Git SSH public key authentication failed with git on Azure DevOps

Question

I am trying to push a git repo from PowerShell into an Azure DevOps repo, and I keep getting different auth errors when trying to push it.

I am hoping somebody can shed some light on what I check, and do a proper walkthrough.

E.g.,

git remote add origin git@ssh.dev.azure.com:v3/MyAzure/MyProject/MyRepo
git push -u origin --all

I keep getting:

git@ssh.dev.azure.com's password:

I've input all sorts of passwords, but it's still failing. Which password is it talking about?

Alternatively, I've also gotten:

Permission denied, please try again.

fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

Verification:

$ ssh -T myemail@mycompany.com
ssh: connect to host mycompany.com  port 22: Connection refused

I have done the following:

Created a repo in Azure DevOps
Created a SSH key using git-bash, as per Microsoft's documentation, copied and pasted without spaces into Azure DevOps security.
Gone to my profile/security and added an SSH key (generated in git-bash)

Am I missing the obvious? Is it better to use personal access token? Can anyone provide a walk through of the correct steps?

please follow [this](https://learn.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=vsts) step by step instruction — Jayendran, Oct 25 '18 at 10:52
did the `Git clone git@ssh.dev.azure.com:v3/fabrikam-fiber/FabrikamFiber/FabrikamFiber` works fine ? — Jayendran, Oct 26 '18 at 02:22
@Jayendran it asks me enter passphrase for key .ssh/id_rsa ,left it empy and press enter and then asks me for git@ssh.dev.azure.com's password — developer9969, Oct 26 '18 at 04:35
@Jayendran I have the same issue, I enter the passphrase I setup for my ssh key, but then I'm asked for the `git@ssh.dev.azure.com's password` — Schalton, Nov 05 '18 at 13:50
https://stackoverflow.com/questions/43868402/cloning-a-git-repo-from-vsts-over-ssh-asks-a-password-unexpected indicates that we're being prompted for the password because the SSH validation is failing — Schalton, Nov 05 '18 at 13:53
In case someone runs into this problem when trying to use Pageant on windows: the solution is to put the path of your plink.exe file in an environment variable named "GIT_SSH" — Joe, Sep 08 '19 at 13:16
look at the official doc [I have multiple SSH keys. How do I use different SSH keys for different SSH servers or repos?](https://learn.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops&tabs=current-page#q-i-have-multiple-ssh-keys--how-do-i-use-different-ssh-keys-for-different-ssh-servers-or-repos) — vladimir, May 06 '20 at 09:34

score 90 · Answer 1 · edited Nov 02 '22 at 21:23

90

Add these lines to ~/.ssh/config before any wildcard entry:

Host ssh.dev.azure.com
  IdentityFile ~/.ssh/your_private_key
  IdentitiesOnly yes
  HostkeyAlgorithms +ssh-rsa
  PubkeyAcceptedKeyTypes=ssh-rsa

This link by @wcoder helped. Additionally, DevOps only allows deprecated ssh-rsa keys which new versions of OpenSSH now block

Finally, in even more absurdity, if you have a wildcard entry (Host *) you will need to exclude DevOps from using any keys in that entry because DevOps will blindly accept the first key that the client provides ‍♂️:

Host * !ssh.dev.azure.com
    ...

edited Nov 02 '22 at 21:23

froboy

115
1
5

answered Mar 30 '20 at 21:41

superjisan

1,604
14
15

1

Thank you! I have forgotten "ssh." in the front of the "Host" entry in my config file. Your solution works fine! – Jordan Sep 21 '20 at 13:23
What does your config file look like? Can you provide a link to what this file is supposed to be? – Judy007 Nov 09 '20 at 21:36
2

this worked for me too, I have an id_ed25519 for github and an entry in the config file that I think was hit as wildcard (*) which obviously did not work for azure. – noppe Dec 10 '20 at 09:54
Path on Windows: C:\Users\Your_User\.ssh – Saibamen Sep 29 '22 at 12:29
This answer worked for me. I got hit by this after upgrading to macOS Ventura, which I'm guessing included a new version of OpenSSH. I diagnosed it by running `git fetch` after adding the following to `~/.ssh/config`: `Host ssh.dev.azure.com` `LogLevel DEBUG3` That showed `debug2: we did not send a packet, disable method` which took me to a [SF answer](https://serverfault.com/questions/1051002/pubkey-ssh-fails-with-we-did-not-send-a-packet-disable-method-in-freebsd-jail) and then in turn this answer. – nftw Dec 01 '22 at 13:45

score 27 · Answer 2 · answered Nov 06 '20 at 20:02

27

Before this I had already tried the other answers, but nothing worked. At last, this article had the solution for me in Fedora.

Running ssh with the -v switch (ssh -v -T git@ssh.dev.azure.com) revealed this error:

debug1: send_pubkey_test: no mutual signature algorithm

Workaround is to add this line to the client configuration file (~/.ssh/config):

PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512

answered Nov 06 '20 at 20:02

Eddy Castillo

371
3
3

This solved the issue when SSHing to a RouterOS device. I guess they changed something in an update recently, since I didn't have this problem a few months ago. – pyansharp Dec 28 '20 at 20:00
Complementary to above solutions, worked for me – amartin1911 Jan 07 '22 at 12:09
The actual way of seeing why it doesn't work! Saw where my mistake was. – Oylex Aug 07 '23 at 20:27

eltbus · Answer 3 · 2020-04-19T14:40:53.053

20

I believe @Schalton's comment is right: SSH validation is failing, so it prompts for the pass.

Had the same problem. "Solved it" by generating the key as the default value ('id_rsa') instead of using other names (tried other names and none of them worked).

[####@#### .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guille/.ssh/id_rsa): id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.

EDIT: As noted by @LHM the value default (no input needed) for the file in which to save the key is showed in parenthesis.

edited Apr 19 '20 at 14:40

answered Feb 15 '19 at 22:45

eltbus

435
1
7
15

i have a file with same name id_rsa.pub in /home/ubuntu/.ssh/ <> but am still getting this message "git@ssh.dev.azure.com's password:" in the shell. Can any one explain this – Ahmer Saeed Jul 12 '19 at 16:17
This helped a lot man! Just solve my problem generating the new key – Mauro Vinicius Nov 24 '21 at 16:22

score 13 · Answer 4 · answered Dec 27 '19 at 07:58

13

I realize this question mentions powershell. However, with the title and tags people on other OS's may end up here, and there is a common problem with Azure Devops access from mac and linux.

To fix this for mac and linux, add IdentitiesOnly yes to ~/.ssh/config

This is a common problem for Azure Devops. Unfortunately I'm not certain why this fixes it.

answered Dec 27 '19 at 07:58

Jack Davidson

4,613
2
27
31

3

Yes, you are right! [DevOps Q&A](https://learn.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops&tabs=current-page#q-i-have-multiple-ssh-keys--how-do-i-use-different-ssh-keys-for-different-ssh-servers-or-repos) – Yauheni Pakala Mar 15 '20 at 20:27

LHM · Answer 5 · 2021-05-31T21:08:57.847

TL;DR: It turns out the path and filename shown in parenthesis (e.g./home/guille/.ssh/id_rsa) is a default value that can be accepted simply by leaving it blank and hitting Enter.

Extended Answer: I, too, had the same problem. I made the same mistake as @eltbus (attempting to name the file something myself), so his answer of sticking to the default of "id_rsa" was helpful to me. I also realized that when I generated the rsa key pair, I saved id_rsa.pub to the wrong folder. (Only entering id_rsa without a leading file path, can save it to a different folder.)

You can avoid both of my above mistakes if you simply hit Enter to accept the default file name and location, instead of typing in a path and/or file name.

Example:

[####@#### .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guille/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.

leaving the file name blank did the trick for me. it will still not work even if you enter the same file name id_rsa as it will save it in the parent folder. — Saj, Feb 19 '20 at 02:08

score 4 · Answer 6 · edited Mar 27 '22 at 17:09

4

I was using the GitHub recommended Ed25519 algorithm key which Azure DevOps doesn't support so I generated a standard key. The problem was I forgot to add the key:

ssh-add -k ~/.ssh/id_rsa

edited Mar 27 '22 at 17:09

tijko

7,599
11
44
64

answered Sep 11 '21 at 18:23

GentryRiggen

788
10
10

How to use this command in Windows? In Git Bash i have error `Could not open a connection to your authentication agent.` – Saibamen Sep 29 '22 at 12:32

score 3 · Answer 7 · answered Sep 28 '19 at 03:14

3

I have the same problem.

My solution was:

The path while I try to use sudo git clone... doesn't have permission to access my public and private key location: \home\localuser\.ssh\....

To solve this, I change ownership of the destination path to the same user:group ware my keys are stored and avoid to use sudo git clone...., now im using git clone without sudo and everything works.

I hope you understand...

answered Sep 28 '19 at 03:14

Rafael Gomez

59
4

2

Is this really the same problem? Reading the question, I think it is different to the one you were trying to solve. Your problem is about cloning using `sudo` (which is a bad idea). The actual question appears to be about setting up an SSH key correctly. – Stephen C Sep 28 '19 at 03:50

score 2 · Answer 8 · answered Jun 10 '20 at 15:43

I saw my repo ssh URL which was different from my DevOps URL in my case what worked was adding the config file in my ~/.ssh folder with the following information:

Host vs-ssh.visualstudio.com <-- hostname found in my repo SSH URL
    IdentityFile ~/.ssh/id_rsa_vsonline <-- your key name
    IdentitiesOnly yes

then tested it with

ssh -v vs-ssh.visualstudio.com

in the trace, I got something like

Authenticated to vs-ssh.visualstudio.com ([IP]:22).

score 1 · Answer 9 · answered Apr 10 '19 at 14:26

1

When you paste in the key on the settings page of Azure DevOps don't change anything including the space appended at the end of the public key.

answered Apr 10 '19 at 14:26

Nyasha Shawn Majoto

33
9

Darwin Almeida · Answer 10 · 2022-09-07T15:18:32.023

For Azure DevOps, you'll need to configure SSH to explicitly use a specific key file. One way to do this is creating or editing a config file. This config file must be together. For example on your ~/.ssh/config file (/home/User/.ssh or C:\Users\User.ssh) as follows:

Host ssh.dev.azure.com
  IdentityFile ~/.ssh/your_private_key
  IdentitiesOnly yes

Host vs-ssh.visualstudio.com
  IdentityFile ~/.ssh/your_private_key
  IdentitiesOnly yes

score 1 · Answer 11 · edited May 27 '23 at 02:04

1

Check your SSH keys and certify it's also set in Azure
If the first step it's right you should also re-check this on terminal: ssh-add -k ~/.ssh/id_rsa

For me the problem was that I haven't added identity and It's the same problem there, you shouldn't make any changes on SSH config files.

This tutorial can help you create and add the key on Azure.

edited May 27 '23 at 02:04

starball

20,030
7
43
238

answered May 26 '23 at 21:39

Giovannini Barbosa

51
5

score 0 · Answer 12 · answered Sep 06 '19 at 18:43

I followed the official permissions denied troubleshooting guide and it turned out, I had to re-generate the key after all. But I think it is best to follow the guide as it provides information on quite a few different scenarios that most of which are not mentioned here.

Rikard Askelöf · Answer 13 · 2021-06-17T08:24:27.553

0

I tried every answer but with no success. It turned out it was as simple as putting the id_rsa and id_rsa.pub files in the .ssh folder under my user folder.

So by moving the files (id_rsa and id_rsa.pub) between the following locations it solved the problem and authentication succeded.

From:

C:\Users\My User\

To:

C:\Users\My User\.ssh\

edited Jun 17 '21 at 08:24

answered Jun 17 '21 at 07:44

Rikard Askelöf

2,762
4
20
24

score 0 · Answer 14 · answered Jan 04 '22 at 13:30

Like Eltbus Answer, I "Solved it" by generating the key as the default value ('id_rsa') instead of using other names (tried other names and none of them worked).

Then i just followed this steps

https://learn.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops#questions-and-troubleshooting

score 0 · Answer 15 · answered Apr 18 '22 at 20:53

0

All who are having this issue I would verify that you dont have spaces in your project name. Spaces caused git-upload-pack to break for me using git 2.33 and 2.35.

answered Apr 18 '22 at 20:53

Monty Harris

59
1
5

score 0 · Answer 16 · answered Apr 27 '22 at 14:41

In my case, I had access to two different repositories of different companies.

I had to make a new SSH Key for one project, which impacted my access to the other. The solution was:

type cd ~/.ssh -> go to the .ssh folder
type ls -> list what is inside; since I made a new key for the other project I obviously had these directories: id_rsa id_rsa.pub
type pbcopy < id_rsa.pub -> copy the key to the clipboard
Configure they key according to this documentation - Step 2: https://learn.microsoft.com/de-de/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops#configuration

For those who do not have the folders in ~/.ssh, you have to first create the SSH Key - Step 1.

score 0 · Answer 17 · answered Jul 28 '22 at 14:58

Unfortunately no solutions here helped me. Like everyone I would get a password dialog even after uploading my public ssh key to azure devops. I tried the config file, regenerating my ssh multiple times. Dumping my .gitconfig files at all levels, & More. Spent probably 1/2 day trying to figure it out. I didn't know how to properly log git clone. Finally I found two git environmental variables that that helped me figure out what was wrong:

GIT_TRACE=1 
GIT_SSH_COMMAND="ssh -vvv"

So this will probably be rare but my org setups the following environmental variables on our workstations (Windows 10):

HOME
HOMEDRIVE
HOMEPATH

So the issue was git was looking for ssh public key in the path set in the variables above instead of c:\users\<username> but when you I use ssh alone it would look in the proper folder but git would not. Talk about confusing. While this going to be pretty rate those git environmental variables were so useful I thought I would post this. Hopefully it helps someone in the figure.

score 0 · Answer 18 · answered Aug 21 '22 at 19:51

It worked , here are the steps i followed.

a) Opened GitBash terminal and used below command

ssh-keygen -c "shaon@devops.com"

** I used the keyname as "id_rsa" , also provided a passphrase.

b) Navigated to C:\Users{my-Username} and found the 2 Keys (id_rsa and id_rsa.pub). Copied these keys into the .ssh folder under C:\Users{my-Username}. I copied the id_rsa.pub contents (public key) into the SSH settings in my DevOps.

c) Ran the following command back in my VSC terminal

git push -u origin --all

It prompted me for the passphrase , i entered the passphrase i used to set up the ssh-keygen and it worked !!! Hurray !!!

score 0 · Answer 19 · answered Jul 22 '23 at 20:56

TLDR: try the following command at terminal:

ssh-keyscan -t rsa ssh.dev.azure.com >> ~/.ssh/known_hosts

I faced this issue on wsl ubuntu 22.04. I created a file ~/.ssh/config added IdentitiesOnly and IdentityFile, chown, chmod and zero success.

SO I tried to debug the ssh connection and I figured out that for some reason that I don't know my id_rsa wasn't getting bind to ssh.dev.azure.com.

Then I used the ssh-keyscan to verify my key and update the ~/.ssh/known_hosts with following combined command:

ssh-keyscan -t rsa ssh.dev.azure.com >> ~/.ssh/known_hosts

Git SSH public key authentication failed with git on Azure DevOps

19 Answers19

Linked

Related