Use SSH key authentication in Azure DevOps
Use SSH key authentication
Azure DevOps Services | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018 - TFS 2015
Connect to your Git repos through SSH on macOS, Linux, or Windows to securely connect using HTTPS authentication. On Windows, we recommended the use of Git Credential Manager Core or Personal Access Tokens.
Important
SSH URLs have changed, but old SSH URLs will continue to work. If you have already set up SSH, you should update your remote URLs to the new format:
- Verify which remotes are using SSH by running
git remote -v
in your Git client. - Visit your repository on the web and select the Clone button in the upper right.
- Select SSH and copy the new SSH URL.
- In your Git client, run:
git remote set-url <remote name, e.g. origin> <new SSH URL>
. Alternatively, in Visual Studio, go to Repository Settings, and edit your remotes.
Note
As of Visual Studio 2017, SSH can be used to connect to Azure DevOps Git repos.
How SSH key authentication works
SSH public key authentication works with an asymmetric pair of generated encryption keys. The public key is shared with Azure DevOps and used to verify the initial ssh connection. The private key is kept safe and secure on your system.
Set up SSH key authentication
The following steps cover configuration of SSH key authentication on the following platforms:
- Linux
- macOS running at least Leopard (10.5)
- Windows systems running Git for Windows
Configure SSH using the command line. bash
is the common shell on Linux and macOS and the Git for Windows installation adds a shortcut to Git Bash in the Start menu. Other shell environments will work, but are not covered in this article.
Step 1: Create your SSH keys
Note
If you have already created SSH keys on your system, skip this step and go to configuring SSH keys.
The commands here will let you create new default SSH keys, overwriting existing default keys. Before continuing, check your ~/.ssh
folder (for example, /home/jamal/.ssh or C:\Users\jamal\.ssh) and look for the following files:
- id_rsa
- id_rsa.pub
If these files exist, then you have already created SSH keys. You can overwrite the keys with the following commands, or skip this step and go to configuring SSH keys to reuse these keys.
Create your SSH keys with the ssh-keygen
command from the bash
prompt. This command will create a 3072-bit RSA key for use with SSH. You can give a passphrase for your private key when prompted—this passphrase provides another layer of security for your private key. If you give a passphrase, be sure to configure the SSH agent to cache your passphrase so you don't have to enter it every time you connect.
$ ssh-keygen -C "jamal@fabrikam.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/jamal/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/jamal/.ssh/id_rsa.
Your public key has been saved in /c/Users/jamal/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:******************************************* jamal@fabrikam.com
The key's randomart image is:
+---[RSA 3072]----+
|+. +yX*o . |
|... ..E+*=o |
| ..o.=E=.o |
| . * =.o . |
| . S o o.. |
| + .oo |
| S+. . |
| ..+.+ |
| o*.. |
+----[SHA256]-----+
This command produces the two keys needed for SSH authentication: your private key ( id_rsa ) and the public key ( id_rsa.pub ). It is important to never share the contents of your private key. If the private key is compromised, attackers can use it to trick servers into thinking the connection is coming from you.
Step 2: Add the public key to Azure DevOps Services/TFS
Associate the public key generated in the previous step with your user ID.
-
Open your security settings by browsing to the web portal and selecting your avatar in the upper right of the user interface. Select SSH public keys in the menu that appears.
-
Select + New Key.
-
Copy the contents of the public key (for example, id_rsa.pub) that you generated into the Public Key Data field.
Important
Avoid adding whitespace or new lines into the Key Data field, as they can cause Azure DevOps Services to use an invalid public key. When pasting in the key, a newline often is added at the end. Be sure to remove this newline if it occurs.
-
Give the key a useful description (this description will be displayed on the SSH public keys page for your profile) so that you can remember it later. Select Save to store the public key. Once saved, you cannot change the key. You can delete the key or create a new entry for another key. There are no restrictions on how many keys you can add to your user profile. Also note that SSH keys stored in Azure DevOps expire after five years. If your key expires, you may upload a new key or the same one to continue accessing Azure DevOps via SSH.
-
Test the connection by running the following command:
ssh -T git@ssh.dev.azure.com
. If everything is working correctly, you'll receive a response which says:remote: Shell access is not supported.
If not, see the section on Questions and troubleshooting.
相关文章
- Azure DevOps Azure Repos Git How-to Guides Use SSH key authentication
- 入门:如何在 Kali Linux 上安装 SSH 服务
- ssh工具连接 vmware虚拟机的linux 网络适配器的网络连接类型为"仅主机"
- SSH
- 第1章 ssh命令和SSH服务详解
- Windows上安装配置SSH教程(6)——综合应用:在Windows上实现SSH远程登陆与文件传输
- linux开启ssh服务
- 浅析 JSch - Java实现的SSH通讯包:jsch作用、4种认证方式、如何配置免密登录、ssh公钥检查机制及3种选项、如何实现sftp文件传输、maven依赖及具体使用示例代码
- SSH搭建
- #Cisco#SSH ssh时出现“diffie-hellman-group1-sha1”问题
- java教程(五)SSH框架-配置
- 【树莓派】树莓派新版系统SSH连接被拒绝问题处理
- Kali连接不上ssh
- 多个电脑之间使用相同的ssh密钥
- 用SSH访问内网主机的方法