Adding SSH Keys to Windows Azure

Question

I'm trying to setup continuous deployment for an Azure website using bitbucket.

The problem is I'm using a submodule (which I own) that Azure doesn't have permission to, because it doesn't add that by default.

I'm trying to figure out how to add an SSH key so that Azure can connect and get the submodule.

Steps I've taken.

1. Created a New Public/Private Key with PuttyGen, Added the public key to my bitbucket account under the name Azure

2. FTPed into Azure, and added both the public and private key files (.ppk) to the .ssh directory (yeah I didn't know which one I was suppose to add). They are named azurePrivateKey.ppk, and azurePublicKey.

3. Updated my config file to look like this

    HOST *
   StrictHostKeyChecking no
   
   Host bitbucket.org
   HostName bitbucket.org
   PreferredAuthentications publickey
   IdentityFile ~/.ssh/azurePrivateKey.ppk
   

   (no clue if that's right)

4. Updated my Known Hosts to look like this

   bitbucket.org,131.103.20.168, <!--some key here...it was here when i opened the file, assuming it's the public key for the repo i tried to add-->
   bitbucket.org,131.103.20.168, <!--the new public key i tried to add-->
   

And I still get the same error, no permission to get submodule. So i'm having trouble figuring out which step I did incorrectly as I've never done this before.

Answer 1

I've never set that up in Azure but some general rules of thumb for handling SSH keys:

• The private key in $HOME/.ssh/ must have file mode 600 (RW only for the owner)
• You need both, the public and the private key in this folder, usually named id_rsa and id_rsa.pub but you can change the filename to whatever you like
• You have to convert the private key generated by puttykeygen to a OpenSSH2 compatible format, see How to convert SSH keypairs generated using PuttyGen
• known_hosts stores the public keys of the servers you've already connected to. That's useful to make sure that you are really connecting to the same server again. more detailed information on this topic

HTH

Answer 2

Better late then never, and it could be usefull for others :

A Web App already have a ssh key, to get it : https://[web-site-name].scm.azurewebsites.net/api/sshkey?ensurePublicKey=1

You can then add this key to you git repo deploy key.

Answer 3

So if you like me had multiple private submodules on the same github account as the app service is deployed at you can give your service access to all your modules by moving the deployment key.

• Go to the repo where your service is hosted.
• In settings go to deploy keys.
• Remove the deployment key.
• Get the public key from https://[your-web-app].scm.azurewebsites.net/api/sshkey?ensurePublicKey=1
• Add the key to your SSH keys in the account settings for github.
• If you have modules on several accounts you can add the same key to each account.

After this the service can access private repos on all accounts with the key.