Managing your SSH-keys

Giving your users access to systems can be a very challenging task. Especially, when the team is growing and changing over time it can be quite a challenge to keep an eye on every login. It is also considerably insecure to use passwords since they can be leaked easily even without intention.

A convenient and secure approach to these challenges is to completely shift all authorization processes to SSH (if possible). Some processes may need SSH2 (like Talend), and some need special algorithms to work (Talend only works with RSA). You can use PuTTygen or Talend itself to create the keys. The hoster (Azure DevOps) requires the public-key in OpenSSH-format.

In this post we will manage our SSH-key for Talend to connect it with Azure DevOps.

Generate Key via OpenSSH

The keys are managed via the “config” file inside your ~/.ssh/ directory. If you have OpenSSH installed on your system you can use this script:

# SSHPATH: dir where key will be stored.
# If dir doesn't exist, it will be created

# NAME: Name of your key.
# It is adviced to name it after used algorithm and/or usage.

# TYPE: Name of used algorithm.
# rsa is default and commonly used, while ed25519 is recommended, 
# but may not work with everything

# SIZE: Size of used key.
# The bigger the better, but slower in generating.
ssh-keygen -f "$SSHPATH$NAME" -t $TYPE -b $SIZE -C "$NAME"

Generate Key via PuTTYgen

Alternatively, you can use PuTTYgen in case you prefer a GUI. It is recommended if your OpenSSH doesn’t have SSH2 yet.

Make sure you select a SSH-2 RSA key:

Now click on generate. To create randomness for the SSH-key you will have to move your mouse around. After the process is finished you should see this:

For easier management of the keys it is adviced to add a key-comment within your E-Mail.

Save your private key in your home directory in the .ssh folder. To do so just click on Conversion > Export SSH-Key. Name it id_rsa.

Example: C:\Users\U99999\.ssh\id_rsa

Now copy the contents of the new box or save the public key into a file (via Ctrl + C):

Putting your key on Azure

To get your new secure key on Azure you will have to login to your DevOps account.
On the top right corner please click on your profile and go to security.

Go to your “SSH public keys” and then click on Add.

Paste the public key that you generated before in the provided field and name it Talend.

Conduct your keys

Add this lines to your config-file (~/.ssh/config) :

# Talend
    Port 22
    IdentityFile ~/.ssh/id_rsa

NOTE: In case your firewall blocks this port, you can also tryout other ports (e.g. 443) with this method.

You can also provide SSH-keys for each project seperately. Simply put the repository-link into the “Host” and keep the Hostname. This ensures full control for both client and server for each login, and simplifies management for admins.

To test your key you can try this command in your SSH-supported console/bash:

ssh -vT

And voila, you are done!