Files

Bjarke Sporring ee67433fdd refactor: minor cleanup and expanding explanations for multiplayer

2026-01-16 11:12:53 +01:00

6.6 KiB

Raw Blame History

Azure DevOps SSH Setup - Best Practices Guide

This guide provides comprehensive instructions for setting up SSH authentication with Azure DevOps. SSH is the recommended authentication method for secure Git operations.

Why SSH is Best Practice

SSH (Secure Shell) keys provide a secure way to authenticate with Azure DevOps without exposing passwords or tokens. Here's why SSH is the security best practice:

Security Benefits:

No Password Exposure: Your credentials never travel over the network
Strong Encryption: Uses RSA cryptographic algorithms
No Credential Prompts: Seamless authentication after initial setup
Revocable: Individual keys can be removed without changing passwords
Auditable: Track which key was used for each operation

Prerequisites

Before starting, ensure you have:

Git 2.23 or higher installed
```
git --version
```
Azure DevOps account with access to your organization/project
- If you don't ask your organisation for an invitation
PowerShell 7+ or Bash terminal for running commands
```
pwsh --version
```

Step 1: Generate SSH Key Pair

SSH authentication uses a key pair: a private key (stays on your computer) and a public key (uploaded to Azure DevOps).

Generate RSA Key

Open your terminal and run:

ssh-keygen -t rsa

Note about RSA: Azure DevOps currently only supports RSA SSH keys. While newer algorithms like Ed25519 offer better security and performance, they are not yet supported by Azure DevOps.

Save Location

When prompted for the file location, press Enter to accept the default:

Enter file in which to save the key (C:\Users\YourName\.ssh\id_rsa):

Default locations:

Windows: C:\Users\YourName\.ssh\id_rsa and C:\Users\YourName\.ssh\id_rsa.pub

Passphrase (Optional but Recommended)

You'll be prompted to enter a passphrase, just press Enter no password is needed (recommended but not needed):

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Verify Key Generation

Check that your keys were created:

Windows PowerShell:

dir $HOME\.ssh\

You should see two files:

id_rsa - Private key (NEVER share this)
id_rsa.pub - Public key (safe to share for upload to Azure DevOps)

Step 2: Add SSH Public Key to Azure DevOps

Now you'll upload your public key to Azure DevOps.

Navigate to SSH Public Keys Settings

Sign in to Azure DevOps at https://dev.azure.com
Click your profile icon in the top-right corner
Select User settings from the dropdown menu
Click SSH Public Keys

Navigate to your user settings by clicking the profile icon in the top-right corner

Add New SSH Key

Click the + New Key button

Click '+ New Key' to begin adding your SSH public key

Copy Your Public Key

Open your terminal and display your public key:

Linux/Mac:

cat ~/.ssh/id_rsa.pub

Windows PowerShell:

type $HOME\.ssh\id_rsa.pub

Windows Command Prompt:

type %USERPROFILE%\.ssh\id_rsa.pub

The output will look like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2YbXnrSK5TTflZSwUv9KUedvI4p3JJ4dHgwp/SeJGqMNWnOMDbzQQzYT7E39w9Q8ItrdWsK4vRLGY2B1rQ+BpS6nn4KhTanMXLTaUFDlg6I1Yn5S3cTTe8dMAoa14j3CZfoSoRRgK8E+ktNb0o0nBMuZJlLkgEtPIz28fwU1vcHoSK7jFp5KL0pjf37RYZeHkbpI7hdCG2qHtdrC35gzdirYPJOekErF5VFRrLZaIRSSsX0V4XzwY2k1hxM037o/h6qcTLWfi5ugbyrdscL8BmhdGNH4Giwqd1k3MwSyiswRuAuclYv27oKnFVBRT+n649px4g3Vqa8dh014wM2HDjMGENIkHx0hcV9BWdfBfTSCJengmosGW+wQfmaNUo4WpAbwZD73ALNsoLg5Yl1tB6ZZ5mHwLRY3LG2BbQZMZRCELUyvbh8ZsRksNN/2zcS44RIQdObV8/4hcLse30+NQ7GRaMnJeAMRz4Rpzbb02y3w0wNQFp/evj1nN4WTz6l8= your@email.com

Copy the entire output (from ssh-rsa to your email address).

Paste and Name Your Key

In the Azure DevOps dialog:
- Name: Give your key a descriptive name (e.g., "Workshop Laptop 2026", "Home Desktop", "Work MacBook")
- Public Key Data: Paste the entire public key you just copied
Click Save

Naming tip: Use names that help you identify which machine uses each key. This makes it easier to revoke keys later if needed.

Step 3: Using SSH with Git

Now that SSH is configured, you can use it for all Git operations.

Clone a Repository with SSH

To clone a repository using SSH:

git clone git@ssh.dev.azure.com:v3/{organization}/{project}/{repository}

Example (replace placeholders with your actual values):

git clone git@ssh.dev.azure.com:v3/myorg/git-workshop/great-print-project

How to find your SSH URL:

Navigate to your repository in Azure DevOps
Click Clone in the top-right
Select SSH from the dropdown
Copy the SSH URL

Select SSH from the clone dialog to get your repository's SSH URL

Daily Git Operations

All standard Git commands now work seamlessly with SSH:

# Pull latest changes
git pull

# Push your commits
git push

# Fetch from remote
git fetch

# Push a new branch
git push -u origin feature-branch

No more credential prompts! SSH authentication happens automatically.

Additional Resources

Azure DevOps SSH Documentation: https://docs.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate
SSH Key Best Practices: https://security.stackexchange.com/questions/tagged/ssh-keys
Git with SSH: https://git-scm.com/book/en/v2/Git-on-the-Server-Generating-Your-SSH-Public-Key

Quick Reference

Common Commands

# Generate RSA key
ssh-keygen -t

# Display public key (Linux/Mac)
cat ~/.ssh/id_rsa.pub

# Display public key (Windows)
type $HOME\.ssh\id_rsa.pub

# Clone with SSH
git clone git@ssh.dev.azure.com:v3/{org}/{project}/{repo}

# Check remote URL
git remote -v

SSH URL Format

git@ssh.dev.azure.com:v3/{organization}/{project}/{repository}

Example:

git@ssh.dev.azure.com:v3/novenco/software/git-workshop

You're all set! SSH authentication with RSA keys is now configured for secure, passwordless Git operations with Azure DevOps.

6.6 KiB Raw Blame History