TeamCity doesn't support authentication method Private Key with agent checkout.


For my .NET project, I'm running TeamCity 6.0.2 (build 15857) on Linux box and Build agent on Windows server (building on windows sounds like a must).

For VCS I'm using git/gitosis which requires private key authentication.

Currently I only have this single Build agent, and checkout "Automatically on agent (if supported by VSC roots)" sounds reasonable to avoid overhead of transfering the sources to agent as part of build process.

I've copied the private key to TeamCity server as required and Test Connection went successfully after I left Username blank.

When I've tried running the build, I got the following response:

TeamCity doesn't support authentication method Private Key with agent checkout. Please use 'Anonymous' or 'Default Private Key' methods.

When I've switched to "Automatically on server", checkout went fine, and build went on with transferring the code to agent etc.

I was wondering if there is a real reason for this restriction or is this perhaps planned for the future? Am I getting something wrong?


Comment actions Permalink

Hi Vladimir,

on agents we use a native git, i.e. we create a separate process which run git commands. When you use a 'Private Key' authentication it could require a passphrase. Ssh asks for passphrase in an interactive mode, so we cannot pass it as an argument to a git command.

Another option for us is to use java ssh implementation on the agent and by default we do that. We could send it a passphrase, but it is not implemented yet (feel free to create a feature request at As a workaround you can use a 'Default Private Key' auth method on agents.

Comment actions Permalink

Thanks for the response. I'll probably submit a request.

However, "Default Private Key" sounds as a reasonable workaround, but I don't find the concept very clear. I mean - in order to use keys to connect to ssh I need a private key, and public key that I append to ~/.ssh/authorized_keys on git server.

Help ( is not very specific what am I supposed to do with <USER_HOME>\.ssh\config and how to make ssh server accept the "Default Private Key" or if there is a matching public key.

Could you please provide a more detailed instructions for making "Default Private Key" option work with this setup?


Comment actions Permalink

Since server-side checkout works for you, I assume you already have a pair of public and private keys and they are registered in ~/.ssh/authorized_keys at your git server.

The difference between default and non-default private key is that a non-default keys could be in any path and can be protected by passphrase.

So you need to copy your public/private keys to the ~/.ssh/ and ~/.ssh/id_rsa correspondingly and make sure they are not protected by passphrase.
On linux you can do that using command: 'ssh-keygen -f id_rsa -p' and press enter when it will ask for a passphrase.

In order to clone by ssh from the agent you should copy these keys to the <home dir of the user who run an agent>/.ssh/ dir on the agent.

Also it is possible to use keys not placed in the default location, to do that put something like this in your ~/.ssh config:

Host <your.git.server>
User <your.git.server.user>
PreferredAuthentications publickey
IdentityFile <path/to/private/key>
StrictHostKeyChecking no

This will tell ssh to use a key in non-default location.

Please let me know if it helps.


Please sign in to leave a comment.