ssh-keygen
command to generate SSH public and private key files. By default, these files are created in the ~/.ssh directory. You can specify a different location, and an optional password (passphrase) to access the private key file. If an SSH key pair with the same name exists in the given location, those files are overwritten.--generate-ssh-keys
option. The key files are stored in the ~/.ssh directory unless specified otherwise with the --ssh-dest-key-path
option. The --generate-ssh-keys
option will not overwrite existing key files, instead returning an error. In the following command, replace VMname and RGname with your own values:cat
command, replacing ~/.ssh/id_rsa.pub
with the path and filename of your own public key file if needed:pbcopy
. Similarly in Linux, you can pipe the public key file to programs such as xclip
.--ssh-key-values
option. In the following command, replace VMname, RGname, and keyFile with your own values:--ssh-key-values sshkey-desktop.pub sshkey-laptop.pub
..pub
format) to the ~/.ssh/authorized_keys
folder on the VM. SSH keys in ~/.ssh/authorized_keys
are used to challenge the client to match the corresponding private key on an SSH connection. In an Azure Linux VM that uses SSH keys for authentication, Azure configures the SSHD server to not allow password sign-in, only SSH keys. Therefore, by creating an Azure Linux VM with SSH keys, you can help secure the VM deployment and save yourself the typical post-deployment configuration step of disabling passwords in the sshd_config
file.ssh-keygen
, which is available with OpenSSH utilities in the Azure Cloud Shell, a macOS or Linux host, the Windows Subsystem for Linux, and other tools. ssh-keygen
asks a series of questions and then writes a private key and a matching public key.~/.ssh
directory. If you do not have a ~/.ssh
directory, the ssh-keygen
command creates it for you with the correct permissions.ssh-keygen
command generates 2048-bit SSH RSA public and private key files by default in the ~/.ssh
directory. If an SSH key pair exists in the current location, those files are overwritten.ssh-keygen
= the program used to create the keys-m PEM
= format the key as PEM-t rsa
= type of key to create, in this case in the RSA format-b 4096
= the number of bits in the key, in this case 4096-C 'azureuser@myserver'
= a comment appended to the end of the public key file to easily identify it. Normally an email address is used as the comment, but use whatever works best for your infrastructure.-f ~/.ssh/mykeys/myprivatekey
= the filename of the private key file, if you choose not to use the default name. A corresponding public key file appended with .pub
is generated in the same directory. The directory must exist.-N mypassphrase
= an additional passphrase used to access the private key file.Enter file in which to save the key (/home/azureuser/.ssh/id_rsa): ~/.ssh/id_rsa
id_rsa
is the default; some tools might expect the id_rsa
private key file name, so having one is a good idea. The directory ~/.ssh/
is the default location for SSH key pairs and the SSH config file. If not specified with a full path, ssh-keygen
creates the keys in the current working directory, not the default ~/.ssh
.~/.ssh
directoryEnter passphrase (empty for no passphrase):
--generate-ssh-keys
option. The keys are stored in the ~/.ssh directory. Note that this command option does not overwrite keys if they already exist in that location.--ssh-key-value
option.cat
as follows, replacing ~/.ssh/id_rsa.pub
with your own public key file location:~/.ssh/id_rsa.pub
) to pbcopy to copy the contents (there are other Linux programs that do the same thing, such as xclip
).~/.ssh/known_hosts
folder, and you won't be asked to connect again until the public key on your Azure VM changes or the server name is removed from ~/.ssh/known_hosts
.)ssh-agent
to cache your private key file passphrase. If you are using a Mac, the macOS Keychain securely stores the private key passphrase when you invoke ssh-agent
.ssh-agent
and ssh-add
to inform the SSH system about the key files so that you do not need to use the passphrase interactively.ssh-agent
using the command ssh-add
.ssh-agent
.~/.ssh/config
) to speed up log-ins and to optimize your SSH client behavior.Host myvm
block in the SSH config file.