Git SSH public key authentication failed with git on Azure DevOps

Add these lines to ~/.ssh/config before any wildcard entry:

Host ssh.dev.azure.com
  IdentityFile ~/.ssh/your_private_key
  IdentitiesOnly yes
  HostkeyAlgorithms +ssh-rsa
  PubkeyAcceptedKeyTypes=ssh-rsa

This link by @wcoder helped. Additionally, DevOps only allows deprecated ssh-rsa keys which new versions of OpenSSH now block

Finally, in even more absurdity, if you have a wildcard entry (Host *) you will need to exclude DevOps from using any keys in that entry because DevOps will blindly accept the first key that the client provides 🤦🏻‍♂️:

Host * !ssh.dev.azure.com
    ...

Before this I had already tried the other answers, but nothing worked. At last, this article had the solution for me in Fedora.

Running ssh with the -v switch (ssh -v -T [email protected]) revealed this error:

debug1: send_pubkey_test: no mutual signature algorithm

Workaround is to add this line to the client configuration file (~/.ssh/config):

PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512

I believe @Schalton's comment is right: SSH validation is failing, so it prompts for the pass.

Had the same problem. "Solved it" by generating the key as the default value ('id_rsa') instead of using other names (tried other names and none of them worked).

[####@#### .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guille/.ssh/id_rsa): id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.

EDIT: As noted by @LHM the value default (no input needed) for the file in which to save the key is showed in parenthesis.

I realize this question mentions powershell. However, with the title and tags people on other OS's may end up here, and there is a common problem with Azure Devops access from mac and linux.

To fix this for mac and linux, add IdentitiesOnly yes to ~/.ssh/config

This is a common problem for Azure Devops. Unfortunately I'm not certain why this fixes it.

TL;DR: It turns out the path and filename shown in parenthesis (e.g./home/guille/.ssh/id_rsa) is a default value that can be accepted simply by leaving it blank and hitting Enter.

Extended Answer: I, too, had the same problem. I made the same mistake as @eltbus (attempting to name the file something myself), so his answer of sticking to the default of "id_rsa" was helpful to me. I also realized that when I generated the rsa key pair, I saved id_rsa.pub to the wrong folder. (Only entering id_rsa without a leading file path, can save it to a different folder.)

You can avoid both of my above mistakes if you simply hit Enter to accept the default file name and location, instead of typing in a path and/or file name.

Example:

[####@#### .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guille/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.

I was using the GitHub recommended Ed25519 algorithm key which Azure DevOps doesn't support so I generated a standard key. The problem was I forgot to add the key:

ssh-add -k ~/.ssh/id_rsa

I have the same problem.

My solution was:

The path while I try to use sudo git clone... doesn't have permission to access my public and private key location: \home\localuser\.ssh\....

To solve this, I change ownership of the destination path to the same user:group ware my keys are stored and avoid to use sudo git clone...., now im using git clone without sudo and everything works.

I hope you understand...

Unfortunately no solutions here helped me. Like everyone I would get a password dialog even after uploading my public ssh key to azure devops. I tried the config file, regenerating my ssh multiple times. Dumping my .gitconfig files at all levels, & More. Spent probably 1/2 day trying to figure it out. I didn't know how to properly log git clone. Finally I found two git environmental variables that that helped me figure out what was wrong:

GIT_TRACE=1 
GIT_SSH_COMMAND="ssh -vvv"

So this will probably be rare but my org setups the following environmental variables on our workstations (Windows 10):

• HOME
• HOMEDRIVE
• HOMEPATH

So the issue was git was looking for ssh public key in the path set in the variables above instead of c:\users\<username> but when you I use ssh alone it would look in the proper folder but git would not. Talk about confusing. While this going to be pretty rate those git environmental variables were so useful I thought I would post this. Hopefully it helps someone in the figure.

When you paste in the key on the settings page of Azure DevOps don't change anything including the space appended at the end of the public key.

I saw my repo ssh URL which was different from my DevOps URL in my case what worked was adding the config file in my ~/.ssh folder with the following information:

Host vs-ssh.visualstudio.com <-- hostname found in my repo SSH URL
    IdentityFile ~/.ssh/id_rsa_vsonline <-- your key name
    IdentitiesOnly yes

then tested it with

ssh -v vs-ssh.visualstudio.com

in the trace, I got something like

Authenticated to vs-ssh.visualstudio.com ([IP]:22).

For Azure DevOps, you'll need to configure SSH to explicitly use a specific key file. One way to do this is creating or editing a config file. This config file must be together. For example on your ~/.ssh/config file (/home/User/.ssh or C:\Users\User.ssh) as follows:

Host ssh.dev.azure.com
  IdentityFile ~/.ssh/your_private_key
  IdentitiesOnly yes

Host vs-ssh.visualstudio.com
  IdentityFile ~/.ssh/your_private_key
  IdentitiesOnly yes

1. Check your SSH keys and certify it's also set in Azure
2. If the first step it's right you should also re-check this on terminal: ssh-add -k ~/.ssh/id_rsa

For me the problem was that I haven't added identity and It's the same problem there, you shouldn't make any changes on SSH config files.

This tutorial can help you create and add the key on Azure.

TLDR: try the following command at terminal:

ssh-keyscan -t rsa ssh.dev.azure.com >> ~/.ssh/known_hosts

I faced this issue on wsl ubuntu 22.04. I created a file ~/.ssh/config added IdentitiesOnly and IdentityFile, chown, chmod and zero success.

SO I tried to debug the ssh connection and I figured out that for some reason that I don't know my id_rsa wasn't getting bind to ssh.dev.azure.com.

Then I used the ssh-keyscan to verify my key and update the ~/.ssh/known_hosts with following combined command:

ssh-keyscan -t rsa ssh.dev.azure.com >> ~/.ssh/known_hosts

I had a similar problem being prompted to enter a password for [email protected] that I was able to solve by turning on debugging in the ssh test.

ssh -vvv [email protected]

Which lead me to an error that lead me to this ADO Devops Article

The issue was that I had explicitly set the protocol to SSH-RSA in my ~/.ssh/config

Host ssh.dev.azure.com
 UseKeychain yes
 AddKeysToAgent yes
 IdentityFile ~/.ssh/private_key
 IdentitiesOnly yes
 HostkeyAlgorithms +ssh-rsa
 PubkeyAcceptedKeyTypes=ssh-rsa

Updating the HostkeyAlgorithms and PubkeyAcceptedKeyTypes to rsa-sha2-256 or rsa-sha2-512 fixed fixed it.

I followed the official permissions denied troubleshooting guide and it turned out, I had to re-generate the key after all. But I think it is best to follow the guide as it provides information on quite a few different scenarios that most of which are not mentioned here.

I tried every answer but with no success. It turned out it was as simple as putting the id_rsa and id_rsa.pub files in the .ssh folder under my user folder.

So by moving the files (id_rsa and id_rsa.pub) between the following locations it solved the problem and authentication succeded.

From:

C:\Users\My User\

To:

C:\Users\My User\.ssh\

Like Eltbus Answer, I "Solved it" by generating the key as the default value ('id_rsa') instead of using other names (tried other names and none of them worked).

Then i just followed this steps

https://learn.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops#questions-and-troubleshooting

All who are having this issue I would verify that you dont have spaces in your project name. Spaces caused git-upload-pack to break for me using git 2.33 and 2.35.

In my case, I had access to two different repositories of different companies.

I had to make a new SSH Key for one project, which impacted my access to the other. The solution was:

1. type cd ~/.ssh -> go to the .ssh folder

2. type ls -> list what is inside; since I made a new key for the other project I obviously had these directories: id_rsa id_rsa.pub

3. type pbcopy < id_rsa.pub -> copy the key to the clipboard

4. Configure they key according to this documentation - Step 2: https://learn.microsoft.com/de-de/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops#configuration

For those who do not have the folders in ~/.ssh, you have to first create the SSH Key - Step 1.

It worked , here are the steps i followed.

a) Opened GitBash terminal and used below command

ssh-keygen -c "[email protected]"

** I used the keyname as "id_rsa" , also provided a passphrase.

b) Navigated to C:\Users{my-Username} and found the 2 Keys (id_rsa and id_rsa.pub). Copied these keys into the .ssh folder under C:\Users{my-Username}. I copied the id_rsa.pub contents (public key) into the SSH settings in my DevOps.

c) Ran the following command back in my VSC terminal

git push -u origin --all

It prompted me for the passphrase , i entered the passphrase i used to set up the ssh-keygen and it worked !!! Hurray !!!

I have no luck with any of the answers here.

I think the key should be generated as Azure wants it with:

az sshkey create

I had a similar issue: I kept getting prompted for a password when connecting to [email protected] via SSH.

Previous Configuration

I was using the following SSH configuration, which caused the problem:

Host my-host-name vs-ssh.visualstudio.com
HostName ssh.dev.azure.com
  UseKeychain yes
  IdentityFile ~/.ssh/id_azure
  IdentitiesOnly yes
  HostkeyAlgorithms +ssh-rsa
  PubkeyAcceptedKeyTypes=ssh-rsa

Solution

I updated my SSH configuration to include support for modern key types like ed25519, which Azure DevOps prefer:

Host ssh.dev.azure.com
  HostName my-host-name
  User git
  UseKeychain yes
  IdentityFile ~/.ssh/id_azure
  IdentitiesOnly yes
  PubkeyAcceptedKeyTypes +ssh-ed25519,ssh-rsa
  HostkeyAlgorithms +ssh-ed25519,ssh-rsa

Key Changes:

1.  Updated PubkeyAcceptedKeyTypes to include ssh-ed25519.
2.  Updated HostkeyAlgorithms to prioritize ssh-ed25519.

Once I made these changes, SSH stopped asking for the password, and the connection worked as expected.

I stumbled across some issues while debugging this in 2025, this worked for me.

1. Azure Devops doesn't allow for ed25519, only RSA keys, so pick rsa 512 for better security.

2. move these two lines up to line 2 and 3 in config

HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

so that the complete config file looks like this:

    Host ssh.dev.azure.com
        HostkeyAlgorithms +ssh-rsa
        PubkeyAcceptedKeyTypes +ssh-rsa
        IdentityFile C:\\Users\\username\\.ssh\\id_rsa
        IdentitiesOnly yes

3. If all else fails use Git Credential Manager login with multifactor auth, which is the reccommended method. RSA isn't as good as other options in terms of security anyway.

Hopefully this helps.

If you are facing this on your Flutter project, this is due to old ssh is still being mapped to the flutter pub configurations.

Try this command

GIT_SSH_COMMAND="ssh -i ~/.ssh/id_rsa" flutter pub get

This will map your new ssh and project can be cloned.

As for today, here is completely working configuration how to get access to the DevOps's git using Windows and OSX:

Host ssh.dev.azure.com
  HostName ssh.dev.azure.com
  IdentityFile ~/.ssh/ado_name_date_company_git
  IdentitiesOnly yes
  PubkeyAcceptedAlgorithms rsa-sha2-512,rsa-sha2-256

Generate the key (Windows):

ssh-keygen -t rsa-sha2-512 -C "id_rsa" -f C:/Users/UserName/.ssh/ado_name_date_company_git

Note: I'm not using FIDO token or passphrase at this stage, so there are some necessary improvements, future tests and security related changes to be done. Note: id_rsa - could be strict (Azure DevOps, as per googled info)

The target OS where I'm trying to connect to the VSTS's git is OSX.

Using the next command, you can easily debug the connection attempts:

ssh -vvv [email protected]