update-linux-docs-ed25519

Author: Vamsi Kavuru

articles/virtual-machines/linux-vm-connect.md

@@ -61,7 +61,7 @@ If you're having trouble connecting, you can also use portal:
 Once the above prerequisites are met, you're ready to connect to your VM. Open your SSH client of choice. The SSH client command is typically included in Linux, macOS, and Windows. If you're using Windows 7 or older, where Win32 OpenSSH isn't included by default, consider installing [WSL](/windows/wsl/about) or using [Azure Cloud Shell](../cloud-shell/overview.md) from the browser.
 
 > [!NOTE]
-> The following examples assume the SSH key is in the key.pem format. If you used CLI or Azure PowerShell to download your keys, they may be in the id_rsa format.
+> The following examples assume the SSH key is in the key.pem format. If you used CLI or Azure PowerShell to download your keys, they may be in the id_rsa or ED25519 format.
 
 ## [WSL, macOS, or native Linux client](#tab/Linux)
 

articles/virtual-machines/linux/create-ssh-keys-detailed.md

@@ -48,6 +48,12 @@ The following `ssh-keygen` command generates 4096-bit SSH RSA public and private
 ssh-keygen -m PEM -t rsa -b 4096
 ```
 
+The following `ssh-keygen` command generates 256-bit ED25519 public and private key files by default in the `~/.ssh` directory. If an existing SSH key pair is found in the current location, those files are overwritten.
+
+```bash
+ssh-keygen -m PEM -t ed25519
+```
+
 ### Detailed example
 The following example shows additional command options to create an SSH RSA key pair. If an SSH key pair exists in the current location, those files are overwritten. 
 
@@ -57,10 +63,19 @@ ssh-keygen \
     -t rsa \
     -b 4096 \
     -C "azureuser@myserver" \
-    -f ~/.ssh/mykeys/myprivatekey \
+    -f ~/.ssh/mykeys/myrsaprivatekey \
     -N mypassphrase
 ```
+The following example shows additional command options to create an SSH ED25519 key pair. If an SSH key pair exists in the current location, those files are overwritten. 
 
+```bash
+ssh-keygen \
+    -m PEM \
+    -t ed25519 \
+    -C "azureuser@myserver" \
+    -f ~/.ssh/mykeys/myedprivatekey \
+    -N mypassphrase
+```
 **Command explained**
 
 `ssh-keygen` = the program used to create the keys
@@ -77,7 +92,7 @@ ssh-keygen \
 
 `-N mypassphrase` = an additional passphrase used to access the private key file. 
 
-### Example of ssh-keygen
+### Example of ssh-keygen (RSA)
 
 ```bash
 ssh-keygen -t rsa -m PEM -b 4096 -C "azureuser@myserver"
@@ -102,23 +117,61 @@ The key's randomart image is:
 |           ..    |
 +----[SHA256]-----+
 ```
+### Example of ssh-keygen (ED25519)
+
+```bash
+ssh-keygen -t ed25519 -m PEM -C "azureuser@myserver"
+Generating public/private rsa key pair.
+Enter file in which to save the key (/home/azureuser/.ssh/id_rsa):
+Enter passphrase (empty for no passphrase):
+Enter same passphrase again:
+Your identification has been saved in /home/azureuser/.ssh/id_ed25519.
+Your public key has been saved in /home/azureuser/.ssh/id_ed25519.pub.
+The key fingerprint is:
+SHA256:vFfHHrpSGQBd/oNdvNiX0sG9Vh+wROlZBktNZw9AUjA azureuser@myserver
+The key's randomart image is:
++---[ED25519 256]----+
+|                 |
+|..  .            |
+|o+.o       .     |
+|*=o o   o + +    |
+|*+o+   oSB + o   |
+|**++o.+oo = .    |
+|=+*..*.o E       |
+|..  o o..        |
+|     .o.         |
++----[SHA256]-----+
+```
 
 #### Saved key files
 
 `Enter file in which to save the key (/home/azureuser/.ssh/id_rsa): ~/.ssh/id_rsa`
 
-The key pair name for this article. Having a key pair named `id_rsa` is the default; some tools might expect the `id_rsa` private key file name, so having one is a good idea. The directory `~/.ssh/` is the default location for SSH key pairs and the SSH config file. If not specified with a full path, `ssh-keygen` creates the keys in the current working directory, not the default `~/.ssh`.
+or 
+
+`Enter file in which to save the key (/home/azureuser/.ssh/id_ed25519): ~/.ssh/id_ed25519`
+
+
+The default key pair names for RSA and ED25519 are `id_rsa` and `id_ed25519` respectively; some tools might expect the `id_rsa` or `id_ed25519` private key file name, so having one is a good idea. The directory `~/.ssh/` is the default location for SSH key pairs and the SSH config file. If not specified with a full path, `ssh-keygen` creates the keys in the current working directory, not the default `~/.ssh`.
 
 #### List of the `~/.ssh` directory
 
 To view existing files in the `~/.ssh` directory, run the following command. If no files are found in the directory or the directory itself is missing, make sure that all previous commands were successfully run. You may require root access to modify files in this directory on certain Linux distributions.
 
+RSA Key pair:
 ```bash
 ls -al ~/.ssh
 -rw------- 1 azureuser staff  1675 Aug 25 18:04 id_rsa
 -rw-r--r-- 1 azureuser staff   410 Aug 25 18:04 id_rsa.pub
 ```
 
+ED25519 Key pair:
+```bash
+ls -al ~/.ssh
+-rw------- 1 azureuser staff  1675 Aug 25 18:04 id_ed25519
+-rw-r--r-- 1 azureuser staff   410 Aug 25 18:04 id_ed25519.pub
+```
+
 #### Key passphrase
 
 `Enter passphrase (empty for no passphrase):`
@@ -129,12 +182,16 @@ It is *strongly* recommended to add a passphrase to your private key. Without a
 
 If you use the [Azure CLI](/cli/azure) to create your VM, you can optionally generate both public and private SSH key files by running the [az vm create](/cli/azure/vm) command with the `--generate-ssh-keys` option. The keys are stored in the ~/.ssh directory. Note that this command option does not overwrite keys if they already exist in that location, such as with some pre-configured Compute Gallery images.
 
+> [!NOTE]
+> [az sshkey create](/cli/azure/sshkey#az-sshkey-create) command deafults to RSA encryption and cannot be use to generate ED25519 key pairs, however you can create a ED25519 key pair using ssh-keygen as described above and then use that public key to create a VM.
+
 ## Provide SSH public key when deploying a VM
 
 To create a Linux VM that uses SSH keys for authentication, provide your SSH public key when creating the VM using the Azure portal, CLI, Resource Manager templates, or other methods. When using the portal, you enter the public key itself. If you use the [Azure CLI](/cli/azure) to create your VM with an existing public key, specify the value or location of this public key by running the [az vm create](/cli/azure/vm) command with the `--ssh-key-value` option. 
 
 If you're not familiar with the format of an SSH public key, you can see your public key by running `cat` as follows, replacing `~/.ssh/id_rsa.pub` with your own public key file location:
 
+# RSA key pair
 ```bash
 cat ~/.ssh/id_rsa.pub
 ```
@@ -158,6 +215,30 @@ ssh-keygen \
 -m RFC4716 > ~/.ssh/id_ssh2.pem
 ```
 
+# ED25519 key pair
+```bash
+cat ~/.ssh/id_ed25519.pub
+```
+
+Output is similar to the following (redacted example below):
+
+```
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6I5JuhGq3RidMNpxrplIQwEfc4Rh7UyV8JYYH2U2xA azureuser@myserver
+```
+
+If you copy and paste the contents of the public key file into the Azure portal or a Resource Manager template, make sure you don't copy any additional whitespace or introduce additional line breaks. For example, if you use macOS, you can pipe the public key file (by default, `~/.ssh/id_ed25519.pub`) to **pbcopy** to copy the contents (there are other Linux programs that do the same thing, such as `xclip`).
+
+If you prefer to use a public key that is in a multiline format, you can generate an RFC4716 formatted key in a 'pem' container from the public key you previously created.
+
+To create a PEM formatted key from an existing SSH public key:
+
+```bash
+ssh-keygen \
+-f ~/.ssh/id_ed25519.pub \
+-e \
+-m RFC4716 > ~/.ssh/id_edssh.pem
+```
+
 ## SSH to your VM with an SSH client
 With the public key deployed on your Azure VM, and the private key on your local system, SSH to your VM using the IP address or DNS name of your VM. Replace *azureuser* and *myvm.westus.cloudapp.azure.com* in the following command with the administrator user name and the fully qualified domain name (or IP address):
 
@@ -184,6 +265,11 @@ Now add the private key to `ssh-agent` using the command `ssh-add`.
 ```bash
 ssh-add ~/.ssh/id_rsa
 ```
+or
+
+```bash
+ssh-add ~/.ssh/id_ed25519
+```
 
 The private key passphrase is now stored in `ssh-agent`.
 

articles/virtual-machines/linux/mac-create-ssh-keys.md

@@ -35,7 +35,13 @@ Use the `ssh-keygen` command to generate SSH public and private key files. By de
 The following command creates an SSH key pair using RSA encryption and a bit length of 4096:
 
 ```bash
-ssh-keygen -m PEM -t rsa -b 4096
+ssh-keygen -m PEM -t rsa -b 4096 -f ~/.ssh/id_rsa.pem
+```
+
+The following command creates an SSH key pair using ED25519 encryption with a fixed length of 256 bits:
+
+```bash
+ssh-keygen -m PEM -t ed25519 -f ~/.ssh/id_ed25519.pem
 ```
 
 > [!NOTE]
@@ -47,6 +53,9 @@ If you use the [Azure CLI](/cli/azure) to create your VM with the [az vm create]
 az vm create --name VMname --resource-group RGname --image Ubuntu2204 --generate-ssh-keys
 ```
 
+> [!NOTE]
+> [az sshkey create](/cli/azure/sshkey#az-sshkey-create) command deafults to RSA encryption and cannot be use to generate ED25519 key pairs, however you can create a ED25519 key pair using ssh-keygen as described above and then use that public key to create a VM.
+
 ## Provide an SSH public key when deploying a VM
 
 To create a Linux VM that uses SSH keys for authentication, specify your SSH public key when creating the VM using the Azure portal, Azure CLI, Azure Resource Manager templates, or other methods:
@@ -57,19 +66,28 @@ To create a Linux VM that uses SSH keys for authentication, specify your SSH pub
 
 If you're not familiar with the format of an SSH public key, you can display your public key with the following `cat` command, replacing `~/.ssh/id_rsa.pub` with the path and filename of your own public key file if needed:
 
+# RSA key pair
 ```bash
 cat ~/.ssh/id_rsa.pub
 ```
-
-A typical public key value looks like this example:
+A typical RSA public key value looks like this example:
 
 ```output
 ssh-rsa AAAAB3NzaC1yc2EAABADAQABAAACAQC1/KanayNr+Q7ogR5mKnGpKWRBQU7F3Jjhn7utdf7Z2iUFykaYx+MInSnT3XdnBRS8KhC0IP8ptbngIaNOWd6zM8hB6UrcRTlTpwk/SuGMw1Vb40xlEFphBkVEUgBolOoANIEXriAMvlDMZsgvnMFiQ12tD/u14cxy1WNEMAftey/vX3Fgp2vEq4zHXEliY/sFZLJUJzcRUI0MOfHXAuCjg/qyqqbIuTDFyfg8k0JTtyGFEMQhbXKcuP2yGx1uw0ice62LRzr8w0mszftXyMik1PnshRXbmE2xgINYg5xo/ra3mq2imwtOKJpfdtFoMiKhJmSNHBSkK7vFTeYgg0v2cQ2+vL38lcIFX4Oh+QCzvNF/AXoDVlQtVtSqfQxRVG79Zqio5p12gHFktlfV7reCBvVIhyxc2LlYUkrq4DHzkxNY5c9OGSHXSle9YsO3F1J5ip18f6gPq4xFmo6dVoJodZm9N0YMKCkZ4k1qJDESsJBk2ujDPmQQeMjJX3FnDXYYB182ZCGQzXfzlPDC29cWVgDZEXNHuYrOLmJTmYtLZ4WkdUhLLlt5XsdoKWqlWpbegyYtGZgeZNRtOOdN6ybOPJqmYFd2qRtb4sYPniGJDOGhx4VodXAjT09omhQJpE6wlZbRWDvKC55R2d/CSPHJscEiuudb+1SG2uA/oik/WQ== username@domainname
 ```
+# ED25519 key pair
+```bash
+cat ~/.ssh/id_ed25519.pub
+```
+A typical ED25519 public key value looks like this example:
+
+```output
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRjWGWLeiUQ3U9fNnCsNpXIyACpD/Jbm09OZGsz3DIM username@domainname
+```
 
 If you copy and paste the contents of the public key file to use in the Azure portal or a Resource Manager template, make sure you don't copy any trailing whitespace. To copy a public key in macOS, you can pipe the public key file to `pbcopy`. Similarly in Linux, you can pipe the public key file to programs such as `xclip`.
 
-The public key that you place on your Linux VM in Azure is by default stored in ~/.ssh/id_rsa.pub, unless you specified a different location when you created the key pair. To use the [Azure CLI 2.0](/cli/azure) to create your VM with an existing public key, specify the value and optionally the location of this public key using the [az vm create](/cli/azure/vm#az-vm-create) command with the `--ssh-key-values` option. In the following command, replace *myVM*, *myResourceGroup*, *UbuntuLTS*, *azureuser*, and *mysshkey.pub* with your own values:
+The public key that you place on your Linux VM in Azure is by default stored under ``~/.ssh/`` directory, unless you specified a different location when you created the key pair. To use the [Azure CLI 2.0](/cli/azure) to create your VM with an existing public key, specify the value and optionally the location of this public key using the [az vm create](/cli/azure/vm#az-vm-create) command with the `--ssh-key-values` option. In the following command, replace *myVM*, *myResourceGroup*, *UbuntuLTS*, *azureuser*, and *mysshkey.pub* with your own values:
 
 ```azurecli-interactive
 az vm create \

articles/virtual-machines/linux/ssh-from-windows.md

@@ -38,6 +38,9 @@ Your public key can be shared with anyone, but only you (or your local security
 
 [!INCLUDE [virtual-machines-common-ssh-support](../../../includes/virtual-machines-common-ssh-support.md)]
 
+> [!NOTE]
+> During preview, Ed25519 keys can only be used with Linux VMs, we intend to extend the ED25519 support to Windows VMs soon.
+
 ## SSH clients
 
 Recent versions of Windows 10 include [OpenSSH client commands](https://blogs.msdn.microsoft.com/commandline/2018/03/07/windows10v1803/) to create and use SSH keys and make SSH connections from PowerShell or a command prompt.
@@ -52,7 +55,7 @@ The easiest way to create and manage your SSH keys is to [use the portal to crea
 
 You can also create key pairs with the [Azure CLI](/cli/azure) with the [az sshkey create](/cli/azure/sshkey#az-sshkey-create) command, as described in [Generate and store SSH keys](../ssh-keys-azure-cli.md).
 
-To create an SSH key pair on your local computer using the `ssh-keygen` command from PowerShell or a command prompt, type the following command:
+To create an SSH key pair on your local computer using the `ssh-keygen` command from PowerShell or a command prompt, use the following command:
 
 ```powershell
 ssh-keygen -m PEM -t rsa -b 2048

articles/virtual-machines/media/ssh-keys/portal_ed25519_key.png

@@ -33,7 +33,7 @@ For more detailed information about creating and using SSH keys with Linux VMs,
 
 1. On the **SSH Key** page, select **Create**.
 
-   :::image type="content" source="./media/ssh-keys/portal-sshkey.png" alt-text="Create a new resource group and generate an SSH key pair":::
+   :::image type="content" source="./media/ssh-keys/portal_ed25519_key.png" alt-text="Create a new resource group and generate an SSH key pair":::
 
 1. In **Resource group** select **Create new** to create a new resource group to store your keys. Type a name for your resource group and select **OK**.
 
@@ -43,6 +43,8 @@ For more detailed information about creating and using SSH keys with Linux VMs,
 
 1. In **SSH public key source**, select **Generate public key source**. 
 
+1. In **SSH Key Type**, select either **RSA SSH Format** or **Ed25519 SSH Format** [Preview]
+
 1. When you're done, select **Review + create**.
 
 1. After it passes validation, select **Create**.

articles/virtual-machines/ssh-keys-portal.md

@@ -12,4 +12,4 @@ ms.author: jushiman
 
 ## Supported SSH key formats
 
-Azure currently supports SSH protocol 2 (SSH-2) RSA public-private key pairs with a minimum length of 2048 bits. Other key formats such as ED25519 and ECDSA are not supported. 
+Azure currently supports SSH protocol 2 (SSH-2) RSA public-private key pairs with a minimum length of 2048 bits. Support for ED25519 Keys is in preview, other key formats such as ECDH and ECDSA are currenlty not supported.