Visual Studio Team Services Support

Computer screen showing a question mark. Community, documentation, and status update solutions.

VSTS status

We are here to help

Help me troubleshoot SSH key authentication in Team Foundation Server

Questions and Troubleshooting

How can I have Git remember the passphrase for my key on Windows?

Run the following command included in Git for Windows to start up the ssh-agent process in Powershell or the Windows Command Prompt. ssh-agent will cache your passphrase so you don't have to provide it every time you connect to your repo.
> start-ssh-agent.cmd
If you are using the Bash shell (including Git Bash), start ssh-agent with:
> eval `ssh-agent`

I use PuTTY as my SSH client and generated my keys with PuTTYgen. Can I use these keys with Team Services?

Yes. Load the private key with PuTTYgen, go to Conversions menu and select Export OpenSSH key. Save the private key file and then follow the steps to set up non-default keys. Copy you public key directly from the PuTTYgen window and paste into the Key Data field in your security settings.

How can I verify that the public key I uploaded is the same key as I have locally?

You can verify the fingerprint of the public key uploaded with the one displayed in your profile through the following ssh-keygen command run against your public key using the bash command line. You will need to change the path and the public key filename if you are not using the defaults.
> ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub
 2048 MD5:c8:d3:7b:f1:49:9d:c9:a9:38:e6:12:5e:ba:4f:c9:9a frank@fabrikam.com (RSA)
You can then compare the MD5 signature to the one in your profile. This is useful if you have connection problems or have concerns about incorrectly pasting in the public key into the Key Data field when adding the key to Team Services.

How can I test my SSH connection without running a Git command?

Run the following from the command prompt to test your connection:
> ssh -T account@account.visualstudio.com
You will replace account@account.visualstudio.com with the corresponding information from the clone URL from the repository, e.g. fabfiber@fabfiber.visualstudio.com if from the above example. You will see this output if successful:
Authentication for user with identifier "2ee0ba7b-fb11-44b3-b69e-33684597fbfb" was successful against account "fabfiber".
Shell is not supported.

How can I start using SSH in a repository where I am currently using HTTPS?

You'll need to update the origin remote in Git to change over from a HTTPS to SSH URL. Once you have the SSH clone URL, run the following command:
> git remote set-url origin ssh://fabfiber@fabfiber.visualstudio.com:22/DefaultCollection/_git/fabrikamtools
You can now run any Git command that connects to origin.

How can I use a non default key location, i.e. not ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub ?

To use keys created with ssh-keygen in a different place than the default, you do two things:
  1. The keys must be in a folder that only you can read or edit. If the folder has wider permissions, SSH will not use the keys.
  2. You must let SSH know the location of the keys. You make SSH aware of keys through the ssh-add command, providing the full path to the private key.
> ssh-add /home/frank/.ssh/id_frank.rsa
On Windows, before running ssh-add, you will need to run the following command from included in Git for Windows:
> start-ssh-agent.cmd
This command runs in both Powershell and the Command Prompt. If you are using Git Bash, the command you need to use is:
> eval `ssh-agent`
You can find ssh-add as part of the Git for Windows distribution and also run it in any shell environment on Windows.

On Mac OS X and Linux you also must have ssh-agent running before running ssh-add, but the command environment on these platforms usually takes care of starting ssh-agent for you.

🗨 Need a fast response? Chat with our support bot

Bot is currently in beta and can help answer configuration, build, and release questions. Help us improve the experience by answering the survey after your chat.

Contact us!