally considered secure for file transfers.

Why does WinSCP ask to accept the host key?

Because it’s the first time your client has connected and it wants to verify the server identity. It helps prevent man-in-the-middle attacks.

Conclusion: File Transfer, Finally Without the Panic

You now have a solid, repeatable path to transfer files to an Azure VM using SFTP. The main checklist is simple:

  • Ensure SSH/SFTP is running on the VM
  • Open and verify inbound connectivity to port 22 in Azure (and the OS firewall if needed)
  • Use correct credentials (SSH keys recommended)
  • Test connection before uploading
  • Upload to a destination directory where your user has the right permissions
  • Troubleshoot systematically when something fails

Once you do it a couple times, it becomes routine—like making toast. The first time, you’re nervous. The second time, you feel powerful. The third time, you accidentally burn it and laugh because you’re human.

If you’d like, tell me your VM OS (Ubuntu, Debian, CentOS, Windows Server, etc.) and whether you’re using password or SSH keys, and I’ll tailor the exact steps and commands to match your setup.

TelegramContact Us
CS ID
@cloudcup
Contact
TelegramSupport
CS ID
@yanhuacloud
Contact