- SiteGround uses key pairs for SSH authentication purposes, as opposed to plain username and password. More information on SSH keys is available here. You can generate an SSH key pair in Mac OS following these steps: Open up the Terminal by going to Applications - Utilities - Terminal.
- If you need to access your git repos using a public ssh key, you can generate one now by logging in as the jenkins user and running ssh-keygen Shell Shashi-MacBook-Pro: user$ sudo -su jenkins bash-3.2$ ssh-keygen Generating public/private rsa key pair.
To specify the SSH key in the Git step. When the Jenkins server is operational, navigate to the Web interface. Create a new Jenkins project. In the Source Code Management section Select Git. Enter the SSH URL of the repository. When you are adding the first project, click the Add button to create the credential.
Azure Repos | Azure DevOps Server 2019 | TFS 2018 | TFS 2017 | TFS 2015 Update 3
Connect to your Git repos through SSH on macOS, Linux, or Windows to securely connect using HTTPS authentication. On Windows, we recommended the use of Git Credential Managers or Personal Access Tokens.
Important
SSH URLs have changed, but old SSH URLs will continue to work. If you have already set up SSH, you should update your remote URLs to the new format:
- Verify which remotes are using SSH by running
git remote -v
in your Git client. - Visit your repository on the web and select the Clone button in the upper right.
- Select SSH and copy the new SSH URL.
- In your Git client, run:
git remote set-url <remote name, e.g. origin> <new SSH URL>
. Alternatively, in Visual Studio, go to Repository Settings, and edit your remotes.
Note
Jenkins Add Ssh Keys
As of Visual Studio 2017, SSH can be used to connect to Git repos.
How SSH key authentication works
SSH public key authentication works with an asymmetric pair of generated encryption keys. The public key is shared with Azure DevOps and used to verify the initial ssh connection. The private key is kept safe and secure on your system.
Set up SSH key authentication
The following steps cover configuration of SSH key authentication on the following platforms:
- Linux
- macOS running at least Leopard (10.5)
- Windows systems running Git for Windows
Configure SSH using the command line.
bash
is the common shell on Linux and macOS and the Git for Windows installation adds a shortcut to Git Bash in the Start menu.Other shell environments will work, but are not covered in this article.Step 1: Create your SSH keys
Note
If you have already created SSH keys on your system, skip this step and go to configuring SSH keys.
The commands here will let you create new default SSH keys, overwriting existing default keys. Before continuing, check your
~/.ssh
folder (for example, /home/jamal/.ssh or C:Usersjamal.ssh) and look for the following files:- id_rsa
- id_rsa.pub
If these files exist, then you have already created SSH keys. You can overwrite the keys with the following commands, or skip this step and go to configuring SSH keys to reuse these keys.
Create your SSH keys with the
ssh-keygen
command from the bash
prompt. This command will create a 2048-bit RSA key for use with SSH. You can give a passphrasefor your private key when prompted—this passphrase provides another layer of security for your private key.If you give a passphrase, be sure to configure the SSH agent to cache your passphrase so you don't have to enter it every time you connect.This command produces the two keys needed for SSH authentication: your private key ( id_rsa ) and the public key ( id_rsa.pub ). It is important to never share the contents of your private key. If the private key iscompromised, attackers can use it to trick servers into thinking the connection is coming from you.
Step 2: Add the public key to Azure DevOps Services/TFS
Associate the public key generated in the previous step with your user ID.
- Open your security settings by browsing to the web portal and selecting your avatar in the upper right of theuser interface. Select Security in the menu that appears.
- Select SSH public keys, and then select + New Key.
- Copy the contents of the public key (for example, id_rsa.pub) that you generated into the Public Key Data field.ImportantAvoid adding whitespace or new lines into the Key Data field, as they can cause Azure DevOps Services to use an invalid public key. When pasting in the key, a newline often is added at the end. Be sure to remove this newline if it occurs.
- Give the key a useful description (this description will be displayed on the SSH public keys page for your profile) so that you can remember it later. Select Save to store the public key. Once saved, you cannot change the key. You can delete the key or create a new entry for another key. There are no restrictions on how many keys you can add to your user profile.
Step 3: Clone the Git repository with SSH
Note
To connect with SSH from an existing cloned repo, see updating your remotes to SSH.
- Copy the SSH clone URL from the web portal. In this example, the SSL clone URL is for a repo in an organization named fabrikam-fiber, as indicated by the first part of the URL after
dev.azure.com
.NoteProject URLs have changed with the release of Azure DevOps Services and now have the formatdev.azure.com/{your organization}/{your project}
, but you can still use the existingvisualstudio.com
format. For more information, see VSTS is now Azure DevOps Services. - Run
git clone
from the command prompt.
SSH may display the server's SSH fingerprint and ask you to verify it.
For cloud-hosted Azure DevOps Services, where clone URLs contain either
ssh.dev.azure.com
or vs-ssh.visualstudio.com
, the fingerprint should match one of the following formats:- MD5:
97:70:33:82:fd:29:3a:73:39:af:6a:07:ad:f8:80:49
(RSA) - SHA256:
SHA256:ohD8VZEXGWo6Ez8GSEJQ9WpafgLFsOfLOtGGQCQo6Og
(RSA)These fingerprints are also listed in the SSH public keys page.
For self-hosted instances of Azure DevOps Server, you should verify that the displayed fingerprint matches one of the fingerprints in the SSH public keys page.
SSH displays this fingerprint when it connects to an unknown host to protect you from man-in-the-middle attacks.Once you accept the host's fingerprint, SSH will not prompt you again unless the fingerprint changes.
When you are asked if you want to continue connecting, type
yes
. Git will clone the repo and set up the origin
remote to connect with SSH for future Git commands.Tip
Avoid trouble: Windows users will need to run a command to have Git reuse their SSH key passphrase.
Questions and troubleshooting
Q: After running git clone, I get the following error. What should I do?
Host key verification failed.fatal: Could not read from remote repository.
A: Manually record the SSH key by running:
ssh-keyscan -t rsa domain.com >> ~/.ssh/known_hosts
Q: How can I have Git remember the passphrase for my key on Windows?
A: Run the following command included in Git for Windows to start up the
ssh-agent
process in Powershell or the Windows Command Prompt. ssh-agent
will cacheyour passphrase so you don't have to provide it every time you connect to your repo.If you're using the Bash shell (including Git Bash), start ssh-agent with:
Q: I use PuTTY as my SSH client and generated my keys with PuTTYgen. Can I use these keys with Azure DevOps Services?
A: Yes. Load the private key with PuTTYgen, go to Conversions menu and select Export OpenSSH key.Save the private key file and then follow the steps to set up non-default keys.Copy your public key directly from the PuTTYgen window and paste into the Key Data field in your security settings.
Q: How can I verify that the public key I uploaded is the same key as I have locally?
A: You can verify the fingerprint of the public key uploaded with the one displayed in your profile through the following
ssh-keygen
command run against your public key usingthe bash
command line. You will need to change the path and the public key filename if you are not using the defaults.You can then compare the MD5 signature to the one in your profile. This check is useful if you have connection problems or have concerns about incorrectlypasting in the public key into the Key Data field when adding the key to Azure DevOps Services.
Q: How can I start using SSH in a repository where I am currently using HTTPS?
A: You'll need to update the
origin
remote in Git to change over from a HTTPS to SSH URL. Once you have the SSH clone URL, run the following command:You can now run any Git command that connects to
origin
.Q: I'm using Git LFS with Azure DevOps Services and I get errors when pulling files tracked by Git LFS.
A: Azure DevOps Services currently doesn't support LFS over SSH. Use HTTPS to connect to repos with Git LFS tracked files.
Q: How can I use a non default key location, i.e. not ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub?
Generate Ssh Key Osx
A: To use keys created with
ssh-keygen
in a different place than the default, you do two things:- The keys must be in a folder that only you can read or edit. If the folder has wider permissions, SSH will not use the keys.
- You must let SSH know the location of the keys. You make SSH aware of keys through the
ssh-add
command, providing the full path to the private key.
On Windows, before running
ssh-add
, you will need to run the following command from included in Git for Windows:This command runs in both Powershell and the Command Prompt. If you are using Git Bash, the command you need to use is:
You can find
ssh-add
as part of the Git for Windows distribution and also run it in any shell environment on Windows.On macOS and Linux you also must have
ssh-agent
running before running ssh-add
, but the command environment on these platforms usuallytakes care of starting ssh-agent
for you.Q: I have multiple SSH keys. How do I use different SSH keys for different SSH servers or repos?
A: Generally, if you configure multiple keys for an SSH client and connect to an SSH server, the client can try the keys one at a time until the server accepts one.
However, this doesn't work with Azure DevOps for technical reasons related to the SSH protocol and how our Git SSH URLs are structured. Azure DevOps will blindly accept the first key that the client provides during authentication. If that key is invalid for the requested repo, the request will fail with the following error:
Generate Ssh Key Github
For Azure DevOps, you'll need to configure SSH to explicitly use a specific key file. One way to do this to edit your
~/.ssh/config
file (for example, /home/jamal/.ssh
or C:Usersjamal.ssh
) as follows:Q: What notifications may I receive about my SSH keys?
A: Whenever you register a new SSH Key with Azure DevOps Services, you will receive an email notification informing you that a new SSH key has been added to your account.
Q: What do I do if I believe that someone other than me is adding SSH keys on my account?
A: If you receive a notification of an SSH key being registered and you did not manually upload it to the service, your credentials may have been compromised.
The next step would be to investigate whether or not your password has been compromised. Changing your password is always a good first step to defend against this attack vector. If you’re an Azure Active Directory user, talk with your administrator to check if your account was used from an unknown source/location.
PuTTYgen is a key generator tool for creating pairs of public and private SSH keys. It is one of the components of the open-source networking client PuTTY. Although originally written for Microsoft Windows operating system, it is now officially available for multiple operating systems including macOS, Linux. PuTTYgen.exe is the graphical tool on Windows OS. While on the other side, Linux OS has the only command-line version could be accessible using SSH commands.
- 1 Download PuTTYgen
- 1.1 Download PuTTYgen on Windows
- 1.2 Download PuTTYgen for Mac
- 1.3 Download PuTTYgen for Ubuntu/Linux
- 1.3.3 Types of Keys Supported on PuTTYgen
Puttygen aka Putty Key Generator
The key generation utility – PuTTYgen can create various public-key cryptosystems including Rivest–Shamir–Adleman (RSA), Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA), and Edwards-curve Digital Signature Algorithm (EdDSA) keys.
The aforementioned public-key cryptosystems principally focus on secure data transmission and digital signatures.
Although PuTTYgen collects keys in its native file format i.e. .ppk files, the keys can easily be converted to any file format. For Windows, the software interface is PuTTYgen.exe, whereas, for Linux OS the command-line adaptation is available using SSH commands.
How to use PuTTYgen?
PuTTYgen is used to generate public or private key pair for creating SSH keys. Below is the complete guidance about how to generate RSA key in the Windows operating system:
- Once you install the PuTTY on your machine, you can easily run PuTTYgen. For the same, go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen.
- You will see the PuTTY key generator dialog box on your screen
- You will find a “Generate” button in that dialog. Clicking on it will lead to generating the keys for you.
- Now you will need to add a unique key passphrase in the Key passphrase and Confirm passphrase field.
- Click on the “Save Public Key” and “Save Private Key” buttons to save your public and private keys.
- You will see the text starting with ssh-RSA in the Public key for pasting into OpenSSH authorized_keys file field which is located at the top of the window. Copy that entire text to your clipboard by pressing ctrl+c as you will require the key to paste on your clipboard in the public key tool of control panel or directly on the cloud server.
Various Ways to Use RSA Key Pair
RSA key pair generated through PuTTYgen is used in two various ways defined as below:
- To assign while creating a new cloud server
You can choose the public key from the given list of keys at the time of creating a cloud server. If you don’t find your key in that list, then first add and then assign it. - Assign to an existing cloud server
At the time of connecting to the cloud server, first of all, you need to tell PuTTY to use it for utilizing your newly created RSA key pair.
PuTTYgen being a component of the terminal emulator PuTTY does not have to be downloaded separately, hence, comes with the PuTTY .msi installation package. You can follow the simple steps to download PuTTYgen software for your system. That is the reason why you don’t need to download PuTTYgen separately. Once you download PuTTY software, you will be able to install and run PuTTYgen easily in no time. Below is the complete instruction about how to download and install PuTTY on Windows.
Apart from that, it is also integrated into third-party programs such as WinSCP installation package. Below you can find a complete PuTTYgen download and installation guide for all operating systems.
Download PuTTYgen on Windows
To download PuTTYgen the primary requisite is to acquire the copy of PuTTY installation package. For the 64-bit operating system, one must install the 64-bit version of PuTTY, i.e. putty-64bit-<version>-installer.msi.Similarly, for the 32-bit operating system, the respective 32-bit version of PuTTY, i.e. putty-<version>-installer.msi needs to be installed.
To get PuTTY, go to PuTTY Installation Download page, whereby the complete installation package will be available with setup instructions, installation guide, and download links to all other components of PuTTY such as putty.exe, pscp.exe, psftp.exe, puttytel.exe, plink.exe, pageant.exe and putty.zip.
Following the successful download of the PuTTY installation package. It is time to install the program. Go to How to install PuTTY on Windows, whereby you will find the step by step guidance for PuTTY installation for Windows operating system.
After successfully downloading and installing PuTTY on your Windows machine, you are just 2-3 clicks away to run PuTTYgen. Follow the below-given step by step guidance to run PuTTYgen:
Run PuTTYgen on Windows
To run PuTTYgen, Go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen. You will see a window for the PuTTY Key Generator on your screen.
Voila! Now you can generate public or private key pair using PuTTYgen.
Download PuTTYgen for Mac
Below is the detailed guide to download PuTTYgen on Mac operating system. Mac OS has a built-in command-line SSH client known as Terminal. To utilize it, go to Finder and then opt for Go -> utilities from the top menu. After that find the terminal which supports SSH connections to remote servers.
However, to run PuTTYgen for mac, the first one must have to install PuTTY. There are multiple ways to install PuTTY, which are Homebrew or MacPorts. Both alternatives will also install the command-line of adaptations of PuTTYgen.
Ported PuTTY for Mac
Mac has the port of PuTTY which can be installed in various ways described as below:
- Installation using Homebrew:
First, install the ‘brew command line’ Once installed use the below-given command to install PuTTY:-sudo brew install putty
- Installation using MacPorts:
First of all, one must install MacPorts and then use the command-line to install PuTTY. Here is the command to install PuTTY via MacPortssudo port install putty
Additionally, a user can also add a shortcut to the desktop by writing the following command line–cp /opt/local/bin/putty ~/Desktop/PuTTY
However, there is an alternative way to install PuTTY on Mac OS. Cyberduck is a widely used Mac OS SSH Client. Once PuTTY installed on the Mac OS, a user can convert PuTTY derived private key format to OpenSSH.
To convert the private key to standard PEM format, type the following command –
puttygen privatekey.ppk -O private-openssh -o privatekey.pem
You can also read the guide to convert .pem file to .ppk using puttygen.
Download PuTTYgen for Ubuntu/Linux
To download PuTTYgen for Ubuntu (Linux) operating system, a user to first install PuTTY. However, in some Linux distributions, the SSH key generation tool – PuTTYgen needs to be installed independently from the PuTTY client.
For example, Debian Linux requires the below-given code to install PuTTYgen:
sudo apt install putty-tools
Generate Key Pair for Authentication in Linux
To create the key pair for authentication in Linux use the below command:-
puttygen -t rsa -b 2048 -C 'user@host' -o keyfile.ppk
Various Command Line Options of PuTTY in Linux
Below are few important command line options in the Linux operating system for PuTTY:
PuTTYgen [-t keytype [-b bits] [-q] | keyfile]
[-C new-comment] [-P]
[-O output-type | -p | -l | -L]
[-o output-file]
[-C new-comment] [-P]
[-O output-type | -p | -l | -L]
[-o output-file]
Options:
- Keyfile – It is the name of the existing key file to read at the time of changing the current key.
- –t keytype – The command specifies the type of key to creating. Its acceptable values are RSA and dsa.rsa1.
- -b bits – This command specifies a total number of bit in a particular key. 1024 is the perfect size for DSA key, while 2048 or 4096 are the perfect size for RSA keys.
- –q – The command suppresses the message about progress at the time of key generation.
- -C new-comment – The command will specify the comment to describe the key. It can be used for the new and/or existing key. Key operation is not affected by a comment. However, it is used to recognize the key owner, it’s not reliable completely as any value can be applied to it.
- –P – Using the command will update the passphrase of a key. Passphrase helps to encrypt the private key. As passphrase can’t add or update on a command line, it prompts a new passphrase tool to alter it.
- –old-passphrase-file – The old password of the key remains in this file. The command is used when the key is protected by a passphrase.
- –new-passphrase file – This command prompts the new passphrase of the key. It comes in the action either at the time of generating a new key or while applying –P command to change the passphrase.
- -O output-type – This command defines what to give in output. By default, the private key is the output.
Thus, above are the prominent commands of PuTTYgen in Linux operating system. Besides that, there are many other commands available to perform various tasks from the command prompt in Linux at flank speed.
Types of Keys Supported on PuTTYgen
It is important to know the types of key PuTTYgen supports prior to using it. Below are the key types that it currently supports for SSH-2 and SSH-1 protocol:-
- SSH-1 protocol:- For SSH-1 only supports one key i.e. Rivest–Shamir–Adleman (RSA)
- SSH-2 protocol: – SSH-2 supports multiple key types that include – Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA) and Ed25519.
The above description is a detailed brief on downloading and running PuTTYgen on all major operating systems. For further details please check the Download PuTTY page.