cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cannot use SSH with public-key to connect to Azure from an on-premise agent

Marco_von_Ballmoos
Copper Contributor

‎Jun 30 2022 01:36 AM

‎Jun 30 2022 01:36 AM

Cannot use SSH with public-key to connect to Azure from an on-premise agent

Given that:

  • I have an Azure user account
  • I’ve configured an SSH key on a given machine
  • I’ve registered the public key from that machine with my user account

Observed behavior

I CANNOT connect via SSH using a public key to Azure DevOps from that machine. It offers only the “password” from one machine.

 

Expected behavior

I CAN connect via SSH using a public key to Azure DevOps from that machine.

 

Steps to Reproduce

  • Assume a user exists on Azure
  • Log on to a Windows machine
  • Open PowerShell
  • Run ssh-keygen
    • Use the standard filenames
    • Enter a keyphrase
  • Register the public key with the Azure user
  • Back in PowerShell, run “ssh -v email address removed for privacy reasons
  • It should show a long debug log, with “shell request failed on channel 0” at the end (because ssh.dev.azure.com lets you connect, but doesn’t support shell)
  • Instead, it shows “email address removed for privacy reasons's password:” and requests a password

Analysis

 

I have two machines: Windows 10 and Windows Server 2022.

 

On the Windows 10 machine, when I test the connection in debug mode, I see that both password and publickey authentication methods are offered.

 

debug1: Authentications that can continue: password,publickey
debug3: start over, passed a different list password,publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey

However, on the Windows Server 2022 machine, when I test the connection in debug mode, I see that only the password authentication method is offered.

debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

 

My hypothesis is that there is some setting or missing software on the build server that is preventing it from offering publickey as an authentication method.

 

I am hoping that someone will be able to tell me what influences the list of supported authentication methods?

 

 

2,175 Views
0 Likes
1 Reply
Reply
1 Reply
Marco_von_Ballmoos

‎Jul 04 2022 02:27 AM - edited ‎Jul 04 2022 02:29 AM

‎Jul 04 2022 02:27 AM - edited ‎Jul 04 2022 02:29 AM

Re: Cannot use SSH with public-key to connect to Azure from an on-premise agent

I have an update. The Windows Server 2022 machine is perfectly capable of connecting to an on-premise Azure Server with SSH and publickey authentication. So, it's not that the machine is completely incorrectly configured. It just can't communicate via SSH/publickey with ADOS.

 

To recap:

  • Windows 10 => on-prem Azure/TFS :lol:
  • Windows 10 => ADOS :lol:
  • Windows Server 2022 => on-prem Azure/TFS :lol:
  • Windows Server 2022 => ADOS :sad:
0 Likes
Reply