Giving your users access to systems can be a very challenging task. Especially, when the team is growing and changing over time it can be quite a challenge to keep an eye on every login. It is also considerably insecure to use passwords since they can be leaked easily even without intention.
A convenient and secure approach to these challenges is to completely shift all authorization processes to SSH (if possible). Some processes may need SSH2 (like Talend), and some need special algorithms to work (Talend only works with RSA). You can use PuTTygen or Talend itself to create the keys. The hoster (Azure DevOps) requires the public-key in OpenSSH-format.
In this post we will manage our SSH-key for Talend to connect it with Azure DevOps.
Generate Key via OpenSSH
The keys are managed via the “config” file inside your ~/.ssh/ directory. If you have OpenSSH installed on your system you can use this script:
# SSHPATH: dir where key will be stored. # If dir doesn't exist, it will be created SSHPATH="~/.ssh/" # NAME: Name of your key. # It is adviced to name it after used algorithm and/or usage. NAME="id_rsa" # TYPE: Name of used algorithm. # rsa is default and commonly used, while ed25519 is recommended, # but may not work with everything TYPE="rsa" # SIZE: Size of used key. # The bigger the better, but slower in generating. SIZE=4096 ssh-keygen -f "$SSHPATH$NAME" -t $TYPE -b $SIZE -C "$NAME"
Generate Key via PuTTYgen
Alternatively, you can use PuTTYgen in case you prefer a GUI. It is recommended if your OpenSSH doesn’t have SSH2 yet.
Make sure you select a SSH-2 RSA key:
Now click on generate. To create randomness for the SSH-key you will have to move your mouse around. After the process is finished you should see this:
For easier management of the keys it is adviced to add a key-comment within your E-Mail.
Save your private key in your home directory in the .ssh folder. To do so just click on Conversion > Export SSH-Key. Name it id_rsa.
Now copy the contents of the new box or save the public key into a file (via Ctrl + C):
Putting your key on Azure
To get your new secure key on Azure you will have to login to your DevOps account. https://dev.azure.com
On the top right corner please click on your profile and go to security.
Go to your “SSH public keys” and then click on Add.
Paste the public key that you generated before in the provided field and name it Talend.
Conduct your keys
Add this lines to your config-file (~/.ssh/config) :
# Talend Host vs-ssh.visualstudio.com Hostname vs-ssh.visualstudio.com Port 22 User *YOURUSERNAME* IdentityFile ~/.ssh/id_rsa
NOTE: In case your firewall blocks this port, you can also tryout other ports (e.g. 443) with this method.
You can also provide SSH-keys for each project seperately. Simply put the repository-link into the “Host” and keep the Hostname. This ensures full control for both client and server for each login, and simplifies management for admins.
To test your key you can try this command in your SSH-supported console/bash:
ssh -vT vs-ssh.visualstudio.com
And voila, you are done!