Azure Linked Accounts and SSH Keys

  Subscribe
10/17/2019 - Marco von Ballmoos

Azure DevOps allows you to link multiple accounts.

Our concrete use case was:

  • User U1 was registered with an Azure DevOps organization O1
  • Microsoft did some internal management and gave our partner account a new organization O2, complete with new accounts for all users. Now I have user U2 as well, registered with O2.
  • U2 was unable to take tests to qualify for partner benefits, so I had to use U1 but link the accounts so that those test results accrued to O2 as well as O1.
  • We want to start phasing out our users from O1, so we wanted to remove U1 from O1 and add U2

Are we clear so far? U1 and U2 are linked because reasons. U1 is old and busted; U2 is the new hotness.

The linking has an unexpected side-effect when managing SSH keys. If you have an SSH key registered with one of the linked accounts, you cannot register an SSH key with the same signature with any of the other accounts.

This is somewhat understandable (I guess), but while the error message indicates that you have a duplicate, it doesn't tell you that the duplicate is in another account. When you check the account that you're using and see no other SSH keys registered, it's more than a little confusing.

Not only that, but if the user to which you've added the SSH key has been removed from the organization, it isn't at all obvious how you're supposed to access your SSH key settings for an account that no longer has access to Azure DevOps (in order to remove the SSH key).

Instead, you're left with an orphan account that's sitting on an SSH key that you'd like to use with a different account.

So, you could create a new SSH key or you could do the following:

  • Re-add U1 to O1
  • Remove SSH key SSH1 from U1
  • Register SSH key SSH1 with U2
  • Profit

If you can't add U1 to O1 anymore, then you'll just have to generate and use a new SSH1 key for Azure. It's not an earth-shatteringly bad user experience, but interesting to see how several logical UX decisions led to a place where a couple of IT guys were confused for long minutes.

Sign up for our Newsletter