Which Authentication Mechanism to Use for Registering the Self-Hosted Agent

A

Note: PAT Supported only on Azure Pipelines and TFS 2017 and newer. After you choose PAT, paste the PAT token you created into the command prompt window. Use a personal access token (PAT) if your Azure DevOps Server or TFS instance and the agent machine are not in a trusted domain. PAT authentication is handled by your Azure DevOps Server or TFS instance instead of the domain controller.

When you provision a self-hosted Linux agent for use with Azure DevOps, you must register the agent with your organization. During the registration process, you must provide authentication information that allows the agent to connect to your organization and authenticate.

Out of the options provided, the recommended authentication mechanism for registering a self-hosted Linux agent is using an SSH key.

SSH is a secure protocol used to access remote machines over the internet. It is commonly used to manage Linux servers and to access Git repositories. Azure DevOps supports SSH authentication for Git repositories and for connecting to Linux-based agents.

To use an SSH key to register a self-hosted Linux agent, you need to generate an SSH key pair on the machine where the agent will be installed. The public key is uploaded to Azure DevOps as part of the registration process, and the private key is stored on the agent machine. When the agent connects to Azure DevOps, it uses the private key to authenticate.

Using an SSH key for authentication is more secure than using a personal access token (PAT) or alternate credentials, which require storing a username and password on the agent machine. A certificate could also be used, but it is less commonly used and requires additional configuration.

In summary, when provisioning a self-hosted Linux agent, it is recommended to use an SSH key for authentication during the registration process.