Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into 240426-266888

Author: MikeRayMSFT

articles/bastion/bastion-connect-vm-ssh-linux.md

@@ -6,15 +6,15 @@ author: cherylmc
 ms.service: bastion
 ms.custom: linux-related-content
 ms.topic: how-to
-ms.date: 10/13/2023
+ms.date: 04/26/2024
 ms.author: cherylmc
 ---
 
 # Create an SSH connection to a Linux VM using Azure Bastion
 
 This article shows you how to securely and seamlessly create an SSH connection to your Linux VMs located in an Azure virtual network directly through the Azure portal. When you use Azure Bastion, your VMs don't require a client, agent, or additional software.
 
-Azure Bastion provides secure connectivity to all of the VMs in the virtual network in which it's provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH. For more information, see the [What is Azure Bastion?](bastion-overview.md) overview article.
+Azure Bastion provides secure connectivity to all of the VMs in the virtual network in which it's provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH. For more information, see the [What is Azure Bastion?](bastion-overview.md) article.
 
 When connecting to a Linux virtual machine using SSH, you can use both username/password and SSH keys for authentication. The SSH private key must be in a format that begins with  `"-----BEGIN RSA PRIVATE KEY-----"` and ends with `"-----END RSA PRIVATE KEY-----"`.
 
@@ -41,28 +41,24 @@ In order to make a connection, the following roles are required:
 In order to connect to the Linux VM via SSH, you must have the following ports open on your VM:
 
 * Inbound port: SSH (22) ***or***
-* Inbound port: Custom value (you'll then need to specify this custom port when you connect to the VM via Azure Bastion). This setting requires the **Standard** SKU tier.
+* Inbound port: Custom value (you'll then need to specify this custom port when you connect to the VM via Azure Bastion). This setting is not available for the Basic or Developer SKU.
 
 ## Bastion connection page
 
-1. In the [Azure portal](https://portal.azure.com), go to the virtual machine to which you want to connect. On the **Overview** page for the virtual machine, select **Connect**, then select **Bastion** from the dropdown to open the Bastion page.
+1. In the Azure portal, go to the virtual machine to which you want to connect. At the top of the virtual machine **Overview** page, select **Connect**, then select **Connect via Bastion** from the dropdown. This opens the **Bastion** page. You can go to the Bastion page directly in the left pane.
 
    :::image type="content" source="./media/bastion-connect-vm-ssh-linux/bastion.png" alt-text="Screenshot shows the Overview page for a virtual machine." lightbox="./media/bastion-connect-vm-ssh-linux/bastion.png":::
 
 1. On the **Bastion** page, the settings that you can configure depend on the Bastion [SKU](bastion-overview.md#sku) tier that your bastion host has been configured to use.
 
-   * If you're using the **Standard** SKU, **Connection Settings** values (ports and protocols) are visible and can be configured.
+   :::image type="content" source="./media/bastion-connect-vm-ssh-linux/connection-settings.png" alt-text="Screenshot shows connection settings for SKUs higher than the Basic SKU." lightbox="./media/bastion-connect-vm-ssh-linux/connection-settings.png":::
 
-      :::image type="content" source="./media/bastion-connect-vm-ssh-linux/bastion-connect-full.png" alt-text="Screenshot shows connection settings for the Standard SKU." lightbox="./media/bastion-connect-vm-ssh-linux/bastion-connect-full.png":::
+   * If you're using a SKU higher than the Basic SKU, **Connection Settings** values (ports and protocols) are visible and can be configured.
 
-   * If you're using the **Basic** SKU, you can't configure **Connection Settings** values. Instead, your connection uses the following default settings: SSH and port 22.
-
-      :::image type="content" source="./media/bastion-connect-vm-ssh-linux/basic.png" alt-text="Screenshot shows connection settings for the Basic SKU." lightbox="./media/bastion-connect-vm-ssh-linux/basic.png":::
+   * If you're using the Basic SKU or Developer SKU, you can't configure **Connection Settings** values. Instead, your connection uses the following default settings: SSH and port 22.
 
    * To view and select an available **Authentication Type**, use the dropdown.
 
-      :::image type="content" source="./media/bastion-connect-vm-ssh-linux/authentication-type.png" alt-text="Screenshot shows authentication type settings." lightbox="./media/bastion-connect-vm-ssh-linux/authentication-type.png":::
-
 1. Use the following sections in this article to configure authentication settings and connect to your VM.
 
    * [Username and password](#password-authentication)
@@ -78,7 +74,7 @@ Use the following steps to authenticate using username and password.
 
 1. To authenticate using a username and password, configure the following settings.
 
-   * **Connection Settings** (Standard SKU only)
+   * **Connection Settings**: Only available for SKUs higher than the Basic SKU.
 
      * **Protocol**: Select SSH.
      * **Port**: Specify the port number.
@@ -99,7 +95,7 @@ Use the following steps to authenticate using a password from Azure Key Vault.
 
 1. To authenticate using a password from Azure Key Vault, configure the following settings.
 
-   * **Connection Settings** (Standard SKU only)
+   * **Connection Settings**: Only available for SKUs higher than the Basic SKU.
 
      * **Protocol**: Select SSH.
      * **Port**: Specify the port number.
@@ -113,9 +109,7 @@ Use the following steps to authenticate using a password from Azure Key Vault.
 
      * Make sure you have **List** and **Get** access to the secrets stored in the Key Vault resource. To assign and modify access policies for your Key Vault resource, see [Assign a Key Vault access policy](../key-vault/general/assign-access-policy-portal.md).
 
-       > [!NOTE]
-       > Please store your SSH private key as a secret in Azure Key Vault using the **PowerShell** or **Azure CLI** experience. Storing your private key via the Azure Key Vault portal experience will interfere with the formatting and result in unsuccessful login. If you did store your private key as a secret using the portal experience and no longer have access to the original private key file, see [Update SSH key](../virtual-machines/extensions/vmaccess-linux.md#update-ssh-key) to update access to your target VM with a new SSH key pair.
-       >
+     * Store your SSH private key as a secret in Azure Key Vault using the **PowerShell** or **Azure CLI** experience. Storing your private key via the Azure Key Vault portal experience interferes with the formatting and result in unsuccessful login. If you did store your private key as a secret using the portal experience and no longer have access to the original private key file, see [Update SSH key](../virtual-machines/extensions/vmaccess-linux.md#update-ssh-key) to update access to your target VM with a new SSH key pair.
 
 1. To work with the VM in a new browser tab, select **Open in new browser tab**.
 
@@ -129,7 +123,7 @@ Use the following steps to authenticate using an SSH private key from a local fi
 
 1. To authenticate using a private key from a local file, configure the following settings.
 
-   * **Connection Settings** (Standard SKU only)
+   * **Connection Settings**: Only available for SKUs higher than the Basic SKU.
 
      * **Protocol**: Select SSH.
      * **Port**: Specify the port number.
@@ -150,7 +144,7 @@ Use the following steps to authenticate using a private key stored in Azure Key
 
 1. To authenticate using a private key stored in Azure Key Vault, configure the following settings. For the Basic SKU, connection settings can't be configured and will instead use the default connection settings: SSH and port 22.
 
-   * **Connection Settings** (Standard SKU only)
+   * **Connection Settings**: Only available for SKUs higher than the Basic SKU.
 
      * **Protocol**: Select SSH.
      * **Port**: Specify the port number.
@@ -163,9 +157,7 @@ Use the following steps to authenticate using a private key stored in Azure Key
 
      * Make sure you have **List** and **Get** access to the secrets stored in the Key Vault resource. To assign and modify access policies for your Key Vault resource, see [Assign a Key Vault access policy](../key-vault/general/assign-access-policy-portal.md).
 
-       > [!NOTE]
-       > Please store your SSH private key as a secret in Azure Key Vault using the **PowerShell** or **Azure CLI** experience. Storing your private key via the Azure Key Vault portal experience will interfere with the formatting and result in unsuccessful login. If you did store your private key as a secret using the portal experience and no longer have access to the original private key file, see [Update SSH key](../virtual-machines/extensions/vmaccess-linux.md#update-ssh-key) to update access to your target VM with a new SSH key pair.
-       >
+     * Store your SSH private key as a secret in Azure Key Vault using the **PowerShell** or **Azure CLI** experience. Storing your private key via the Azure Key Vault portal experience interferes with the formatting and result in unsuccessful login. If you did store your private key as a secret using the portal experience and no longer have access to the original private key file, see [Update SSH key](../virtual-machines/extensions/vmaccess-linux.md#update-ssh-key) to update access to your target VM with a new SSH key pair.
 
    * **Azure Key Vault Secret**: Select the Key Vault secret containing the value of your SSH private key.
 

articles/bastion/media/bastion-connect-vm-ssh-linux/authentication-type.png

@@ -51,8 +51,8 @@
     href: about-zone-redundant-vnet-gateways.md
   - name: Security
     items:
-      - name: Security baseline
-        href: /security/benchmark/azure/baselines/vpn-gateway-security-baseline?toc=/azure/vpn-gateway/TOC.json
+    - name: Security baseline
+      href: /security/benchmark/azure/baselines/vpn-gateway-security-baseline?toc=/azure/vpn-gateway/TOC.json
   - name: Backend Connectivity Interoperability
     items:
     - name: Preface and Test Setup
@@ -287,10 +287,14 @@
       href: vpn-gateway-3rdparty-device-config-cisco-asa.md
   - name: Configure custom IPsec/IKE connection policies
     items:
-    - name: Azure portal
-      href: ipsec-ike-policy-howto.md 
-    - name: PowerShell
-      href: vpn-gateway-ipsecikepolicy-rm-powershell.md
+    - name: Point-to-site connections
+      href: create-custom-policies-p2s-ps.md
+    - name: Site-to-site and VNet-to-VNet connections
+      items:
+      - name: Azure portal
+        href: ipsec-ike-policy-howto.md 
+      - name: PowerShell
+        href: vpn-gateway-ipsecikepolicy-rm-powershell.md
   - name: Configure active-active gateways
     items:
     - name: Azure portal