After setting Azure DevOps ssh key and git config - it is still asking for a password

Question

Work started using Azure DevOps and im trying to clone a repo on my home computer. I created a ssh key, added it to the list of keys, and changed my git config to my work email. However, azure is still asking for a password...

     (base) Name-MacBook-Pro:Company Name$ git clone git@ssh.dev.azure.com:v3/Company/AI/Repo
     Cloning into 'Repo'...
     Enter passphrase for key '/Users/Name/.ssh/id_rsa': 
     git@ssh.dev.azure.com's password: 
     Permission denied, please try again.
     git@ssh.dev.azure.com's password: 
     git@ssh.dev.azure.com: Permission denied (password,publickey).

____________edit________________

Tried to generate again and I'm still having trouble

Create new ssh key

ssh-keygen -t rsa -b 4096 -C “work@email.com” - f ~/.ssh/work_id_rsa

Copy

cat ~/.ssh/work_id_rsa | pbcopy

Add to org and try to clone

ssh-agent bash -c 'ssh-add ~/.ssh/work_id_rsa; git clone https://company@dev.azure.com/Repo'

Cloning into 'Repo'...
Password for 'https://company@dev.azure.com': 
fatal: Authentication failed for 'https://comapny@dev.azure.com/Repo'

Answer 1

In case this is the issue which may caused by ourside(Microsoft). I tried again with SSH clone and its succeed:

This issue should caused by your SSH key format. Since I could not know clearly which method are you using to generate the key, but in your issue, it should because the public key authenticate fails, so then it asked for the password of your account.

Ensure your private key has the follow format:

-----BEGIN RSA PRIVATE KEY-----

*
*
*

-----END RSA PRIVATE KEY-----

If not, please re-generate with the following command:

ssh-keygen -t rsa 

Then configure public key into the org.

Answer 2

EDIT

I've been using more than one Azure DevOps account for some time now and I just wanted to point out 2 other ways you could use the right key:

1. using the -i flag

-i identity_file
Selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files).

ref.: https://linux.die.net/man/1/ssh

2. using a configuration file (~/.ssh/config) and changing the hostname (remote)
   instead of git clone git@ssh.dev.azure.com:v3/Company/AI/Repo you'd git clone git@whatever_name_you_configured:v3/Company/AI/Repo

Microsoft has a post about it that may help: https://learn.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops#q-i-have-multiple-ssh-keys--how-do-i-use-different-ssh-keys-for-different-ssh-servers-or-repos

---

Original answer:

The method to generate the key is actually fine (OpenSSH), and I have more than one SSH Key on my .ssh, so I assume that does not matter as well. Probably you can't have more than one key using the same algorithm. What I believe was the actual problem was the name of the key.

You used:
ssh-keygen -t rsa -b 4096 -C “work@email.com” - f ~/.ssh/work_id_rsa
which is great (big number of bytes :)

but that "work_id_rsa" will never be found when you test the connection, for example:
ssh -v git@ssh.dev.azure.com

Just to test I renamed and remove mine.

In short, here's the result:

pires@avell:~$ ssh -v git@ssh.dev.azure.com
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to ssh.dev.azure.com [51.144.61.32] port 22.
debug1: Connection established.
(removed for brevity)
debug1: Authenticating to ssh.dev.azure.com:22 as 'git'
(removed for brevity)
debug1: Host 'ssh.dev.azure.com' is known and matches the RSA host key.
debug1: Found key in /home/pires/.ssh/known_hosts:3
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks

(((((important detail here:)))))
debug1: Will attempt key: /home/pires/.ssh/id_rsa
debug1: Will attempt key: /home/pires/.ssh/id_dsa
debug1: Will attempt key: /home/pires/.ssh/id_ecdsa
debug1: Will attempt key: /home/pires/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/pires/.ssh/id_ed25519 ED25519 SHA256: *************
debug1: Will attempt key: /home/pires/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/pires/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pires/.ssh/id_rsa
debug1: Trying private key: /home/pires/.ssh/id_dsa
debug1: Trying private key: /home/pires/.ssh/id_ecdsa
debug1: Trying private key: /home/pires/.ssh/id_ecdsa_sk
debug1: Offering public key: /home/pires/.ssh/id_ed25519 ED25519 SHA256:************
(((((and here:)))))
debug1: Authentications that can continue: password,publickey
debug1: Trying private key: /home/pires/.ssh/id_ed25519_sk
debug1: Trying private key: /home/pires/.ssh/id_xmss
debug1: Next authentication method: password
git@ssh.dev.azure.com's password:

So, actually OpenSSH will never find it. I mean, I didn't put a work_id_rsa there, but it doesn't matter because it does not look for everything inside the folder, in your case, it expects a /home/pires/.ssh/id_rsa to be exactly there. Or better, whatever ~ points to + /.ssh/id_encryptionmethod

Also, since it couldn't find the private key to authenticate, it falls back to password.