Visual Studio Team Services Support
Our friendly support bot is here to help!
We are here to help
Help me troubleshoot SSH key authentication in Team Foundation Server
Questions and Troubleshooting
How can I have Git remember the passphrase for my key on Windows?Run the following command included in Git for Windows to start up the
ssh-agentprocess in Powershell or the Windows Command Prompt.
ssh-agentwill cache your passphrase so you don't have to provide it every time you connect to your repo.
> start-ssh-agent.cmdIf you are using the Bash shell (including Git Bash), start ssh-agent with:
> eval `ssh-agent`
I use PuTTY as my SSH client and generated my keys with PuTTYgen. Can I use these keys with Team Services?Yes. Load the private key with PuTTYgen, go to Conversions menu and select Export OpenSSH key. Save the private key file and then follow the steps to set up non-default keys. Copy you public key directly from the PuTTYgen window and paste into the Key Data field in your security settings.
How can I verify that the public key I uploaded is the same key as I have locally?You can verify the fingerprint of the public key uploaded with the one displayed in your profile through the following
ssh-keygencommand run against your public key using the
bashcommand line. You will need to change the path and the public key filename if you are not using the defaults.
> ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 2048 MD5:c8:d3:7b:f1:49:9d:c9:a9:38:e6:12:5e:ba:4f:c9:9a email@example.com (RSA)You can then compare the MD5 signature to the one in your profile. This is useful if you have connection problems or have concerns about incorrectly pasting in the public key into the Key Data field when adding the key to Team Services.
How can I test my SSH connection without running a Git command?Run the following from the command prompt to test your connection:
> ssh -T firstname.lastname@example.orgYou will replace
email@example.com the corresponding information from the clone URL from the repository, e.g.
firstname.lastname@example.org from the above example. You will see this output if successful:
Authentication for user with identifier "2ee0ba7b-fb11-44b3-b69e-33684597fbfb" was successful against account "fabfiber".
Shell is not supported.
How can I start using SSH in a repository where I am currently using HTTPS?You'll need to update the
originremote in Git to change over from a HTTPS to SSH URL. Once you have the SSH clone URL, run the following command:
> git remote set-url origin ssh://email@example.com:22/DefaultCollection/_git/fabrikamtoolsYou can now run any Git command that connects to
How can I use a non default key location, i.e. not ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub ?To use keys created with
ssh-keygenin a different place than the default, you do two things:
- The keys must be in a folder that only you can read or edit. If the folder has wider permissions, SSH will not use the keys.
- You must let SSH know the location of the keys. You make SSH aware of keys through the
ssh-addcommand, providing the full path to the private key.
> ssh-add /home/frank/.ssh/id_frank.rsaOn Windows, before running
ssh-add, you will need to run the following command from included in Git for Windows:
> start-ssh-agent.cmdThis command runs in both Powershell and the Command Prompt. If you are using Git Bash, the command you need to use is:
> eval `ssh-agent`You can find
ssh-addas part of the Git for Windows distribution and also run it in any shell environment on Windows.
On Mac OS X and Linux you also must have
ssh-agent running before running
ssh-add, but the command environment on these platforms usually takes care of starting
ssh-agent for you.