How to Connect to TFS/VSTS Git Repositories via SSH

Since Team Foundation Server (TFS) 2013 and Visual Studio Team Services (VSTS) added Git support, they have only used HTTP/HTTPS for transport, which prevents many standard Git clients (e.g., Eclipse eGit) from connecting because Microsoft products rely on NTLM authentication.

Using SSH allows any OS or Git client to connect to TFS/VSTS Git repositories, eliminates repeated password prompts via an SSH agent, and secures data transfer with public‑key encryption.

1. Generate a public key

Run the following command:

ssh-keygen -C "yourEmailAddress"

This creates two files in the ~/.ssh directory:

~/.ssh/id_rsa (private key) and ~/.ssh/id_rsa.pub (public key).

The private key must be kept safe; the public key will be uploaded to the TFS/VSTS server to encrypt traffic, while the private key decrypts it. A passphrase should be set to protect the private key.

Note: Windows users may not have ssh-keygen installed; installing the Cmder console provides this tool.

2. Upload the public key to TFS/VSTS

In your TFS/VSTS project, click your user name at the top right, choose User Security (or User Profile in TFS), then select SSH Public Keys . Open id_rsa.pub with a text editor and paste its entire content into the Key Data field.

3. Get the SSH clone URL and clone the repository

Open the repository, click the Clone button, select the SSH option, and copy the provided URL. Run git clone ; SSH will ask for the key passphrase.

On macOS the system can store the passphrase in the keychain, while on Windows you can start the SSH agent with ssh-agent-start.cmd to avoid re‑entering the password.

That’s all – happy coding!