Team Foundation Sever GIT Setup

How to set up TFS GIT using SSH.

Creating an SSH key in RSA format

  1. Log into the AIQ server.

  2. Using a git-bash create a key pair by executing the following line: ssh-keygen -m pem

  3. Leave the passphrase empty.

  4. Use the default name for the keypair.

  5. After the process ends you should have new entries in C:\Users\<win-username>\.ssh called id-rsa and id-rsa.pub. id-rsa is the private key, and id-rsa.pub is the public key.

Upload the SSH public key to TFS

  1. Open your user profile security settings in TFS and select SSH Keys.

  2. Click Add.

  3. Enter a name for the key and paste the contents of the id-rsa.pub file (not id-rsa).

Create a Personal Access Token (PAT)

  1. Create and save to a secure place a Personal Access Token (PAT) by opening your TFS profile security setting and clicking on Personal access tokens

  2. Click Add.

  3. Enter the Description and Click Create Token

  4. Save the Token to add it as PassPhrase in AIQ Preferences>Repository page

Cloning an AIQ repository

Using the AIQ SSH inputs as follows:

  1. SSH URL provided by the TFS server

  2. Paste the private key contents into the GIT SSH key

  3. Enter the username used to log in to TFS as the username (like SudhaRani.appvance)

  4. Enter the personal access token (PAT) for the passphrase

  5. Click Clone.

Exchange method Error:

Microsoft Visual Studio Team Foundation Server git repositories use Windows Credentials manager with NTLM to authenticate its repositories via HTTPS. This is not supported by jgit which is the GIT library used by AIQ.

The way to overcome this is to use SSH authentication, but depending on the version of your TFS server you might get the following error:

no matching key exchange method was found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1

  1. The above error is because the new open-ssl.exe has dropped those SHA1 algorithms and the TFS server does not provide newer options, so the connection fails. To overcome this problem you need to create a file in the AIQ server inside the .ssh folder

  2. The config file should have this line: KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1

  3. Add this file into .ssh folder

  4. Add GIT URL and credentials in credentials manager to access GIT files inside the machine:

Credential manager will auto pop up in case no creds are are found in the credential manager and can enter the creds from there as well.