Network administrators can use this information to make sure that Mac computers and other Apple devices can connect to services such as the App Store and Apple's software-update servers.
Apart from SSH, the application supports many other protocols like SCP, Telnet, Raw Socket Connection, etc. Additionally, it can also connect to a serial port. While it supports many variations on the secure remote terminal, it also facilitates user control over SSH encryption key and protocol versions. I'm using Mac OS X 10.6.4, along with a couple of other people on the same network. I have a firewall set up on my computer While I am able to connect to most people remotely, using the command (in terminal) ssh username@IP address (I get the IP address by pinging the computer name) There are a couple of people where I come across the message of: 'Port 22: Connection refused' (or something.
Ports used by Apple products
This is a quick-reference guide showing common examples, not a comprehensive list of ports. This guide is updated periodically with information available at the time of publication.
Change Ssh Port Mac
Some software might use different ports and services, so it can be helpful to use port-watching software when deciding how to set up firewalls or similar access-control schemes.
Some services might use more than one of these ports. For example, a VPN service can use up to four different ports. When you find a product in this list, search (Command-F) in your browser for that name, then repeat your search (Command-G) to locate all occurrences of that product.
Some firewalls allow selective configuration of UDP or TCP ports with the same number, so it's important to know the type of port you're configuring. For example, NFS can use TCP 2049, UDP 2049, or both. If your firewall doesn't allow you to specify the type of port, configuring one type of port probably configures the other.
| Port | TCP or UDP | Service or protocol name1 | RFC2 | Service name3 | Used by |
|---|---|---|---|---|---|
| 7 | TCP/UDP | echo | 792 | echo | — |
| 20 | TCP | File Transport Protocol (FTP) | 959 | ftp-data | — |
| 21 | TCP | FTP control | 959 | ftp | — |
| 22 | TCP | Secure Shell (SSH), SSH File Transfer Protocol (SFTP), and Secure copy (scp) | 4253 | ssh | Xcode Server (hosted and remote Git+SSH; remote SVN+SSH) |
| 23 | TCP | Telnet | 854 | telnet | — |
| 25 | TCP | Simple Mail Transfer Protocol (SMTP) | 5321 | smtp | Mail (sending email); iCloud Mail (sending email) |
| 53 | TCP/UDP | Domain Name System (DNS) | 1034 | domain | — |
| 67 | UDP | Bootstrap Protocol Server (BootP, bootps) | 951 | bootps | NetBoot via DHCP |
| 68 | UDP | Bootstrap Protocol Client (bootpc) | 951 | bootpc | NetBoot via DHCP |
| 69 | UDP | Trivial File Transfer Protocol (TFTP) | 1350 | tftp | — |
| 79 | TCP | Finger | 1288 | finger | — |
| 80 | TCP | Hypertext Transfer Protocol (HTTP) | 2616 | http | World Wide Web, FaceTime, iMessage, iCloud, QuickTime Installer, Maps, iTunes U, Apple Music, iTunes Store, Podcasts, Internet Radio, Software Update (OS X Lion or earlier), Mac App Store, RAID Admin, Backup, Calendar, WebDAV, Final Cut Server, AirPlay, macOS Internet Recovery, Profile Manager, Xcode Server (Xcode app, hosted and remote Git HTTP, remote SVN HTTP) |
| 88 | TCP | Kerberos | 4120 | kerberos | Kerberos, including Screen Sharing authentication |
| 106 | TCP | Password Server (unregistered use) | — | 3com-tsmux | macOS Server Password Server |
| 110 | TCP | Post Office Protocol (POP3), Authenticated Post Office Protocol (APOP) | 1939 | pop3 | Mail (receiving email) |
| 111 | TCP/UDP | Remote Procedure Call (RPC) | 1057, 1831 | sunrpc | Portmap (sunrpc) |
| 113 | TCP | Identification Protocol | 1413 | ident | — |
| 119 | TCP | Network News Transfer Protocol (NNTP) | 3977 | nntp | Apps that read newsgroups. |
| 123 | UDP | Network Time Protocol (NTP) | 1305 | ntp | Date & Time preferences, network time server synchronization, Apple TV network time server sync |
| 137 | UDP | Windows Internet Naming Service (WINS) | — | netbios-ns | — |
| 138 | UDP | NETBIOS Datagram Service | — | netbios-dgm | Windows Datagram Service, Windows Network Neighborhood |
| 139 | TCP | Server Message Block (SMB) | — | netbios-ssn | Microsoft Windows file and print services, such as Windows Sharing in macOS |
| 143 | TCP | Internet Message Access Protocol (IMAP) | 3501 | imap | Mail (receiving email) |
| 161 | UDP | Simple Network Management Protocol (SNMP) | 1157 | snmp | — |
| 192 | UDP | OSU Network Monitoring System | — | osu-nms | AirPort Base Station PPP status or discovery (certain configurations), AirPort Admin Utility, AirPort Express Assistant |
| 311 | TCP | Secure server administration | — | asip-webadmin | Server app, Server Admin, Workgroup Manager, Server Monitor, Xsan Admin |
| 312 | TCP | Xsan administration | — | vslmp | Xsan Admin (OS X Mountain Lion v10.8 and later) |
| 389 | TCP | Lightweight Directory Access Protocol (LDAP) | 4511 | ldap | Apps that look up addresses, such as Mail and Address Book |
| 427 | TCP/UDP | Service Location Protocol (SLP) | 2608 | svrloc | Network Browser |
| 443 | TCP | Secure Sockets Layer (SSL or HTTPS) | 2818 | https | TLS websites, iTunes Store, Software Update (OS X Mountain Lion and later), Spotlight Suggestions, Mac App Store, Maps, FaceTime, Game Center, iCloud authentication and DAV Services (Contacts, Calendars, Bookmarks), iCloud backup and apps (Calendars, Contacts, Find My iPhone, Find My Friends, Mail, iMessage, Documents & Photo Stream), iCloud Key Value Store (KVS), iPhoto Journals, AirPlay, macOS Internet Recovery, Profile Manager, Dictation, Siri, Xcode Server (hosted and remote Git HTTPS, remote SVN HTTPS, Apple Developer registration), Push notifications (if necessary) |
| 445 | TCP | Microsoft SMB Domain Server | — | microsoft-ds | — |
| 464 | TCP/UDP | kpasswd | 3244 | kpasswd | — |
| 465 | TCP | Message Submission for Mail (Authenticated SMTP) | smtp (legacy) | Mail (sending mail) | |
| 500 | UDP | ISAKMP/IKE | 2408 | isakmp | macOS Server VPN service |
| 500 | UDP | Wi-Fi Calling | 5996 | IKEv2 | Wi-Fi Calling |
| 514 | TCP | shell | — | shell | — |
| 514 | UDP | Syslog | — | syslog | — |
| 515 | TCP | Line Printer (LPR), Line Printer Daemon (LPD) | — | printer | Printing to a network printer, Printer Sharing in macOS |
| 532 | TCP | netnews | — | netnews | — |
| 548 | TCP | Apple Filing Protocol (AFP) over TCP | — | afpovertcp | AppleShare, Personal File Sharing, Apple File Service |
| 554 | TCP/UDP | Real Time Streaming Protocol (RTSP) | 2326 | rtsp | AirPlay, QuickTime Streaming Server (QTSS), streaming media players |
| 587 | TCP | Message Submission for Mail (Authenticated SMTP) | 4409 | submission | Mail (sending mail), iCloud Mail (SMTP authentication) |
| 600–1023 | TCP/UDP | Mac OS X RPC-based services | — | ipcserver | NetInfo |
| 623 | UDP | Lights-Out-Monitoring | — | asf-rmcp | Lights Out Monitoring (LOM) feature of Intel-based Xserve computers, Server Monitor |
| 625 | TCP | Open Directory Proxy (ODProxy) (unregistered use) | — | dec_dlm | Open Directory, Server app, Workgroup Manager; Directory Services in OS X Lion or earlier This port is registered to DEC DLM |
| 626 | TCP | AppleShare Imap Admin (ASIA) | — | asia | IMAP administration (Mac OS X Server v10.2.8 or earlier) |
| 626 | UDP | serialnumberd (unregistered use) | — | asia | Server serial number registration (Xsan, Mac OS X Server v10.3 – v10.6) |
| 631 | TCP | Internet Printing Protocol (IPP) | 2910 | ipp | macOS Printer Sharing, printing to many common printers |
| 636 | TCP | Secure LDAP | — | ldaps | — |
| 660 | TCP | Server administration | — | mac-srvr-admin | Server administration tools for Mac OS X Server v10.4 or earlier, including AppleShare IP |
| 687 | TCP | Server administration | — | asipregistry | Server administration tools for Mac OS X Server v10.6 or earlier, including AppleShare IP |
| 749 | TCP/UDP | Kerberos 5 admin/changepw | — | kerberos-adm | — |
| 985 | TCP | NetInfo Static Port | — | — | — |
| 993 | TCP | Mail IMAP SSL | — | imaps | iCloud Mail (SSL IMAP) |
| 995 | TCP/UDP | Mail POP SSL | — | pop3s | — |
| 1085 | TCP/UDP | WebObjects | — | webobjects | — |
| 1099, 8043 | TCP | Remote RMI and IIOP Access to JBOSS | — | rmiregistry | — |
| 1220 | TCP | QT Server Admin | — | qt-serveradmin | Administration of QuickTime Streaming Server |
| 1640 | TCP | Certificate Enrollment Server | — | cert-responder | Profile Manager in macOS Server 5.2 and earlier |
| 1649 | TCP | IP Failover | — | kermit | — |
| 1701 | UDP | L2TP | — | l2f | macOS Server VPN service |
| 1723 | TCP | PPTP | — | pptp | macOS Server VPN service |
| 1900 | UDP | SSDP | — | ssdp | Bonjour |
| 2049 | TCP/UDP | Network File System (NFS) (version 3 and 4) | 3530 | nfsd | — |
| 2195 | TCP | Apple Push Notification Service (APNS) | — | — | Push notifications |
| 2196 | TCP | Apple Push Notification Service (APNS) | — | — | Feedback service |
| 2197 | TCP | Apple Push Notification Service (APNS) | — | — | Push notifications |
| 2336 | TCP | Mobile account sync | — | appleugcontrol | Home directory synchronization |
| 3004 | TCP | iSync | — | csoftragent | — |
| 3031 | TCP/UDP | Remote AppleEvents | — | eppc | Program Linking, Remote Apple Events |
| 3283 | TCP/UDP | Net Assistant | — | net-assistant | Apple Remote Desktop 2.0 or later (Reporting feature), Classroom app (command channel) |
| 3284 | TCP/UDP | Net Assistant | — | net-assistant | Classroom app (document sharing) |
| 3306 | TCP | MySQL | — | mysql | — |
| 3478–3497 | UDP | — | — | nat-stun-port - ipether232port | FaceTime, Game Center |
| 3632 | TCP | Distributed compiler | — | distcc | — |
| 3659 | TCP/UDP | Simple Authentication and Security Layer (SASL) | — | apple-sasl | macOS Server Password Server |
| 3689 | TCP | Digital Audio Access Protocol (DAAP) | — | daap | iTunes Music Sharing, AirPlay |
| 3690 | TCP/UDP | Subversion | — | svn | Xcode Server (anonymous remote SVN) |
| 4111 | TCP | XGrid | — | xgrid | — |
| 4398 | UDP | — | — | — | Game Center |
| 4488 | TCP | Apple Wide Area Connectivity Service | awacs-ice | ||
| 4500 | UDP | IPsec NAT Traversal | 4306 | ipsec-msft | macOS Server VPN service |
| 4500 | UDP | Wi-Fi Calling | 5996 | IKEv2 | Wi-Fi Calling |
| 5003 | TCP | FileMaker - name binding and transport | — | fmpro-internal | — |
| 5009 | TCP | (unregistered use) | — | winfs | AirPort Utility, AirPort Express Assistant |
| 5100 | TCP | — | — | socalia | macOS camera and scanner sharing |
| 5222 | TCP | XMPP (Jabber) | 3920 | jabber-client | Jabber messages |
| 5223 | TCP | Apple Push Notification Service (APNS) | — | — | iCloud DAV Services (Contacts, Calendars, Bookmarks), Push Notifications, FaceTime, iMessage, Game Center, Photo Stream |
| 5228 | TCP | — | — | — | Spotlight Suggestions, Siri |
| 5297 | TCP | — | — | — | Messages (local traffic) |
| 5350 | UDP | NAT Port Mapping Protocol Announcements | — | — | Bonjour |
| 5351 | UDP | NAT Port Mapping Protocol | — | nat-pmp | Bonjour |
| 5353 | UDP | Multicast DNS (MDNS) | 3927 | mdns | Bonjour, AirPlay, Home Sharing, Printer Discovery |
| 5432 | TCP | PostgreSQL | — | postgresql | Can be enabled manually in OS X Lion Server (previously enabled by default for ARD 2.0 Database) |
| 5897–5898 | UDP | (unregistered use) | — | — | xrdiags |
| 5900 | TCP | Virtual Network Computing (VNC) (unregistered use) | — | vnc-server | Apple Remote Desktop 2.0 or later (Observe/Control feature) Screen Sharing (Mac OS X 10.5 or later) |
| 5988 | TCP | WBEM HTTP | — | wbem-http | Apple Remote Desktop 2.x See also dmtf.org/standards/wbem. |
| 6970–9999 | UDP | — | — | — | QuickTime Streaming Server |
| 7070 | TCP | RTSP (unregistered use), Automatic Router Configuration Protocol (ARCP) | — | arcp | QuickTime Streaming Server (RTSP) |
| 7070 | UDP | RTSP alternate | — | arcp | QuickTime Streaming Server |
| 8000–8999 | TCP | — | — | irdmi | Web service, iTunes Radio streams |
| 8005 | TCP | Tomcat remote shutdown | — | — | — |
| 8008 | TCP | iCal service | — | http-alt | Mac OS X Server v10.5 or later |
| 8080 | TCP | Alternate port for Apache web service | — | http-alt | Also JBOSS HTTP in Mac OS X Server 10.4 or earlier |
| 8085–8087 | TCP | Wiki service | — | — | Mac OS X Server v10.5 or later |
| 8088 | TCP | Software Update service | — | radan-http | Mac OS X Server v10.4 or later |
| 8089 | TCP | Web email rules | — | — | Mac OS X Server v10.6 or later |
| 8096 | TCP | Web Password Reset | — | — | Mac OS X Server v10.6.3 or later |
| 8170 | TCP | HTTPS (web service/site) | — | — | Podcast Capture/podcast CLI |
| 8171 | TCP | HTTP (web service/site) | — | — | Podcast Capture/podcast CLI |
| 8175 | TCP | Pcast Tunnel | — | — | pcastagentd (such as for control operations and camera) |
| 8443 | TCP | iCal service (SSL) | — | pcsync-https | Mac OS X Server v10.5 or later (JBOSS HTTPS in Mac OS X Server 10.4 or earlier) |
| 8800 | TCP | Address Book service | — | sunwebadmin | Mac OS X Server v10.6 or later |
| 8843 | TCP | Address Book service (SSL) | — | — | Mac OS X Server v10.6 or later |
| 8821, 8826 | TCP | Stored | — | — | Final Cut Server |
| 8891 | TCP | ldsd | — | — | Final Cut Server (data transfers) |
| 9006 | TCP | Tomcat standalone | — | — | Mac OS X Server v10.6 or earlier |
| 9100 | TCP | Printing | — | — | Printing to certain network printers |
| 9418 | TCP/UDP | git pack transfer | — | git | Xcode Server (remote git) |
| 10548 | TCP | Apple Document Sharing Service | — | serverdocs | macOS Server iOS file sharing |
| 11211 | — | memcached (unregistered use) | — | — | Calendar Server |
| 16080 | TCP | — | — | — | Web service with performance cache |
| 16384–16403 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | — | connected, — | Messages (Audio RTP, RTCP; Video RTP, RTCP) |
| 16384–16387 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | — | connected, — | FaceTime, Game Center |
| 16393–16402 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | — | — | FaceTime, Game Center |
| 16403–16472 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | — | — | Game Center |
| 24000–24999 | TCP | — | — | med-ltp | Web service with performance cache |
| 42000–42999 | TCP | — | — | — | iTunes Radio streams |
| 49152–65535 | TCP | Xsan | — | — | Xsan Filesystem Access |
| 49152– 65535 | UDP | — | — | — | |
| 50003 | — | FileMaker server service | — | — | — |
| 50006 | — | FileMaker helper service | — | — | — |
1. The service registered with the Internet Assigned Numbers Authority, except where noted as “unregistered use.”
2. The number of a Request for Comment (RFC) document that defines the service or protocol. RFC documents are maintained by RFC Editor.
3. In the output of Terminal commands, the port number might be replaced by this Service Name, which is the label listed in /etc/services.
FaceTime is not available in all countries or regions.
Learn more
The application firewall in macOS is not a port-based firewall. It controls access by app, instead of by port.
-->Azure DevOps Services | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018 - TFS 2015
Connect to your Git repos through SSH on macOS, Linux, or Windows to securely connect using HTTPS authentication. On Windows, we recommended the use of Git Credential Managers or Personal Access Tokens.
Important
SSH URLs have changed, but old SSH URLs will continue to work. If you have already set up SSH, you should update your remote URLs to the new format:
- Verify which remotes are using SSH by running
git remote -vin your Git client. - Visit your repository on the web and select the Clone button in the upper right.
- Select SSH and copy the new SSH URL.
- In your Git client, run:
git remote set-url <remote name, e.g. origin> <new SSH URL>. Alternatively, in Visual Studio, go to Repository Settings, and edit your remotes.
Note
As of Visual Studio 2017, SSH can be used to connect to Git repos.
How SSH key authentication works
SSH public key authentication works with an asymmetric pair of generated encryption keys. The public key is shared with Azure DevOps and used to verify the initial ssh connection. The private key is kept safe and secure on your system.
Set up SSH key authentication
The following steps cover configuration of SSH key authentication on the following platforms:
- Linux
- macOS running at least Leopard (10.5)
- Windows systems running Git for Windows
Configure SSH using the command line. bash is the common shell on Linux and macOS and the Git for Windows installation adds a shortcut to Git Bash in the Start menu.Other shell environments will work, but are not covered in this article.
Step 1: Create your SSH keys
Note
If you have already created SSH keys on your system, skip this step and go to configuring SSH keys.
The commands here will let you create new default SSH keys, overwriting existing default keys. Before continuing, check your~/.ssh folder (for example, /home/jamal/.ssh or C:Usersjamal.ssh) and look for the following files:
- id_rsa
- id_rsa.pub
If these files exist, then you have already created SSH keys. You can overwrite the keys with the following commands, or skip this step and go to configuring SSH keys to reuse these keys.
Create your SSH keys with the ssh-keygen command from the bash prompt. This command will create a 2048-bit RSA key for use with SSH. You can give a passphrasefor your private key when prompted—this passphrase provides another layer of security for your private key.If you give a passphrase, be sure to configure the SSH agent to cache your passphrase so you don't have to enter it every time you connect.
This command produces the two keys needed for SSH authentication: your private key ( id_rsa ) and the public key ( id_rsa.pub ). It is important to never share the contents of your private key. If the private key iscompromised, attackers can use it to trick servers into thinking the connection is coming from you.
Step 2: Add the public key to Azure DevOps Services/TFS
Associate the public key generated in the previous step with your user ID.
Open your security settings by browsing to the web portal and selecting your avatar in the upper right of theuser interface. Select SSH public keys in the menu that appears.
Select + New Key.
Copy the contents of the public key (for example, id_rsa.pub) that you generated into the Public Key Data field.
Important
Avoid adding whitespace or new lines into the Key Data field, as they can cause Azure DevOps Services to use an invalid public key. When pasting in the key, a newline often is added at the end. Be sure to remove this newline if it occurs.
Give the key a useful description (this description will be displayed on the SSH public keys page for your profile) so that you can remember it later. Select Save to store the public key. Once saved, you cannot change the key. You can delete the key or create a new entry for another key. There are no restrictions on how many keys you can add to your user profile.
Test the connection by running the following command:
ssh -T git@ssh.dev.azure.com.If everything is working correctly, you'll receive a response which says:remote: Shell access is not supported.If not, see the section on Questions and troubleshooting.
Step 2: Add the public key to Azure DevOps Services/TFS
Associate the public key generated in the previous step with your user ID.
Open your security settings by browsing to the web portal and selecting your avatar in the upper right of theuser interface. Select Security in the menu that appears.
Select + New Key.
Copy the contents of the public key (for example, id_rsa.pub) that you generated into the Public Key Data field.
Important
Avoid adding whitespace or new lines into the Key Data field, as they can cause Azure DevOps Services to use an invalid public key. When pasting in the key, a newline often is added at the end. Be sure to remove this newline if it occurs.
Give the key a useful description (this description will be displayed on the SSH public keys page for your profile) so that you can remember it later. Select Save to store the public key. Once saved, you cannot change the key. You can delete the key or create a new entry for another key. There are no restrictions on how many keys you can add to your user profile.
Test the connection by running the following command:
ssh -T git@ssh.dev.azure.com.If everything is working correctly, you'll receive a response which says:remote: Shell access is not supported.If not, see the section on Questions and troubleshooting.
Step 3: Clone the Git repository with SSH
Note
To connect with SSH from an existing cloned repo, see updating your remotes to SSH.
Copy the SSH clone URL from the web portal. In this example, the SSL clone URL is for a repo in an organization named fabrikam-fiber, as indicated by the first part of the URL after
dev.azure.com.Note
Project URLs have changed with the release of Azure DevOps Services and now have the format
dev.azure.com/{your organization}/{your project}, but you can still use the existingvisualstudio.comformat. For more information, see VSTS is now Azure DevOps Services.Run
git clonefrom the command prompt.
SSH may display the server's SSH fingerprint and ask you to verify it.You should verify that the displayed fingerprint matches one of the fingerprints in the SSH public keys page.
SSH displays this fingerprint when it connects to an unknown host to protect you from man-in-the-middle attacks.Once you accept the host's fingerprint, SSH will not prompt you again unless the fingerprint changes.
When you are asked if you want to continue connecting, type yes. Git will clone the repo and set up the origin remote to connect with SSH for future Git commands.
Tip
Avoid trouble: Windows users will need to run a command to have Git reuse their SSH key passphrase.
Questions and troubleshooting
Ssh Mac Port Forwarding
Q: After running git clone, I get the following error. What should I do?
A: Manually record the SSH key by running:ssh-keyscan -t rsa domain.com >> ~/.ssh/known_hosts
Q: How can I have Git remember the passphrase for my key on Windows?
A: Run the following command included in Git for Windows to start up the ssh-agent process in PowerShell or the Windows Command Prompt. ssh-agent will cacheyour passphrase so you don't have to provide it every time you connect to your repo.
If you're using the Bash shell (including Git Bash), start ssh-agent with:
Q: I use PuTTY as my SSH client and generated my keys with PuTTYgen. Can I use these keys with Azure DevOps Services?
A: Yes. Load the private key with PuTTYgen, go to Conversions menu and select Export OpenSSH key.Save the private key file and then follow the steps to set up non-default keys.Copy your public key directly from the PuTTYgen window and paste into the Key Data field in your security settings.
Q: How can I verify that the public key I uploaded is the same key as I have locally?
A: You can verify the fingerprint of the public key uploaded with the one displayed in your profile through the following ssh-keygen command run against your public key usingthe bash command line. You will need to change the path and the public key filename if you are not using the defaults.
You can then compare the MD5 signature to the one in your profile. This check is useful if you have connection problems or have concerns about incorrectlypasting in the public key into the Key Data field when adding the key to Azure DevOps Services.
Q: How can I start using SSH in a repository where I am currently using HTTPS?
A: You'll need to update the origin remote in Git to change over from a HTTPS to SSH URL. Once you have the SSH clone URL, run the following command:
You can now run any Git command that connects to origin.
Q: I'm using Git LFS with Azure DevOps Services and I get errors when pulling files tracked by Git LFS.
A: Azure DevOps Services currently doesn't support LFS over SSH. Use HTTPS to connect to repos with Git LFS tracked files.
Q: How can I use a non default key location, i.e. not ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub?
A: To use keys created with ssh-keygen in a different place than the default, you do two things:
- The keys must be in a folder that only you can read or edit. If the folder has wider permissions, SSH will not use the keys.
- You must let SSH know the location of the keys. You make SSH aware of keys through the
ssh-addcommand, providing the full path to the private key.
On Windows, before running ssh-add, you will need to run the following command from included in Git for Windows:
This command runs in both PowerShell and the Command Prompt. If you are using Git Bash, the command you need to use is:
You can find ssh-add as part of the Git for Windows distribution and also run it in any shell environment on Windows.
Ssh Client For Mac
On macOS and Linux you also must have ssh-agent running before running ssh-add, but the command environment on these platforms usuallytakes care of starting ssh-agent for you.
Q: I have multiple SSH keys. How do I use different SSH keys for different SSH servers or repos?
A: Generally, if you configure multiple keys for an SSH client and connect to an SSH server, the client can try the keys one at a time until the server accepts one.
However, this doesn't work with Azure DevOps for technical reasons related to the SSH protocol and how our Git SSH URLs are structured. Azure DevOps will blindly accept the first key that the client provides during authentication. If that key is invalid for the requested repo, the request will fail with the following error:
For Azure DevOps, you'll need to configure SSH to explicitly use a specific key file. One way to do this to edit your ~/.ssh/config file (for example, /home/jamal/.ssh or C:Usersjamal.ssh) as follows:
Q: How do I fix errors that mention 'no matching key exchange method found'?
A: Git for Windows 2.25.1 shipped with a new version of OpenSSH which removed some key exchange protocols by default.Specifically, diffie-hellman-group14-sha1 has been identified as problematic for some Azure DevOps Server and TFS customers.You can work around the problem by adding the following to your SSH configuration (~/.ssh/config):
Replace <your-azure-devops-host> with the hostname of your Azure DevOps or TFS server, like tfs.mycompany.com.
Q: What notifications may I receive about my SSH keys?
A: Whenever you register a new SSH Key with Azure DevOps Services, you will receive an email notification informing you that a new SSH key has been added to your account.
Q: What do I do if I believe that someone other than me is adding SSH keys on my account?
Ssh From Windows To Mac
A: If you receive a notification of an SSH key being registered and you did not manually upload it to the service, your credentials may have been compromised.
The next step would be to investigate whether or not your password has been compromised. Changing your password is always a good first step to defend against this attack vector. If you’re an Azure Active Directory user, talk with your administrator to check if your account was used from an unknown source/location.