使用 SSH 和 Azure 逻辑应用监视、创建和管理 SFTP 文件Monitor, create, and manage SFTP files by using SSH and Azure Logic Apps

若要使用安全外壳 (SSH) 协议自动完成用于在安全文件传输协议 (SFTP) 服务器上监视、创建、发送和接收文件的任务,可以使用 Azure 逻辑应用和 SFTP-SSH 连接器来生成并自动完成集成工作流。To automate tasks that monitor, create, send, and receive files on a Secure File Transfer Protocol (SFTP) server by using the Secure Shell (SSH) protocol, you can build and automate integration workflows by using Azure Logic Apps and the SFTP-SSH connector. SFTP 是通过任何可靠数据流提供文件访问、文件传输和文件管理的网络协议。SFTP is a network protocol that provides file access, file transfer, and file management over any reliable data stream. 下面是可以自动完成的一些示例任务:Here are some example tasks you can automate:

  • 添加或更改文件时进行监视。Monitor when files are added or changed.
  • 获取、创建、复制、重命名、更新、列出和删除文件。Get, create, copy, rename, update, list, and delete files.
  • 创建文件夹。Create folders.
  • 获取文件内容和元数据。Get file content and metadata.
  • 将存档提取到文件夹。Extract archives to folders.

可以使用触发器来监视 SFTP 服务器上的事件,并使输出可用于其他操作。You can use triggers that monitor events on your SFTP server and make output available to other actions. 可以使用操作针对 SFTP 服务器执行各种任务。You can use actions that perform various tasks on your SFTP server. 还可以让逻辑应用中的其他操作使用 SFTP 操作的输出。You can also have other actions in your logic app use the output from SFTP actions. 例如,如果你定期从 SFTP 服务器检索文件,则可以使用 Office 365 Outlook 连接器或 Outlook.com 连接器发送有关这些文件及其内容的电子邮件警报。For example, if you regularly retrieve files from your SFTP server, you can send email alerts about those files and their content by using the Office 365 Outlook connector or Outlook.com connector. 如果你不熟悉逻辑应用,请查看什么是 Azure 逻辑应用?If you're new to logic apps, review What is Azure Logic Apps?

有关 SFTP-SSH 连接器和 SFTP 连接器之间的差异,请参阅本主题后面的比较 SFTP-SSH 与 SFTP 部分。For differences between the SFTP-SSH connector and the SFTP connector, review the Compare SFTP-SSH versus SFTP section later in this topic.


  • 支持分块的 SFTP-SSH 操作最多可以处理 1 GB 的文件,而不支持分块的 SFTP-SSH 操作最多可以处理 50 MB 的文件。SFTP-SSH actions that support chunking can handle files up to 1 GB, while SFTP-SSH actions that don't support chunking can handle files up to 50 MB. 尽管默认的区块大小为 15 MB,但此大小可以根据网络延迟、服务器响应时间等因素动态变化,从 5 MB 开始逐渐增加到最大值 50 MB。Although the default chunk size is 15 MB, this size can dynamically change, starting from 5 MB and gradually increasing to the 50 MB maximum, based on factors such as network latency, server response time, and so on.

    当改用指定固定区块大小时,可以重写此自适应行为。You can override this adaptive behavior when you specify a constant chunk size to use instead. 此大小的范围为 5 MB 到 50 MB。This size can range from 5 MB to 50 MB. 例如,假设你有一个 45 MB 的文件,以及可以支持该文件大小而没有延迟的网络。For example, suppose you have a 45 MB file and a network that can that support that file size without latency. 自适应分块会导致多次调用,而不是一次调用。Adaptive chunking results in several calls, rather that one call. 若要减少调用次数,可以尝试设置 50 MB 的区块大小。To reduce the number of calls, you can try setting a 50 MB chunk size. 在不同情况下,如果逻辑应用超时(例如,当使用 15 MB 的块时),可以尝试将大小减小到 5 MB。In different scenario, if your logic app is timing out, for example, when using 15 MB chunks, you can try reducing the size to 5 MB.

    区块大小与连接相关,这意味着你可以对支持分块的操作以及不支持分块的操作使用相同的连接。Chunk size is associated with a connection, which means that you can use the same connection for actions that support chunking and then for actions that don't support chunking. 在这种情况下,不支持分块的操作的区块大小范围为 5 MB 到 50 MB。In this case, the chunk size for actions that don't support chunking ranges from 5 MB to 50 MB. 下表显示了哪些 SFTP-SSH 操作支持分块:This table shows which SFTP-SSH actions support chunking:

    操作Action 分块支持Chunking support 重写区块大小支持Override chunk size support
    复制文件Copy file No 不适用Not applicable
    创建文件Create file Yes Yes
    创建文件夹Create folder 不适用Not applicable 不适用Not applicable
    删除文件Delete file 不适用Not applicable 不适用Not applicable
    将存档提取到文件夹Extract archive to folder 不适用Not applicable 不适用Not applicable
    获取文件内容Get file content Yes Yes
    使用路径获取文件内容Get file content using path Yes Yes
    获取文件元数据Get file metadata 不适用Not applicable 不适用Not applicable
    使用路径获取文件元数据Get file metadata using path 不适用Not applicable 不适用Not applicable
    列出文件夹中的文件List files in folder 不适用Not applicable 不适用Not applicable
    重命名文件Rename file 不适用Not applicable 不适用Not applicable
    更新文件Update file No 不适用Not applicable
  • SFTP-SSH 触发器不支持消息分块。SFTP-SSH triggers don't support message chunking. 请求文件内容时,触发器仅选择 15 MB 或更小的文件。When requesting file content, triggers select only files that are 15 MB or smaller. 若要获取大于 15 MB 的文件,请改为遵循以下模式:To get files larger than 15 MB, follow this pattern instead:

    1. 使用仅返回文件属性的 SFTP-SSH 触发器,如“添加或修改文件时(仅属性)”。Use an SFTP-SSH trigger that returns only file properties, such as When a file is added or modified (properties only).

    2. 跟随触发器执行 SFTP-SSH 的“获取文件内容”操作,该操作读取完整文件并隐式使用消息分块。Follow the trigger with the SFTP-SSH Get file content action, which reads the complete file and implicitly uses message chunking.

SFTP-SSH 与 SFTP 的比较Compare SFTP-SSH versus SFTP

下面是 SFTP-SSH 连接器与 SFTP 连接器(SFTP-SSH 连接器具有其功能)之间的其他重要差异:Here are other key differences between the SFTP-SSH connector and the SFTP connector where the SFTP-SSH connector has these capabilities:

  • 使用 SSH.NET 库,该库是支持 .NET 的开源安全外壳 (SSH) 库。Uses the SSH.NET library, which is an open-source Secure Shell (SSH) library that supports .NET.

  • 提供“创建文件夹”操作,用于在 SFTP 服务器上的指定路径中创建文件夹。Provides the Create folder action, which creates a folder at the specified path on the SFTP server.

  • 提供“重命名文件”操作,用于在 SFTP 服务器上重命名文件。Provides the Rename file action, which renames a file on the SFTP server.

  • 将 SFTP 服务器连接缓存最长 1 小时,这可以提高性能,并减少服务器的连接尝试次数。**Caches the connection to SFTP server for up to 1 hour, which improves performance and reduces the number of attempts at connecting to the server. 若要设置此缓存行为的持续时间,请在 SFTP 服务器上编辑 SSH 配置中的 ClientAliveInterval 属性。To set the duration for this caching behavior, edit the ClientAliveInterval property in the SSH configuration on your SFTP server.


  • Azure 订阅。An Azure subscription. 如果没有 Azure 订阅,请注册一个 Azure 试用帐户If you don't have an Azure subscription, sign up for a trial Azure account.

  • SFTP 服务器地址和帐户凭据,可让逻辑应用访问 SFTP 帐户。Your SFTP server address and account credentials, which let your logic app access your SFTP account. 还需要有权访问 SSH 私钥和 SSH 私钥密码。You also need access to an SSH private key and the SSH private key password. 若要在上传大文件时使用分块,你需要对 SFTP 服务器上的根文件夹具有读写权限。To use chunking when uploading large files, you need both read and write permissions for the root folder on your SFTP server. 否则,你将收到“401 未授权”错误。Otherwise, you get a "401 Unauthorized" error.


    SFTP-SSH 连接器仅支持以下私钥、格式、算法和指纹:The SFTP-SSH connector supports only these private key formats, algorithms, and fingerprints:

    • 私钥格式:采用 OpenSSH 和 ssh.com 格式的 RSA (Rivest Shamir Adleman) 和 DSA(数字签名算法)密钥。Private key formats: RSA (Rivest Shamir Adleman) and DSA (Digital Signature Algorithm) keys in both OpenSSH and ssh.com formats. 如果私钥为 PuTTY (.ppk) 文件格式,请先将密钥转换为 OpenSSH (.pem) 文件格式If your private key is in PuTTY (.ppk) file format, first convert the key to the OpenSSH (.pem) file format.

    • 加密算法:DES-EDE3-CBC、DES-EDE3-CFB、DES-CBC、AES-128-CBC、AES-192-CBC 和 AES-256-CBCEncryption algorithms: DES-EDE3-CBC, DES-EDE3-CFB, DES-CBC, AES-128-CBC, AES-192-CBC, and AES-256-CBC

    • 指纹:MD5Fingerprint: MD5

    在向逻辑应用添加所需的 SFTP-SSH 触发器或操作之后,必须提供 SFTP 服务器的连接信息。After you add the SFTP-SSH trigger or action you want to your logic app, you have to provide connection information for your SFTP server. 为此连接提供 SSH 密钥时,请勿手动输入或编辑密钥,否则可能导致连接失败。When you provide your SSH private key for this connection, don't manually enter or edit the key, which might cause the connection to fail. 请确保从 SSH 私钥文件中复制密钥,并将该密钥粘贴到连接详细信息中。Instead, make sure that you copy the key from your SSH private key file, and paste that key into the connection details. 有关详细信息,请参阅本文后面的使用 SSH 连接到 SFTP 部分。For more information, see the Connect to SFTP with SSH section later this article.

  • 有关如何创建逻辑应用的基本知识Basic knowledge about how to create logic apps

  • 要在其中访问 SFTP 帐户的逻辑应用。The logic app where you want to access your SFTP account. 若要从 SFTP-SSH 触发器开始,请创建一个空白逻辑应用To start with an SFTP-SSH trigger, create a blank logic app. 若要使用 SFTP-SSH 操作,请使用另一个触发器(例如“重复”触发器)启动逻辑应用。To use an SFTP-SSH action, start your logic app with another trigger, for example, the Recurrence trigger.

SFTP-SSH 触发器的工作原理How SFTP-SSH triggers work

SFTP-SSH 触发器的工作原理是轮询 SFTP 文件系统并查找自上次轮询后已更改的任何文件。SFTP-SSH triggers work by polling the SFTP file system and looking for any file that was changed since the last poll. 某些工具允许保留文件更改时的时间戳。Some tools let you preserve the timestamp when the files change. 在这种情况下,必须禁用此功能才能让触发器正常工作。In these cases, you have to disable this feature so your trigger can work. 下面是一些常见设置:Here are some common settings:

SFTP 客户端SFTP client 操作Action
WinscpWinscp 转到“选项” > “首选项” > “传输” > “编辑” > “保留时间戳” > “禁用” Go to Options > Preferences > Transfer > Edit > Preserve timestamp > Disable
FileZillaFileZilla 转到“传输” > “保留已传输文件的时间戳” > “禁用” Go to Transfer > Preserve timestamps of transferred files > Disable

当触发器找到新文件时,会检查该新文件是否完整,以及是否未部分写入。When a trigger finds a new file, the trigger checks that the new file is complete, and not partially written. 例如,当触发器检查文件服务器时,可能正在更改某个文件。For example, a file might have changes in progress when the trigger checks the file server. 为了避免返回部分写入的文件,该触发器会记录具有最近更改的文件的时间戳,但不会立即返回该文件。To avoid returning a partially written file, the trigger notes the timestamp for the file that has recent changes, but doesn't immediately return that file. 仅当再次轮询服务器时,触发器才会返回该文件。The trigger returns the file only when polling the server again. 有时,此行为可能会导致延迟,长达触发器轮询间隔的两倍。Sometimes, this behavior might cause a delay that is up to twice the trigger's polling interval.

将基于 PuTTY 的密钥转换为 OpenSSHConvert PuTTY-based key to OpenSSH

如果密钥采用 PuTTY 格式(使用 .ppk(PuTTY 私钥)文件扩展名),请先将该密钥转换为 OpenSSH 格式(使用 .pem(隐私强化邮件)文件扩展名)。If your private key is in PuTTY format, which uses the .ppk (PuTTY Private Key) file name extension, first convert the key to the OpenSSH format, which uses the .pem (Privacy Enhanced Mail) file name extension.

基于 Unix 的 OSUnix-based OS

  1. 如果 PuTTY 工具尚未安装在系统上,请立即安装,例如:If the PuTTY tools aren't already installed on your system, do that now, for example:

    sudo apt-get install -y putty

  2. 运行此命令,以便创建一个可以与 SFTP-SSH 连接器配合使用的文件:Run this command, which creates a file that you can use with the SFTP-SSH connector:

    puttygen <path-to-private-key-file-in-PuTTY-format> -O private-openssh -o <path-to-private-key-file-in-OpenSSH-format>

    例如:For example:

    puttygen /tmp/sftp/my-private-key-putty.ppk -O private-openssh -o /tmp/sftp/my-private-key-openssh.pem

Windows OSWindows OS

  1. 下载最新的 PuTTY 生成器 (puttygen.exe) 工具(如果尚未这样做),然后启动该工具。If you haven't done so already, download the latest PuTTY Generator (puttygen.exe) tool, and then launch the tool.

  2. 在此屏幕上,选择“加载”。On this screen, select Load.


  3. 浏览到 PuTTY 格式的私钥文件,然后选择“打开”。Browse to your private key file in PuTTY format, and select Open.

  4. 在“转换”菜单中,选择“导出 OpenSSH 密钥”。 From the Conversions menu, select Export OpenSSH key.

    选择“导出 OpenSSH 密钥”

  5. 使用 .pem 文件扩展名保存该私钥文件。Save the private key file with the .pem file name extension.


本部分介绍查看此连接器的触发器和操作的注意事项。This section describes considerations to review for this connector's triggers and actions.

创建文件Create file

若要在 SFTP 服务器上创建文件,可以使用 SFTP-SSH“创建文件”操作。To create a file on your SFTP server, you can use the SFTP-SSH Create file action. 当此操作创建文件时,逻辑应用服务也会自动调用 SFTP 服务器来获取文件的元数据。When this action creates the file, the Logic Apps service also automatically calls your SFTP server to get the file's metadata. 但是,如果在逻辑应用服务调用获取元数据之前移动新创建的文件,则会收到 404 错误消息 'A reference was made to a file or folder which does not exist'However, if you move the newly created file before the Logic Apps service can make the call to get the metadata, you get a 404 error message, 'A reference was made to a file or folder which does not exist'. 若要在创建文件后跳过读取文件元数据的操作,请按照以下步骤添加并将“获取所有文件元数据”属性设置为“否”To skip reading the file's metadata after file creation, follow the steps to add and set the Get all file metadata property to No.

使用 SSH 连接到 SFTPConnect to SFTP with SSH

要使逻辑应用能够访问某个服务,必须在逻辑应用与该服务之间创建连接。Before your logic app can access any service, you must create a connection between your logic app and that service. 如果以前未创建此连接,则在向逻辑应用添加该服务的触发器或操作时,系统会提示输入连接信息。If you didn't previously create this connection, you're prompted for connection information when you add a trigger or action for that service to your logic app. 可以使用逻辑应用设计器轻松地直接从逻辑应用创建此连接。The Logic Apps Designer provides an easy way for you to create this connection directly from your logic app.

  1. 登录到 Azure 门户,在逻辑应用设计器中打开逻辑应用(如果尚未打开)。Sign in to the Azure portal, and open your logic app in Logic App Designer, if not open already.

  2. 对于空白逻辑应用,请在搜索框中输入 sftp ssh 作为筛选器。For blank logic apps, in the search box, enter sftp ssh as your filter. 在触发器列表下,选择所需的触发器。Under the triggers list, select the trigger you want.


    对于现有逻辑应用,请在要添加操作的最后一个步骤下,选择“新建步骤”。For existing logic apps, under the last step where you want to add an action, select New step. 在搜索框中,输入 sftp ssh 作为筛选器。In the search box, enter sftp ssh as your filter. 在操作列表下,选择所需的操作。Under the actions list, select the action you want.

    若要在步骤之间添加操作,请将鼠标指针移到步骤之间的箭头上。To add an action between steps, move your pointer over the arrow between steps. 选择出现的加号 ( + ),然后选择“添加操作”。Select the plus sign (+) that appears, and then select Add an action.

  3. 为连接提供所需的详细信息。Provide the necessary details for your connection.


    在“SSH 私钥”属性中输入 SSH 私钥时,请遵循以下附加步骤,帮助确保提供此属性的完整正确值。When you enter your SSH private key in the SSH private key property, follow these additional steps, which help make sure you provide the complete and correct value for this property. 无效的密钥会导致连接失败。An invalid key causes the connection to fail.

    可以使用任何文本编辑器。以下步骤以 Notepad.exe 为例,说明如何正确复制并粘贴密钥。Although you can use any text editor, here are sample steps that show how to correctly copy and paste your key by using Notepad.exe as an example.

    1. 在文本编辑器中打开 SSH 私钥文件。Open your SSH private key file in a text editor. 这些步骤以记事本为例。These steps use Notepad as the example.

    2. 在记事本的“编辑”菜单中,选择“全选”。 On the Notepad Edit menu, select Select All.

    3. 选择“编辑” > “复制”。Select Edit > Copy.

    4. 在添加的 SFTP-SSH 触发器或操作中,粘贴已复制到“SSH 私钥”属性中的完整密钥,支持换行。In the SFTP-SSH trigger or action you added, paste the complete key you copied into the SSH private key property, which supports multiple lines. 请务必粘贴该密钥,Make sure you paste the key. 而不要手动输入或编辑密钥。Don't manually enter or edit the key.

  4. 输入完连接详细信息后,选择“创建”。When you're done entering the connection details, select Create.

  5. 现在,为所选触发器或操作提供所需的详细信息,然后继续生成逻辑应用的工作流。Now provide the necessary details for your selected trigger or action and continue building your logic app's workflow.

重写区块大小Override chunk size

若要重写分块使用的默认自适应行为,可以指定从 5 MB 到 50 MB 的固定区块大小。To override the default adaptive behavior that chunking uses, you can specify a constant chunk size from 5 MB to 50 MB.

  1. 在操作的右上角,选择省略号按钮(“…”),然后选择“设置” 。In the action's upper-right corner, select the ellipses button (...), and then select Settings.

    打开 SFTP-SSH 设置

  2. 在“内容传输”下的“区块大小”属性中,输入从 550 的整数值,例如 :Under Content Transfer, in the Chunk size property, enter an integer value from 5 to 50, for example:


  3. 完成后,选择“完成”。When you're finished, select Done.


SFTP - SSH 触发器:添加或修改文件时SFTP - SSH trigger: When a file is added or modified

在 SFTP 服务器上添加或更改文件时,此触发器将启动逻辑应用工作流。This trigger starts a logic app workflow when a file is added or changed on an SFTP server. 例如,可以添加一个条件,用于检查文件内容,并根据该内容是否符合指定的条件来获取内容。For example, you can add a condition that checks the file's content and gets the content based on whether the content meets a specified condition. 然后可以添加一个操作,用于获取文件内容并将其放在 SFTP 服务器上的某个文件夹中。You can then add an action that gets the file's content, and puts that content in a folder on the SFTP server.

企业示例:可以使用此触发器监视 SFTP 文件夹中表示客户订单的新文件。Enterprise example: You can use this trigger to monitor an SFTP folder for new files that represent customer orders. 然后,可以使用“获取文件内容”等 SFTP 操作来获取订单内容以做进一步处理,并将该订单存储在订单数据库中。You can then use an SFTP action such as Get file content so you get the order's contents for further processing and store that order in an orders database.

SFTP - SSH 操作:使用路径获取文件内容SFTP - SSH action: Get file content using path

此操作通过指定文件路径从 SFTP 服务器上的文件中获取内容。This action gets the content from a file on an SFTP server by specifying the file path. 例如,可以在前面的示例中添加触发器,并添加文件内容必须符合的条件。So for example, you can add the trigger from the previous example and a condition that the file's content must meet. 如果条件为 true,则可以运行获取内容的操作。If the condition is true, the action that gets the content can run.

排查错误Troubleshoot errors

本部分介绍常见错误或问题的可能解决方案。This section describes possible solutions to common errors or problems.

404 错误:“引用了不存在的文件或文件夹”404 error: "A reference was made to a file or folder which does not exist"

当逻辑应用通过 SFTP-SSH“创建文件”操作在 SFTP 服务器上创建新文件,但在逻辑应用服务可以获取文件的元数据之前,新创建的文件被立即移动时,可能会发生此错误。This error can happen when your logic app creates a new file on your SFTP server through the SFTP-SSH Create file action, but the newly created file is then immediately moved before the Logic Apps service can get the file's metadata. 当逻辑应用运行“创建文件”操作时,逻辑应用服务也会自动调用 SFTP 服务器来获取文件的元数据。When your logic app runs the Create file action, the Logic Apps service also automatically calls your SFTP server to get the file's metadata. 但是,如果移动了文件,逻辑应用服务将无法再找到该文件,因此你将收到 404 错误消息。However, if the file is moved, the Logic Apps service can no longer find the file so you get the 404 error message.

如果无法避免或延迟移动文件,则可以在创建文件后跳过读取文件元数据的操作,方法是执行以下步骤:If you can't avoid or delay moving the file, you can skip reading the file's metadata after file creation instead by following these steps:

  1. 在“创建文件”操作中,打开“添加新参数”列表,选择“获取所有文件元数据”属性,并将值设置为“否” 。In the Create file action, open the Add new parameter list, select the Get all file metadata property, and set the value to No.

  2. 如果以后需要此文件元数据,可以使用“获取文件元数据”操作。If you need this file metadata later, you can use the Get file metadata action.

连接器参考Connector reference

有关此连接器的更多技术详细信息,例如触发器、操作和限制(如此连接器的 Swagger 文件所述),请参阅连接器的参考页For more technical details about this connector, such as triggers, actions, and limits as described by the connector's Swagger file, see the connector's reference page.

后续步骤Next steps