`ssh -T` to VSTS(Azure Devops) authenticates successfully, but `git clone` fails

Question

I recently created a second key to access Visual Studio Team Services,

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

so I now have two keys:

id_github
id_vsts

Both keys seem to have been picked up by ssh: ssh-add -l lists both of them.

Next, I added id_vsts.pub to my VSTS account security. The key was properly added because requesting SSH terminal access authenticates properly:

Authentication for user with identifier "" was successful against account "my_account". 
Shell is not supported.

However, when I git clone ssh://[user]@[host]:22/[repo], it fails!

Your Git command did not succeed.
Details:
        Public key authentication failed.

In an unexpected turn of events, if I use id_github's public key, the clone succeeds. What's going on?

Answer 1

Apparently git uses only the first key provided, if that fails, git clone fails. My ssh config had a wildcard option with a key matching before the git key and therefore it did not work. After moving the git configuration to the top of .sss/config all is fine.

Answer 2

In my case, adding IdentitiesOnly yes to the ~/.ssh/config file for the VSO host did the trick.

Answer 3

You need to force the client to use specific private key, otherwise it uses the default one.

To check which private key file used for a host, you can run

ssh -v [host(e.g. test@test.visualstudio.com)]

One way is that you can configure it in the config file. (My steps for windows)

1. Run touch .ssh/config if there isn’t config file in .ssh folder
2. Open config file

code:

Host xx.visualstudio.com
  IdentityFile /c/Users/xx/.ssh/id_vsts

3. Open new command line and run Git clone command

Another way is that, you can run ssh -i /path/to/id_rsa user@server.nixcraft.com command.

More information, you can refer to this article: Force SSH Client To Use Given Private Key (identity file)