From c235e2678646f29d910a2af1ab05599d0831000b Mon Sep 17 00:00:00 2001 From: Yabo Hu Date: Tue, 23 Sep 2025 16:43:01 +0800 Subject: [PATCH 1/2] add module page --- src/Sftp/Sftp/help/Az.Sftp.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 src/Sftp/Sftp/help/Az.Sftp.md diff --git a/src/Sftp/Sftp/help/Az.Sftp.md b/src/Sftp/Sftp/help/Az.Sftp.md new file mode 100644 index 000000000000..519fad3c10dc --- /dev/null +++ b/src/Sftp/Sftp/help/Az.Sftp.md @@ -0,0 +1,19 @@ +--- +Module Name: Az.Sftp +Module Guid: a1832bbb-ec22-4694-9450-cdf6ee642705 +Download Help Link: https://learn.microsoft.com/powershell/module/az.sftp +Help Version: 0.0.1.0 +Locale: en-US +--- + +# Az.Sftp Module +## Description +SFTP module for Azure Storage. Provides cmdlets to generate SSH certificates and establish secure SFTP connections to Azure Storage accounts with hierarchical namespace enabled. For more information on Azure Storage SFTP support, please visit: https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support + +## Az.Sftp Cmdlets +### [Connect-AzSftp](Connect-AzSftp.md) +Starts an interactive SFTP session to an Azure Storage Account. +Users can login using Microsoft Entra accounts, or local user accounts via standard SSH authentication. Use Microsoft Entra account login for the best security and convenience. + +### [New-AzSftpCertificate](New-AzSftpCertificate.md) +Generate SSH certificates for SFTP authentication using Azure AD credentials. \ No newline at end of file From e3d00349811602f17d0352a506a11976febc3480 Mon Sep 17 00:00:00 2001 From: Yabo Hu Date: Tue, 23 Sep 2025 16:50:39 +0800 Subject: [PATCH 2/2] rename Azure AD to Microsoft Entra --- src/Sftp/Sftp/Az.Sftp.psd1 | 2 +- src/Sftp/Sftp/CHANGELOG.md | 2 +- src/Sftp/Sftp/Models/PSCertificateInfo.cs | 2 +- src/Sftp/Sftp/README.md | 4 ++-- .../Sftp/SftpCommands/ConnectAzSftpCommand.cs | 12 ++++++------ .../SftpCommands/NewAzSftpCertificateCommand.cs | 12 ++++++------ src/Sftp/Sftp/UX/Microsoft.Storage/sftp.json | 4 ++-- src/Sftp/Sftp/help/Az.Sftp.md | 2 +- src/Sftp/Sftp/help/Connect-AzSftp.md | 4 ++-- src/Sftp/Sftp/help/New-AzSftpCertificate.md | 16 ++++++++-------- 10 files changed, 30 insertions(+), 30 deletions(-) diff --git a/src/Sftp/Sftp/Az.Sftp.psd1 b/src/Sftp/Sftp/Az.Sftp.psd1 index 393b041336b9..41e3668810a7 100644 --- a/src/Sftp/Sftp/Az.Sftp.psd1 +++ b/src/Sftp/Sftp/Az.Sftp.psd1 @@ -109,7 +109,7 @@ PrivateData = @{ # ReleaseNotes of this module ReleaseNotes = '* Initial release of Az.Sftp module providing Azure Storage SFTP support * Connect-AzSftp: Establish SFTP connections to Azure Storage accounts with multiple authentication modes -* New-AzSftpCertificate: Generate SSH certificates using Azure AD credentials for SFTP authentication +* New-AzSftpCertificate: Generate SSH certificates using Microsoft Entra credentials for SFTP authentication * Support for automatic certificate generation, certificate-based authentication, and key-based authentication * Cross-platform support for Windows, Linux, and macOS * Integration with Azure PowerShell authentication context' diff --git a/src/Sftp/Sftp/CHANGELOG.md b/src/Sftp/Sftp/CHANGELOG.md index b16ba5ae71f8..f201a0052f18 100644 --- a/src/Sftp/Sftp/CHANGELOG.md +++ b/src/Sftp/Sftp/CHANGELOG.md @@ -20,7 +20,7 @@ ## Upcoming Release * Initial release of Az.Sftp module -* Added `New-AzSftpCertificate` cmdlet for generating SSH certificates using Azure AD credentials +* Added `New-AzSftpCertificate` cmdlet for generating SSH certificates using Microsoft Entra credentials - Automatic SSH key pair generation - Certificate generation for existing public keys - Support for custom certificate paths diff --git a/src/Sftp/Sftp/Models/PSCertificateInfo.cs b/src/Sftp/Sftp/Models/PSCertificateInfo.cs index 5a60e9386854..de70b06fc032 100644 --- a/src/Sftp/Sftp/Models/PSCertificateInfo.cs +++ b/src/Sftp/Sftp/Models/PSCertificateInfo.cs @@ -47,7 +47,7 @@ public class PSCertificateInfo public DateTime? ValidUntil { get; set; } /// - /// Azure AD principal used for certificate generation + /// Microsoft Entra principal used for certificate generation /// public string Principal { get; set; } diff --git a/src/Sftp/Sftp/README.md b/src/Sftp/Sftp/README.md index d25ece0f2b9a..9939eea40a3a 100644 --- a/src/Sftp/Sftp/README.md +++ b/src/Sftp/Sftp/README.md @@ -2,7 +2,7 @@ This module provides PowerShell cmdlets for securely connecting to Azure Storage accounts using SFTP (SSH File Transfer Protocol). ## Overview -Az.Sftp enables you to establish secure SFTP connections to Azure Storage accounts with hierarchical namespace enabled. The module supports multiple authentication modes including automatic Azure AD certificate generation. +Az.Sftp enables you to establish secure SFTP connections to Azure Storage accounts with hierarchical namespace enabled. The module supports multiple authentication modes including automatic Microsoft Entra certificate generation. ## Requirements - Azure Storage account with SFTP enabled @@ -20,7 +20,7 @@ Install-Module -Name Az.Sftp # Connect to Azure Connect-AzAccount -# Connect to storage account using Azure AD authentication +# Connect to storage account using Microsoft Entra authentication Connect-AzSftp -StorageAccount "mystorageaccount" ``` diff --git a/src/Sftp/Sftp/SftpCommands/ConnectAzSftpCommand.cs b/src/Sftp/Sftp/SftpCommands/ConnectAzSftpCommand.cs index 53e46df6016f..8c13aeb5e309 100644 --- a/src/Sftp/Sftp/SftpCommands/ConnectAzSftpCommand.cs +++ b/src/Sftp/Sftp/SftpCommands/ConnectAzSftpCommand.cs @@ -52,7 +52,7 @@ public class ConnectAzSftpCommand : SftpBaseCmdlet public int? Port { get; set; } [Parameter(Mandatory = false, ParameterSetName = DefaultParameterSet, HelpMessage = "Path to SSH certificate file for authentication. If not provided, a certificate will be generated automatically.")] - [Parameter(Mandatory = true, ParameterSetName = CertificateAuthParameterSet, HelpMessage = "Path to SSH certificate file for authentication. Must be generated with New-AzSftpCertificate or compatible Azure AD certificate.")] + [Parameter(Mandatory = true, ParameterSetName = CertificateAuthParameterSet, HelpMessage = "Path to SSH certificate file for authentication. Must be generated with New-AzSftpCertificate or compatible Microsoft Entra certificate.")] [ValidateNotNullOrEmpty] public string CertificateFile { get; set; } @@ -67,7 +67,7 @@ public class ConnectAzSftpCommand : SftpBaseCmdlet [ValidateNotNullOrEmpty] public string PublicKeyFile { get; set; } - [Parameter(Mandatory = true, ParameterSetName = LocalUserAuthParameterSet, HelpMessage = "Username for a local user configured on the storage account. When specified, uses local user authentication instead of Azure AD.")] + [Parameter(Mandatory = true, ParameterSetName = LocalUserAuthParameterSet, HelpMessage = "Username for a local user configured on the storage account. When specified, uses local user authentication instead of Microsoft Entra.")] [ValidateNotNullOrEmpty] public string LocalUser { get; set; } @@ -114,10 +114,10 @@ protected override void ProcessRecord() switch (ParameterSetName) { case DefaultParameterSet: - // Azure AD authentication (automatic certificate generation) + // Microsoft Entra authentication (automatic certificate generation) if (string.IsNullOrEmpty(CertificateFile) && string.IsNullOrEmpty(PublicKeyFile) && string.IsNullOrEmpty(PrivateKeyFile)) { - WriteVerbose("Fully managed mode: No credentials provided, using Azure AD authentication"); + WriteVerbose("Fully managed mode: No credentials provided, using Microsoft Entra authentication"); autoGenerateCert = true; deleteCert = true; deleteKeys = true; @@ -132,7 +132,7 @@ protected override void ProcessRecord() } else { - WriteVerbose("Using provided keys for Azure AD certificate generation"); + WriteVerbose("Using provided keys for Microsoft Entra certificate generation"); autoGenerateCert = true; deleteCert = true; } @@ -155,7 +155,7 @@ protected override void ProcessRecord() } Host.UI.WriteLine(ConsoleColor.Blue, Host.UI.RawUI.BackgroundColor, - autoGenerateCert ? "Generating temporary credentials using Azure AD authentication..." + autoGenerateCert ? "Generating temporary credentials using Microsoft Entra authentication..." : "Using provided certificate for authentication..."); break; diff --git a/src/Sftp/Sftp/SftpCommands/NewAzSftpCertificateCommand.cs b/src/Sftp/Sftp/SftpCommands/NewAzSftpCertificateCommand.cs index 7b6f6785c120..275e4b5e5cde 100644 --- a/src/Sftp/Sftp/SftpCommands/NewAzSftpCertificateCommand.cs +++ b/src/Sftp/Sftp/SftpCommands/NewAzSftpCertificateCommand.cs @@ -23,7 +23,7 @@ namespace Microsoft.Azure.PowerShell.Cmdlets.Sftp.SftpCommands { /// - /// Generate SSH certificate for SFTP authentication using Azure AD + /// Generate SSH certificate for SFTP authentication using Microsoft Entra /// [Cmdlet(VerbsCommon.New, "AzSftpCertificate", DefaultParameterSetName = DefaultParameterSet, SupportsShouldProcess = true)] [OutputType(typeof(PSCertificateInfo))] @@ -43,12 +43,12 @@ public class NewAzSftpCertificateCommand : SftpBaseCmdlet [Alias("OutputFile", "o")] public string CertificatePath { get; set; } - [Parameter(Mandatory = true, ParameterSetName = FromPublicKeyParameterSet, HelpMessage = "Path to existing SSH public key file for which to generate a certificate using Azure AD.")] + [Parameter(Mandatory = true, ParameterSetName = FromPublicKeyParameterSet, HelpMessage = "Path to existing SSH public key file for which to generate a certificate using Microsoft Entra.")] [ValidateNotNullOrEmpty] [Alias("p")] public string PublicKeyFile { get; set; } - [Parameter(Mandatory = true, ParameterSetName = FromPrivateKeyParameterSet, HelpMessage = "Path to existing SSH private key file. The corresponding public key will be used to generate a certificate using Azure AD.")] + [Parameter(Mandatory = true, ParameterSetName = FromPrivateKeyParameterSet, HelpMessage = "Path to existing SSH private key file. The corresponding public key will be used to generate a certificate using Microsoft Entra.")] [Parameter(Mandatory = false, ParameterSetName = DefaultParameterSet, HelpMessage = "Path to existing SSH private key file. If provided, uses the corresponding public key for certificate generation.")] [Parameter(Mandatory = false, ParameterSetName = LocalUserParameterSet, HelpMessage = "Path to existing SSH private key file for local user certificate generation.")] [ValidateNotNullOrEmpty] @@ -72,7 +72,7 @@ protected override void ProcessRecord() string target = !string.IsNullOrEmpty(LocalUser) ? $"SSH certificate for local user '{LocalUser}'" - : "SSH certificate for Azure AD authentication"; + : "SSH certificate for Microsoft Entra authentication"; if (!ShouldProcess(target, $"Do you want to create {target}?", @@ -197,7 +197,7 @@ protected override void ProcessRecord() // Check for cancellation before authentication CmdletCancellationToken.ThrowIfCancellationRequested(); - // Use different authentication method for local user vs Azure AD + // Use different authentication method for local user vs Microsoft Entra string certFile; string username; @@ -212,7 +212,7 @@ protected override void ProcessRecord() } else { - // Standard Azure AD authentication + // Standard Microsoft Entra authentication var (cf, un) = FileUtils.GetAndWriteCertificate( DefaultContext, actualPublicKeyFile, CertificatePath, SshClientFolder, CmdletCancellationToken); certFile = cf; diff --git a/src/Sftp/Sftp/UX/Microsoft.Storage/sftp.json b/src/Sftp/Sftp/UX/Microsoft.Storage/sftp.json index d9e495177c05..07143c0c3430 100644 --- a/src/Sftp/Sftp/UX/Microsoft.Storage/sftp.json +++ b/src/Sftp/Sftp/UX/Microsoft.Storage/sftp.json @@ -31,7 +31,7 @@ }, "examples": [ { - "description": "Connect to Azure Storage SFTP with automatic Azure AD authentication.", + "description": "Connect to Azure Storage SFTP with automatic Microsoft Entra authentication.", "parameters": [ { "name": "-StorageAccount", @@ -77,7 +77,7 @@ }, { "name": "New-AzSftpCertificate", - "description": "Generate SSH certificates for Azure Storage SFTP authentication using Azure AD credentials.", + "description": "Generate SSH certificates for Azure Storage SFTP authentication using Microsoft Entra credentials.", "path": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{certificatePath}", "help": { "learnMore": { diff --git a/src/Sftp/Sftp/help/Az.Sftp.md b/src/Sftp/Sftp/help/Az.Sftp.md index 519fad3c10dc..aacdc2699993 100644 --- a/src/Sftp/Sftp/help/Az.Sftp.md +++ b/src/Sftp/Sftp/help/Az.Sftp.md @@ -16,4 +16,4 @@ Starts an interactive SFTP session to an Azure Storage Account. Users can login using Microsoft Entra accounts, or local user accounts via standard SSH authentication. Use Microsoft Entra account login for the best security and convenience. ### [New-AzSftpCertificate](New-AzSftpCertificate.md) -Generate SSH certificates for SFTP authentication using Azure AD credentials. \ No newline at end of file +Generate SSH certificates for SFTP authentication using Microsoft Entra credentials. \ No newline at end of file diff --git a/src/Sftp/Sftp/help/Connect-AzSftp.md b/src/Sftp/Sftp/help/Connect-AzSftp.md index c797eef38723..aff43f57fdb1 100644 --- a/src/Sftp/Sftp/help/Connect-AzSftp.md +++ b/src/Sftp/Sftp/help/Connect-AzSftp.md @@ -43,7 +43,7 @@ Connect-AzSftp -StorageAccount [-Port ] -LocalUser [-Pr ## DESCRIPTION Start interactive SFTP session to an Azure Storage Account. Users can login using Microsoft Entra issued certificates or using local user credentials. We recommend login using Microsoft Entra issued certificates when possible. -The target storage account must have SFTP enabled and hierarchical namespace (HNS) enabled. For Azure AD authentication, your Azure AD identity must have appropriate RBAC permissions such as Storage Blob Data Contributor or Storage Blob Data Owner. +The target storage account must have SFTP enabled and hierarchical namespace (HNS) enabled. For Microsoft Entra authentication, your Microsoft Entra identity must have appropriate RBAC permissions such as Storage Blob Data Contributor or Storage Blob Data Owner. ## EXAMPLES @@ -106,7 +106,7 @@ Connect-AzSftp -StorageAccount "mystorageaccount" -PrivateKeyFile "C:\keys\id_rs ### Example 10: Troubleshoot authentication issues ```powershell -# Check Azure AD authentication status +# Check Microsoft Entra authentication status Get-AzContext # Test certificate generation explicitly diff --git a/src/Sftp/Sftp/help/New-AzSftpCertificate.md b/src/Sftp/Sftp/help/New-AzSftpCertificate.md index 0435c9228a08..b662ae7d2412 100644 --- a/src/Sftp/Sftp/help/New-AzSftpCertificate.md +++ b/src/Sftp/Sftp/help/New-AzSftpCertificate.md @@ -8,7 +8,7 @@ schema: 2.0.0 # New-AzSftpCertificate ## SYNOPSIS -Generate SSH certificates for SFTP authentication using Azure AD credentials. +Generate SSH certificates for SFTP authentication using Microsoft Entra credentials. ## SYNTAX @@ -37,19 +37,19 @@ New-AzSftpCertificate [-CertificatePath ] -LocalUser [-PrivateK ``` ## DESCRIPTION -The New-AzSftpCertificate cmdlet generates SSH certificates for SFTP authentication using your current Azure AD credentials. This cmdlet provides the same authentication methods and parameter sets as the Az.Ssh module, ensuring consistency across Azure PowerShell modules. +The New-AzSftpCertificate cmdlet generates SSH certificates for SFTP authentication using your current Microsoft Entra credentials. This cmdlet provides the same authentication methods and parameter sets as the Az.Ssh module, ensuring consistency across Azure PowerShell modules. The cmdlet supports four authentication modes that align with the SSH module: -**Default Mode (Azure AD Authentication)**: When no specific key files are provided, the cmdlet automatically generates a new SSH key pair and creates a certificate signed by Azure AD's trusted CA. This is the simplest approach for getting started with SFTP authentication. +**Default Mode (Microsoft Entra Authentication)**: When no specific key files are provided, the cmdlet automatically generates a new SSH key pair and creates a certificate signed by Microsoft Entra's trusted CA. This is the simplest approach for getting started with SFTP authentication. -**FromPublicKey Mode**: When a public key file is provided, the cmdlet generates a certificate for that specific key using Azure AD credentials. This is useful when you already have SSH public keys and want to use them for Azure Storage SFTP access. +**FromPublicKey Mode**: When a public key file is provided, the cmdlet generates a certificate for that specific key using Microsoft Entra credentials. This is useful when you already have SSH public keys and want to use them for Azure Storage SFTP access. -**FromPrivateKey Mode**: When a private key file is provided, the cmdlet generates the corresponding public key and creates a certificate using Azure AD credentials. This is helpful when you have existing private keys and want to create certificates for them. +**FromPrivateKey Mode**: When a private key file is provided, the cmdlet generates the corresponding public key and creates a certificate using Microsoft Entra credentials. This is helpful when you have existing private keys and want to create certificates for them. **LocalUser Mode**: When a local user is specified, the cmdlet generates a certificate suitable for local user authentication on storage accounts. This can be combined with existing private keys or generate new ones, matching the SSH module's local user certificate capabilities. -The generated certificates are typically valid for 1 hour and can be used with any SFTP client that supports SSH certificate authentication. The certificates are signed by Azure AD's trusted CA and will be accepted by Azure Storage accounts where your Azure AD identity has appropriate permissions. +The generated certificates are typically valid for 1 hour and can be used with any SFTP client that supports SSH certificate authentication. The certificates are signed by Microsoft Entra's trusted CA and will be accepted by Azure Storage accounts where your Microsoft Entra identity has appropriate permissions. You must be signed in to Azure with an account that has appropriate RBAC permissions (such as Storage Blob Data Contributor or Storage Blob Data Owner) on the target storage accounts. @@ -60,7 +60,7 @@ You must be signed in to Azure with an account that has appropriate RBAC permiss New-AzSftpCertificate ``` -This command generates a new SSH key pair and creates a certificate signed by Azure AD. The key pair and certificate are saved in the system temp directory with auto-generated filenames. This is the simplest way to get started with SFTP authentication. +This command generates a new SSH key pair and creates a certificate signed by Microsoft Entra. The key pair and certificate are saved in the system temp directory with auto-generated filenames. This is the simplest way to get started with SFTP authentication. ### Example 2: Generate certificate with custom path ```powershell @@ -74,7 +74,7 @@ This command generates a new SSH key pair and creates a certificate, saving the New-AzSftpCertificate -PrivateKeyFile "C:\keys\id_rsa" -CertificatePath "C:\certs\id_rsa.cert" ``` -This command generates a certificate from an existing SSH private key. The cmdlet will automatically derive the public key from the private key and create a certificate signed by Azure AD. This is useful when you have existing private keys and want to create certificates for them. +This command generates a certificate from an existing SSH private key. The cmdlet will automatically derive the public key from the private key and create a certificate signed by Microsoft Entra. This is useful when you have existing private keys and want to create certificates for them. ### Example 4: Generate certificate from existing public key ```powershell