# Setting up Azure SSH Proxy for Lagoon Deployment

You need to create a dedicated proxy user on a server where you've full control over the ssh service.
In following scenario we used the username `git`.

## Creating git user and ssh confs for it:

```bash
ssh-keygen -f ~/id_azure -t rsa
sudo useradd -m git
sudo mkdir /home/git/.ssh/
sudo mv ~/id_azure* /home/git/.ssh
sudo echo "Host ssh.dev.azure.com" >> /home/git/.ssh/config
sudo echo "HostkeyAlgorithms +ssh-rsa" >> /home/git/.ssh/config
sudo echo "#PubkeyAcceptedAlgorithms +ssh-rsa" >> /home/git/.ssh/config
sudo echo "#HostkeyAlgorithms +ssh-rsa" >> /home/git/.ssh/config
sudo echo "User git" >> /home/git/.ssh/config
sudo echo "IdentityFile /home/git/.ssh/id_azure" >> /home/git/.ssh/config
sudo touch /home/git/.ssh/known_hosts
sudo touch /home/git/.ssh/authorized_keys
sudo echo "LAGOON_ED25519_DEPLOY_KEY Lagoon-Key" >> /home/git/.ssh/authorized_keys
sudo chown -R git:git /home/git
sudo chmod 644 /home/git/.ssh/*
sudo chmod 400 /home/git/.ssh/id_azure
cat /home/git/.ssh/id_azure.pub
```

!! Enable PubkeyAcceptedAlgorithms / HostkeyAlgorithms if you run OpenSSH >=8.8 (use `ssh -V` to check version) \

### Add public key to Azure user SSH keys

Get the contents from /home/git/.ssh/id_azure.pub
And add them in Azure DevOps > User settings > SSH public keys

### Test connection:

```bash
sudo runuser -u git -- ssh -v ssh.dev.azure.com
````

Check for "`debug1: Authentication succeeded (publickey).`" \
Followup error like "`shell request failed on channel 0`" is fine.

## Configure SSHD to force SSH forwarding to ssh.dev.azure.com for user git.

```bash
sudo echo "" >> /etc/ssh/sshd_config
sudo echo "" >> /etc/ssh/sshd_config
sudo echo "Match User git" >> /etc/ssh/sshd_config
sudo echo "  ForceCommand ssh -T ssh.dev.azure.com \$SSH_ORIGINAL_COMMAND" >> /etc/ssh/sshd_config
sudo systemctl restart ssh.service
```

### To test with your own key:

sudo echo "YOUR_ED25519_KEY" >> /home/git/.ssh/authorized_keys

Now you should be able to execute following command locally - given your local public key was also added to `/home/azure/.ssh/authorized_keys`:

```bash 
git clone git@CUSTOM_SERVER_IP_OR_HOSTNAME:v3/OrganizationName/ProjectName/REPOSITORY
```

### Change Git Url for Lagoon project

```bash
lagoon update p -p YOUR_LAGOON_PROJECT -g git@CUSTOM_SERVER_IP_OR_HOSTNAME:v3/OrganizationName/ProjectName/REPOSITORY.git
```