Cannot use SSH with public-key to connect to Azure from an on-premise agent

Copper Contributor

Given that:

  • I have an Azure user account
  • I’ve configured an SSH key on a given machine
  • I’ve registered the public key from that machine with my user account

Observed behavior

I CANNOT connect via SSH using a public key to Azure DevOps from that machine. It offers only the “password” from one machine.

 

Expected behavior

I CAN connect via SSH using a public key to Azure DevOps from that machine.

 

Steps to Reproduce

  • Assume a user exists on Azure
  • Log on to a Windows machine
  • Open PowerShell
  • Run ssh-keygen
    • Use the standard filenames
    • Enter a keyphrase
  • Register the public key with the Azure user
  • Back in PowerShell, run “ssh -v email address removed for privacy reasons
  • It should show a long debug log, with “shell request failed on channel 0” at the end (because ssh.dev.azure.com lets you connect, but doesn’t support shell)
  • Instead, it shows “email address removed for privacy reasons's password:” and requests a password

Analysis

 

I have two machines: Windows 10 and Windows Server 2022.

 

On the Windows 10 machine, when I test the connection in debug mode, I see that both password and publickey authentication methods are offered.

 

debug1: Authentications that can continue: password,publickey
debug3: start over, passed a different list password,publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey

However, on the Windows Server 2022 machine, when I test the connection in debug mode, I see that only the password authentication method is offered.

debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

 

My hypothesis is that there is some setting or missing software on the build server that is preventing it from offering publickey as an authentication method.

 

I am hoping that someone will be able to tell me what influences the list of supported authentication methods?

 

 

1 Reply

I have an update. The Windows Server 2022 machine is perfectly capable of connecting to an on-premise Azure Server with SSH and publickey authentication. So, it's not that the machine is completely incorrectly configured. It just can't communicate via SSH/publickey with ADOS.

 

To recap:

  • Windows 10 => on-prem Azure/TFS :lol:
  • Windows 10 => ADOS :lol:
  • Windows Server 2022 => on-prem Azure/TFS :lol:
  • Windows Server 2022 => ADOS :sad: