donderdag 15 oktober 2020

Generating SSH accessing Azure DevOps with DBeaver


For access from Dbeaver to Git I used a PAT key before, but I heard that SSH is a better secured way to access Azure DevOps/Git, therefore I investigated the usage and implementation SSH access to Azure Devops. This blogpost is a walkthrough the process.

Generating the SSH key

First, generate a key with the tool 'ssh-keygen' by opening a CMD window. Enter the following command in the box.

D:\>ssh-keygen -C ""
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\hdeno/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\hdeno/.ssh/id_rsa.
Your public key has been saved in C:\Users\hdeno/.ssh/
The key fingerprint is:
The key's randomart image is:
+---[RSA 2048]----+
| ...     .o++o.  |
|.  ...    o=*.   |
| . ooo.  . o..   |
|. o.++E   o      |
| o oo.. S+ . .   |
|  + ..... + o o  |
| +   ...+. . + . |
|o . .  = o. = .  |
| o.. .o o. . o   |

This command produces the two keys needed for SSH authentication, your private key (id_rsa) and the public key ( Never share the private key! Here is the content of the file that default is stored in the folder : C:\Users\{user}\.ssh (I changed some characters):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGhi6uphRGsgfWvlnckcpqEMGevUuS1iDoUx645965m

Add the SSH key to Azure Devops

The next step is to add the key to Azure Devops. Goto settings and click on the SSH Public keys. 

Then, Press on + New key to enter a new key to Azure DevOps.

Initially I thought that I could copy the fingerprint string that was generated from the ssh-gen tool. I copied that into the Public Key Data box, but that resulted in an error.

Here is the error :

An error occurred while adding the xxx key: Invalid key: Key must be Base64 encoded with OpenSSH format and RSA type. Valid keys will start with "ssh-rsa".

After some reading of the Microsoft documentation I understand that I have to use the key that is stored in the Copy that in the Public Key Data box.

It is also possible to test whether the SH working by issueing the command ssh -T

Warning: Permanently added the RSA host key for IP address 'xx.74.xx.1' to the list of known hosts.
Enter passphrase for key 'C:\Users\hdeno/.ssh/id_rsa':
remote: Shell access is not supported.
shell request failed on channel 0

Microsoft Documentation states the following : "Test the connection by running the following command: ssh -T If everything is working correctly, you'll receive a response which says: remote: Shell access is not supported." Be careful : NOT supported. If this is the paraphrase then it is ok.

Using the SSH key in DBeaver

The next step is trying to use the SSH key in DBeaver and here I made a mistake by trying to use the https uri.

After trying some couple of times, reading the documentation, some helpful information from collegaes, I found I had to set the git remote url with the command Git command set-url and I used the sam url as I used with https. 

git remote set-url origin

But, that resulted in an error.

Warning: Permanently added the RSA host key for IP address 'xx.xx.xx.103' to the list of known hosts.
remote: Expected _full or _optimized, not '_git'.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I changed the uri a bit (I removed _git from the uri). Better is to copy the SSH string from Azure DevOps.

git remote set-url origin

Then when I try to check in with the tool DBeaver the following window appeared and here I had to enter the paraphrase that I entered before, during the creation of the SSH key. 

And here it is. I'v DevOPs/Git integration with DBeaver, based on SSH key.

Final thoughts

A small howto blog on creating a SSH key for accessing Azure DevOps from a tool like DBeaver.

Geen opmerkingen:

Een reactie posten