az-sshkey
Manage SSH keys for Azure resources
TLDR
Create a new SSH key
Upload an existing SSH key
List all SSH public keys
Show information about an SSH public key
SYNOPSIS
az sshkey SUBCOMMAND [OPTIONS]
Common Subcommands:
az sshkey create --name KEY_NAME --resource-group RESOURCE_GROUP [--public-key-file FILE_PATH | --public-key-value KEY_VALUE] [--location LOCATION]
az sshkey list [--resource-group RESOURCE_GROUP]
az sshkey show --name KEY_NAME --resource-group RESOURCE_GROUP
az sshkey delete --name KEY_NAME --resource-group RESOURCE_GROUP
PARAMETERS
--name
Required. The unique name for the SSH key resource within Azure.
--resource-group
Required. The name of the resource group where the SSH key resource will be created or managed.
--public-key-file
Path to an existing public key file (e.g., ~/.ssh/id_rsa.pub) to upload and register as an Azure SSH key resource. Used with 'create'.
--public-key-value
The literal public key value (e.g., 'ssh-rsa AAAAB3Nz... user@host') to upload and register as an Azure SSH key resource. Used with 'create'.
--location
The Azure region (e.g., 'eastus', 'westus2') where the SSH key resource will be created. If not specified, the resource group's location is used. Used with 'create'.
--tags
Space-separated tags in key[=value] format to apply to the SSH key resource. Used with 'create'.
DESCRIPTION
The az sshkey command group within the Azure CLI provides comprehensive tools for managing SSH public and private key pairs specifically designed for use with Azure resources. Although the exact command az-sshkey is not a standalone executable, this command group fulfills the functionality of managing SSH keys within the Azure environment.
These keys are crucial for secure authentication when connecting to Linux virtual machines (VMs) or other services like Azure VPN Gateways. Instead of needing to manually generate keys with ssh-keygen and then upload the public key, az sshkey allows users to create, list, show, and delete SSH key resources directly within Azure, integrating key management with Azure's identity and access control mechanisms. It streamlines the process of associating SSH keys with newly created VMs or updating existing ones, making cloud resource access more secure and efficient.
CAVEATS
This command group manages SSH key resources within Azure. It does not directly manage local SSH keys on your machine (e.g., in ~/.ssh), though it can create them locally when generating new keys. Proper management of the private key on your local machine is crucial for security. The command requires the Azure CLI to be installed and configured (e.g., by running az login).
RESOURCE MANAGEMENT
Unlike local SSH keys, az sshkey registers your public keys as managed resources within Azure. This allows for centralized management and integration with Azure Policy and Role-Based Access Control (RBAC), enabling finer-grained control over who can use which keys for Azure resources.
AUTOMATIC KEY GENERATION
If neither --public-key-file nor --public-key-value is provided during az sshkey create, the Azure CLI will automatically generate a new SSH key pair (both public and private) on your local machine in the ~/.ssh directory. It then uploads the public key to Azure as a managed resource. This provides a convenient way to get started without needing pre-existing keys or external tools.
HISTORY
The az sshkey command group was introduced to streamline the management of SSH keys specifically within the Azure ecosystem. Before its existence, users typically had to manually generate SSH key pairs locally using ssh-keygen, then copy the public key content or path to Azure CLI commands like az vm create via parameters such as --ssh-key-values. The az sshkey commands simplify this by allowing the creation, registration, and referencing of SSH key resources directly within Azure, making key management more integrated with Azure's resource model and access control. It reflects Microsoft's continuous effort to enhance developer experience and security for cloud deployments.
SEE ALSO
ssh-keygen(1), ssh(1), az vm create, az login
