The Almeria Industries SFTP Blob Storage Gateway is a secure, pre-configured SFTP server built on
SSH 2.0. It provides direct file transfer to and from Azure Blob Storage with full read and write
support. This page documents the supported algorithms, commands, authentication methods,
and virtual file system capabilities.
Server Identity
| Property |
Value |
| Protocol |
SSH 2.0 |
| Server Version String |
SSH-2.0-Almeria-1.0 |
| Default Port |
2222 (configurable) |
| Host Key Type |
RSA (4096-bit) |
| Max SFTP Packet Size |
32 KB |
Supported Algorithms
The SFTP Blob Storage Gateway uses golang.org/x/crypto/ssh (v0.47.0). The following
algorithms are supported by the underlying SSH transport layer.
Host Key Algorithms
| Algorithm |
Status |
rsa-sha2-256 |
Supported (default) |
rsa-sha2-512 |
Supported |
ssh-rsa |
Supported (legacy) |
Key Exchange Algorithms
| Algorithm |
Status |
curve25519-sha256 |
Supported (preferred) |
[email protected] |
Supported (preferred) |
ecdh-sha2-nistp256 |
Supported |
ecdh-sha2-nistp384 |
Supported |
ecdh-sha2-nistp521 |
Supported |
diffie-hellman-group14-sha256 |
Supported |
diffie-hellman-group14-sha1 |
Supported |
Ciphers
MAC (Message Authentication Code) Algorithms
| Algorithm |
Status |
[email protected] |
Supported (preferred) |
[email protected] |
Supported |
hmac-sha2-256 |
Supported |
hmac-sha2-512 |
Supported |
hmac-sha1 |
Supported |
hmac-sha1-96 |
Supported |
Authentication Methods
| Method |
Status |
Details |
| Password |
Supported |
Username and password stored securely in HashiCorp Vault |
| Public Key |
Supported |
SSH public keys stored in HashiCorp Vault. Supports multiple authorized keys per user |
Maximum authentication attempts: 3 (configurable). Credentials are stored and retrieved from
HashiCorp Vault at runtime.
Supported Commands
The SFTP Blob Storage Gateway implements a virtual file system backed by Azure Blob Storage and
RavenDB. The following SFTP commands are supported:
| Command |
Supported |
Notes |
put (file upload) |
Yes |
Files can only be written to the /upload-blob directory. Supports
overwriting files in Committed or Processed state. Generates SHA-256 hash and detects
content type automatically using AI-powered file meta-type detection. |
get (file download) |
Yes |
File downloads from Azure Blob Storage are fully supported with automatic retry
and timeout handling. Reads are available across all directories. |
ls (list directory) |
Yes |
Lists directory contents including . and .. navigation entries.
Root directory lists system directories. Subdirectory contents are queried from the
database. |
stat (file/dir info) |
Yes |
Returns metadata for files and directories. Supports root, current directory
(.), parent directory (..), and system directories. |
mkdir |
Yes |
Creates directories under /upload-blob only. Directories are automatically
mirrored across /upload-blob and /failed
for workflow management. |
rename |
Yes |
Renames files within the same directory using Azure Blob Storage copy-and-delete pattern.
Supports WinSCP's .filepart chunked upload pattern. Includes retry logic
with 30-second copy poll timeout. Cross-directory moves are not permitted. |
rm (remove file) |
Yes |
Physically deletes files from Azure Blob Storage in /upload-blob and
/failed directories. Blobs are permanently removed from storage and
marked as deleted in the database. |
rmdir |
Yes |
Deletes empty user-created directories under /upload-blob.
System directories (/upload-blob, /failed,
/) cannot be deleted. |
setstat (chmod/chown) |
Yes |
Allows setting file attributes (permissions, timestamps). Prevents modifications
to files in a failed state to maintain data integrity. |
symlink |
No |
Symbolic links are not supported. |
readlink |
No |
Symbolic link resolution is not supported. |
Virtual File System
The SFTP Blob Storage Gateway exposes a virtual file system with two system directories that manage
the data transfer workflow:
| Directory |
Purpose |
Permissions |
/upload-blob |
Active upload area for incoming files and direct Azure Blob Storage access |
Read, write, mkdir, rename, rm, setstat |
/failed |
Files that failed during transfer |
Read, list, stat, rm |
Upload Behavior
- Files are uploaded directly as Azure Blob Storage block blobs using the file path as the blob identifier.
- SHA-256 content hash is calculated automatically for data integrity verification.
- File content type (MIME type) is detected automatically using AI-powered file meta type detection for files up to 10 MB.
- Upload processing is fully asynchronous: block commits, hash calculation, and database sync
run concurrently for maximum throughput.
- Files are stored directly in Azure Blob Storage without intermediate queuing.
- Existing files can be overwritten only if they are in Committed or Processed state.
File Deletion
- Delete operations permanently remove blobs from Azure Blob Storage.
- Files are also marked as deleted in the database for tracking purposes.
- Deletion is permitted in
/upload-blob and /failed directories.
- Directory deletion removes empty user-created directories under
/upload-blob.
File Download
- File downloads (
get) are fully supported from Azure Blob Storage.
- Downloads include automatic retry logic with timeout handling for reliable transfers.
- Files are streamed directly from Azure Blob Storage to the SFTP client.
Client Compatibility
The SFTP Blob Storage Gateway is compatible with any standard SFTP client that supports SSH 2.0, including:
- OpenSSH (
sftp command)
- WinSCP (including
.filepart chunked upload support)
- FileZilla
- Cyberduck
- Any SSH/SFTP library (paramiko, JSch, libssh2, etc.)
Known Limitations
| Limitation |
Details |
| No symbolic links |
symlink and readlink operations return
SSH_FX_OP_UNSUPPORTED. |
| No cross-directory rename |
Files can only be renamed within the same directory. Moving files between
directories is not supported. |
| Directory rename |
Renaming directories is not yet supported. |
| Rename uses copy-and-delete |
Azure Blob Storage does not support direct rename. Files are copied to the new name
and then deleted, with a 30-second poll timeout for the copy operation. |
| Permanent deletion |
File deletion permanently removes blobs from Azure Blob Storage. Deleted files
cannot be recovered from the gateway. |
| System directories |
The two system directories (/upload-blob and
/failed) cannot be deleted or renamed. |