Azure Repo SSH Key Configuration Tutorial

To configure SSH keys in Azure Repos, you need to create a new SSH key pair. This involves generating a public and private key pair using tools like SSH Keygen or PuTTYgen.

Azure Repos supports RSA and ED25519 key types, but RSA keys are recommended for better compatibility. RSA keys are also more widely supported, making them a safer choice.

You can use the public key to authenticate with Azure Repos, while keeping the private key secure and private. This way, you can access your repositories without having to enter a password every time.

To add a new SSH key to Azure Repos, you'll need to upload the public key to your Azure Repos account. This involves navigating to your account settings and clicking on the "SSH keys" tab.

A different take: Storage Account Key Azure

To create an SSH key, you need to generate a public/private key pair. You can use ssh-keygen.exe to generate key files, and the supported algorithm by Azure DevOps is RSA.

The output from the command will display a prompt to specify a path and/or filename for the key files. You can press Enter to accept the default location, or specify a custom location.

A passphrase can be used to encrypt the private key files, which provides two-factor authentication. However, it's not recommended to leave the passphrase empty.

The generated public key will be in a file with a .pub extension, while the private key will be in a file without an extension. The private key files should be protected, as they are equivalent to a password and can be used to trick servers into thinking the connection is coming from you.

You can run the following command to generate key files using the RSA algorithm:

```

ssh-keygen.exe -t rsa

```

This will generate a key pair with the default location and a passphrase. You can modify the command to specify a custom location or passphrase.

To add a key to Azure DevOps, you'll need to navigate to the SSH Public Keys page in your account settings. Click the "New Key" button, enter a name for your key, and paste in the content of your id_rsa.pub file.

You can't scope SSH keys, so using them will give you the same rights as the user who owns the account. Be careful with this, as it's easy to accidentally grant too much access.

To add a public key to Azure DevOps, you'll need to follow these steps: Open your security settings by browsing to the web portal and selecting the icon next to your avatar.Select SSH public keys in the menu that appears.Copy the contents of your public key into the Public Key Data field, making sure to remove any whitespace or new lines.Give the key a useful description and select Save to store the public key.

To add your public key to Azure DevOps, you need to associate it with your user ID. This is done by going to the security settings in the Azure DevOps portal, selecting the SSH public keys option, and clicking on the + New Key button.

You'll then need to copy the contents of your public key file into the Public Key Data field. Be careful not to add any whitespace or new lines, as this can cause Azure DevOps to use an invalid public key.

You can add a description to the key to help you remember it later. Once saved, you can't change the key, but you can delete it or create a new entry for another key.

You can add multiple keys to your user profile, and there are no restrictions on how many keys you can add. However, it's worth noting that SSH keys stored in Azure DevOps expire after one year.

Here's an interesting read: Azure App Configuration Unique Keys

To test the connection, run the command ssh -T [email protected]. If you're connecting for the first time, you'll receive a prompt asking if you're sure you want to continue connecting. Compare the fingerprint displayed on the SSH Public Keys page with the SHA256 fingerprint displayed in the output, and proceed only if they match.

Here's a step-by-step guide to adding your public key:

To configure Azure Repo, you need to obtain the known host file, which identifies the server you want to connect to and tells Azure DevOps to trust it.

The known host file is obtained by running a command that returns some text, and you need to copy the line that is not commented out.

You should replace "ssh.dev.azure.com" with the actual hostname of what you are connecting to, such as if the repo is on Azure DevOps.

This command is a crucial step in configuring Azure Repo, as it allows you to trust the server and avoid being prompted to ask if it's okay.

To access Azure Repo, you need to set up SSH keys, which allow secure access to your repository.

You can use SSH to access your protected repository in Azure DevOps pipelines.

Because you're using SSH, you'll need to configure your pipeline with the information to connect using SSH.

This is necessary to run your Terraform code referencing Git and your SSH keys setup.

In Azure DevOps pipelines, SSH is used to connect to protected repositories, which is a common practice.

Your pipeline will need the SSH information to run the Terraform code successfully.

Recommended read: Access Azure Key Vault Using Service Principal C#

Troubleshooting SSH connection issues with Azure Repos can be frustrating, but there are some common problems you can look out for.

If you're seeing a warning message about a problem with your SSH connection, it's likely because Azure DevOps blindly accepts the first key that the client provides during authentication, which can lead to errors if the key is invalid for the requested repository.

To resolve this issue, you can try updating the origin remote in Git to change from an HTTPS to SSH URL. This can be done by running a specific command once you have the SSH clone URL.

If you're still having trouble establishing a connection, check your SSH configuration file. You may need to add a specific line of code to your ~/.ssh/config file to work around the issue.

Some Linux distributions, such as Fedora Linux, have crypto policies that require stronger SSH signature algorithms than Azure DevOps supports. This can cause problems with SSH connections.

If you're seeing ssh-rsa related warnings, it's likely because you've modified your SSH config to downgrade your security settings for Azure DevOps. To resolve this issue, you should remove those lines from your SSH config file and ensure that rsa-sha2-256 and/or rsa-sha2-512 are allowed.

You can verify the fingerprint of your public key by running a specific command against your public key using the command line. This can help you ensure that your public key is correctly uploaded to Azure DevOps.