Jan 26, 2017 Before, I could pick one of my ssh keys (I have dozens, but mainly use one for work and another for personal Git repos) during setup. Now, I get a message 'no key found', despite the fact I have /.ssh/idrsa defined, it's in my agent and Apple keychain, and I can use this fine everywhere else. This page describes how to create SSH keys. SSH keys can be used to establish a secure connection with Bitbucket Server for: when you are performing Git operations from your local machine; when another system or process needs access to repositories in Bitbucket Server (for example your build server).
Choose a method to securely access the code in Azure Repos, Azure DevOps Server 2019, or Team Foundation Server (TFS) Git repositories.Use these credentials with Git at a command prompt. These credentials also work with any Git client that supports HTTPS or SSH authentication.Limit the scope of access and revoke these credentials when they're no longer needed.
Important
Azure DevOps no longer supports Alternate Credentials authentication since the beginning of March 2, 2020. If you're still using Alternate Credentials, then they won't work anymore. You have to switch to a more secure authentication method, to mitigate this breaking change impacting your DevOps workflows. Learn more.
Azure DevOps Server was formerly named Visual Studio Team Foundation Server.
Using Visual Studio? Team Explorer handles authentication with Azure Repos for you.
Authentication Type | When to use | Secure? | Ease of setup | Additional tools |
---|---|---|---|---|
Personal access tokens | You need an easy to configure credential or need configurable access controls | Very secure (when using HTTPS) | Easy | Optional (Git credential managers) |
SSH | You already have SSH keys set up, or are on macOS or Linux | Very secure | Intermediate | Windows users will need the SSH tools included with Git for Windows |
Alternate credentials | You can't use personal access tokens or SSH | Least secure | Easy | See important information about alternate credentials |
Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly.These tokens have an expiration date from when they're created. You can restrict the scope of the data they can access.Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential.
Git credential managers is an optional tool that makes it easy to create PATs when you're working with Azure Repos.Sign in to the web portal, generate a token, and then use the token as your password when you're connecting to Azure Repos.
PATs are generated on demand when you have the credential manager installed.The credential manager creates the token in Azure DevOps and saves it locally for use with the Git command line or other client.
Note
Current versions of Git for Windows include the Git credential manager as an optional feature during installation.
Key authentication with SSH works through a public and private key pair that you create on your computer.You associate the public key with your username from the web. Azure DevOps will encrypt the data sent to you with that key when you work with Git.You decrypt the data on your computer with the private key, which is never shared or sent over the network.
SSH is a great option if you've already got it set up on your system—just add a public key to Azure DevOps and clone your repos using SSH.If you don't have SSH set up on your computer, you should use PATs and HTTPS instead - it's secure and easier to set up.
Learn more about setting up SSH with Azure DevOps
Create an alternate user name and password to access your Git repository using alternate credentials.Unlike PATs, this login doesn't expire and can't be scoped to limit access to your Azure DevOps Services data.Use alternate credentials as a last resort when you can't use PATs or SSH keys.
You generate an SSH key through macOS by using the Terminal application. Once you upload a valid public SSH key, the Triton Compute Service uses SmartLogin to copy the public key to any new SmartMachine you provision.
Joyent recommends RSA keys because the node-manta CLI programs work with RSA keys both locally and with the ssh agent. DSA keys will work only if the private key is on the same system as the CLI, and not password-protected.
Terminal is the terminal emulator which provides a text-based command line interface to the Unix shell of macOS.
To open the macOS Terminal, follow these steps:
The Terminal window opens with the commandline prompt displaying the name of your machine and your username.
An SSH key consists of a pair of files. One is the private key, which should never be shared with anyone. The other is the public key. The other file is a public key which allows you to log into the containers and VMs you provision. When you generate the keys, you will use ssh-keygen
to store the keys in a safe location so you can bypass the login prompt when connecting to your instances.
To generate SSH keys in macOS, follow these steps:
Enter the following command in the Terminal window.
This starts the key generation process. When you execute this command, the ssh-keygen
utility prompts you to indicate where to store the key.
Press the ENTER key to accept the default location. The ssh-keygen
utility prompts you for a passphrase.
You will need to enter the passphrase a second time to continue.
After you confirm the passphrase, the system generates the key pair.
Your private key is saved to the id_rsa
file in the .ssh
directory and is used to verify the public key you use belongs to the same Triton Compute Service account.
Never share your private key with anyone! |
---|
Your public key is saved to the id_rsa.pub
;file and is the key you upload to your Triton Compute Service account. You can save this key to the clipboard by running this:
Now you must import the copied SSH key to the portal.
You may see a password prompt like this:
This is because:
id_rsa
) does not match the public key stored with your Triton Compute Service account.Right in the portal, you can easily create Docker containers, infrastructure containers, and hardware virtual machines.
In order to use the Terminal to create instances, set up triton
and CloudAPI as well as the triton-docker
commandline tool.