SFTP Gateway Support

3.0

Azure Government Cloud

Overview

When deploying SFTP Gateway to Azure Government cloud, you will run into errors when trying to connect to Blob storage. This is because SFTP Gateway by default connects to the global Azure cloud.

To fix this, you need to edit an Azure configuration file so that az commands point to the Azure Government cloud by default.

Errors connecting to your Storage Account

When setting up your SFTP Gateway VM, you run the following command to connect to your Storage Account:

sudo storage-account-setup

If you deployed your VM into the Azure Government cloud, you may get a timeout error:

HTTPSConnectionPool(host='your-storage-account-name.blob.core.windows.net', 
port=443): Max retries exceeded with url: /?comp=list&maxresults=5000 
(Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection 
object at 0x7f8f02c4e160>: Failed to establish a new connection: 
[Errno -2] Name or service not known',))

This indicates that the Azure CLI is attempting to connect to the global Azure cloud (core.windows.net).

Instead, you want to point to the Azure Government cloud (core.usgovcloudapi.net).

Determine your current cloud environment

To determine which cloud environment the Azure CLI is pointing to, run this command:

sudo az cloud show --output table

IsActive    Name        Profile
----------  ----------  ---------
True        AzureCloud  latest

In this case, I am using AzureCloud, which is the default commercial cloud. (You want this to say AzureUSGovernment.)

You can also determine your current storage endpoint with this command:

sudo az cloud show --query suffixes.storageEndpoint

"core.windows.net"

Again, you want this to say core.usgovcloudapi.net.

Changing your cloud environment

To temporarily change your cloud environment, you can run this command:

sudo az cloud set --name AzureUSGovernment

But this is just a temporary measure.

To persist this change across reboots, edit the following file:

sudo vi /root/.azure/config

And change AzureCloud to AzureUSGovernment. The file's contents should end up looking like this:

[cloud]
name = AzureUSGovernment

Then re-run the commands mentioned above and verify your cloud environment:

sudo az cloud show --output table
sudo az cloud show --query suffixes.storageEndpoint
Azure Pointing Uploads to DownloadsAzure Multiple SSH Keys per User