In April 2016, Visual Studio Team Services introduced support for using SSH to connect to Git repositories. Over the summer of 2017, Microsoft made a number of improvements to reduce latency and improve performance for Git connections. These changes take advantage of Azure Traffic Manager to route the traffic over the Azure Global Network. According to the Microsoft announcement, the results were a success – an overall improvement in transfer speeds and latency. Of course, changes like this have a cost. In this case, Microsoft needed to change the URLs used for SSH connections. Consequently, Microsoft announced that on November 17, the old URLs will be deprecated and no longer work. That day is almost here – so consider this a friendly reminder!
What’s Changing
Just the URL you’re using. The old format looked like this:
ssh://{account}@{account}.visualstudio.com:22/DefaultCollection/{projectName}/_git/{repository}
Now, the URL’s will use this format instead:
ssh://{account}@vs-ssh.visualstudio.com:22/{projectName}/_ssh/{repository}
If you’re not sure of the correct URL, simply log into your VSTS account and open the project. Then press Clone in the upper right corner to see the URL.
Technically … What’s Changing?
Under the covers vs-ssh.visualstudio.com points to tfsprod.trafficmanager.net, an Azure Traffic Manager endpoint. This endpoint directs the traffic to a local edge node. These are regional endpoints that will offer you the best performance. In my case, connecting from Georgia connects me to tfsprodch1su1.cloudapp.net. This endpoint receives the SSH connection. After that, the data is routed through Azure to the appropriate data center.
Previously, you were connecting directly to the destination data center over the public internet. This location was selected when the account was created. As a result, the latency and performance could vary depending on your location and the location of the data center.
If you’re not familiar with Azure Traffic Manager, you can learn all about it here: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview.
What is SSH?
Essentially, SSH (Secure SHell) is a protocol that allows you to operate securely over an insecure network. In this case, it allows you to securely connect to your VSTS account and remotely execute tasks for transferring your files between the Git repository and your local machine.
How Do I Use SSH With VSTS?
Just review the instructions here: https://docs.microsoft.com/en-us/vsts/git/use-ssh-keys-to-authenticate. It will walk you through the process. Essentially, you will create the security credentials on your own machine. After that, you’ll add the credentials into VSTS. Finally, you will securely connect using the Git command line.
Bonus tip: if you have multiple SSH credentials saved (because, for example, you’re also experimenting with Azure), you can use this command line in the Git Bash shell to specify the credential to use:
GIT_SSH_COMMAND='ssh -i ~/.ssh/id_vsts' git clone [email protected]:22/MyProject/_ssh/MyRepository
If you’re on Windows, the equivalent is:
SET GIT_SSH_COMMAND=ssh -i ~/.ssh/id_vsts\ git clone [email protected]:22/MyProject/_ssh/MyRepository\
When Do I Use SSH With Git?
That’s a bit trickier … there’s a lot of spirited debate in this area. Short answer – use what you’re comfortable with. The general recommendation for ease of use and two-factor authentication support is HTTPS. If you’re using macOs or Linux, you may prefer to stick with SSH. If you’re using Visual Studio, it will be using HTTPS.
So what are the differences between the two?
If you’re using SSH with Git, you’re authenticating using a public key/private key pair. Your password is never transmitted, avoiding the possibility that it could be accidentally exposed. Optionally, SSH allows you to protect the private key stored on your local machine with a passphrase. SSH operates over port 22, so it does require that port to be open on the firewall. SSH natively limits all access to the Git repository to authenticated accounts (preventing anonymous access).
HTTPS uses the certificate from the web server to verify the server endpoint. Since HTTPS is generally open on all firewalls, you’ll rarely encounter a problem using it. It also supports two-factor authentication. Microsoft has an open-source Git Credential Manager which will be necessary for connecting to Visual Studio Team Services. This tool uses OAuth 2.0 to authenticate and authorize access to your account. It creates a VSTS Personal Access Token with Git permissions. This token is securely stored until it either expires or is revoked. This approach limits the scope of the actions that can be performed. It also protects your account password. You can learn more about installing and using the credential manager here: https://docs.microsoft.com/en-us/vsts/git/set-up-credential-managers