Setup SSH Authentication for Git Bash on Windows

git-ssh-auth-win-setup.md

Setup SSH Authentication for Git Bash on Windows

Prepararation

0. Create a folder at the root of your user home folder (Example: C:/Users/uname/) called .ssh.
1. Create the following files if they do not already exist (paths begin from the root of your user home folder):
   • .ssh/config
   • .bash_profile
   • .bashrc

Create a New SSH Key

Follow the steps in the section named "Generating a new SSH Key" found in the following documentation from GitHub: Generating a new SSH key and adding it to the ssh-agent

Configure SSH for Git Hosting Server

Add the following text to .ssh/config (.ssh should be found in the root of your user home folder):

Host github.com
 Hostname github.com
 IdentityFile ~/.ssh/id_ed25519

Enable SSH Agent Startup Whenever Git Bash is Started

First, ensure that following lines are added to .bash_profile, which should be found in your root user home folder:

test -f ~/.profile && . ~/.profile
test -f ~/.bashrc && . ~/.bashrc

Now, add the following text to .bashrc, which should be found in your root user home folder:

# Start SSH Agent
#----------------------------

SSH_ENV="$HOME/.ssh/environment"

function run_ssh_env {
  . "${SSH_ENV}" > /dev/null
}

function start_ssh_agent {
  echo "Initializing new SSH agent..."
  ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
  echo "succeeded"
  chmod 600 "${SSH_ENV}"

  run_ssh_env;

  ssh-add ~/.ssh/id_ed25519;
}

if [ -f "${SSH_ENV}" ]; then
  run_ssh_env;
  ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
    start_ssh_agent;
  }
else
  start_ssh_agent;
fi

The part that launches the ssh agent is valuable. However, I'm not persuaded there is a benefit in the git config file. The Default key name is "id_rsa" and that is what ssh will look for. I think the config file is not having an effect. At least for me...

In my case, the name of the key is different for every server and, for reasons I cannot understand, the ssh system only wants to look for "id_rsa". On Linux, this is a symptom of a permissions problem, permissions should be 700. But in Windows, it appears not possible to set permissions at all. In the Git bash shell, permissions always have g+r and o+r.

The config file is ignores, at least for me. You can see same result if you name your key in another file, put in

IdentityFile ~/.ssh/new_keyname

And it wont work. If it does work, I'd love to hear from you.

If you use an old dsa key, put this in config PubkeyAcceptedKeyTypes=+ssh-dss

Wow! First of all, thank you! I am astonished as to why none of this presented anywhere on GitHub? I spent a couple of hours looking for the missing steps, All they say is paste your public key here with no mention of how GitHub is supposed to find the private key on Windows, where it should be stored, what else is required, etc.

The only thing I would add to this is that if you are generating you keys with PuTTY Key Generator, you must select from the menu -> Conversions -> Export SSH key(force new file format) and save the private key as just "id_rsa" NOT id_rsa.ppk the default PuTTY format

Thank you again Brandon

Perfect, thanks!

good！

Thank you, works perfectly!
bitbucket and github are really missing these crucial steps, lost almost 8 hours setting it up on windows.

I added this to /etc/ssh/ssh_config so that I could use a shared deployment key for all users on my server. Thanks for the info!

Host bitbucket.org
 Hostname bitbucket.org
 IdentityFile /code/.ssh/id_rsa

If you want to add multiple keys to the agent simply replace the line ssh-add ~/.ssh/id_rsa; with the following block:

for key in ${HOME}/.ssh/id_*; do
     if grep -q PRIVATE "$key"; then
          /usr/bin/ssh-add "$key"
     fi
done

This will add every ssh key that start with id_
The inconvenience is that when the ssh-agent start, it's going to prompt you to enter the password for every keys even if you don't necessarily use them. I haven't found a solution for this.

You might want to use that with git for windows if, say, you have a different github account: 1 for your personal work and another for your professional work. Github won't let you re-use the same ssh key for both accounts so you need 2 keys.

To make this work, you will need to do 2 more steps. in ${HOME}/.ssh create the config file with the following content:

# Default Github

Host github.com
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa

# Example config for a secondary github account

Host github-corpo
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_corpo

In this example, we have the secondary ssh key named id_rsa_corpo.

If you already cloned the repo for the secondary key, change the remote to point to github-corpo.
If not, then just clone by replacing the host :

git@github-corpo:myUserName/myProject.git

it works like a charm, thank you very much

Thank you! But, every time after restarting the computer I have to re-enter the password.

Thanks for the guide. So in my experience first time, In windows, when i do a ssh-keygen on gitbash, it saves the private and public key at /c/Program Files/Git/etc/ssh and folder paths with spaces don't work nice when I run SSH so i copied my private and public key at C:/.ssh and edit my identity file in
/c/Program Files/Git/etc/ssh/ssh_config as

Host hello
    HostName example.com
    IdentityFile /c/.ssh/blahblah_rsa
    AddKeysToAgent yes

You can refer to "Program Files" as "PROGRA~1" and "Program Files (x86)" as "PROGRA~2" in Windows. It appears that you can also escape spaces in Git Bash with a backspace: "Program\ Files" or "Program\ Files\ (x86)".

Thanks a lot! Worked perfectly!

This was awesome, thank you so much for the feedback! Now I only ever have to enter in my passphrase once!

You can check if the agent is already running using this command

$ ps x | grep ssh-agent

It worked perfectly for me! Thanks bsara!

well dwon! It's perfect!

Thank you very much!!!

Thank you! Worked perfectly!

I have followed these steps, and when I start git bash, I can see it is starting the ssh-agent. But when I perform a git operation (e.g. git clone), the github login dialog pops up and it is not using the ssh key. How do I get git to use the ssh key and not the github login? On the github side, I have added the ssh key as per the github instructions..

Oh i c now.. I need to clone with ssh address not with https.
Thanks for these instructions :)

works with a few changes for bitbucket.org too

I have followed these steps, and when I start git bash, I can see it is starting the ssh-agent. But when I perform a git operation (e.g. git clone), the github login dialog pops up and it is not using the ssh key. How do I get git to use the ssh key and not the github login? On the github side, I have added the ssh key as per the github instructions..

you should use ssh urls of repository, not https one

You instructions worked perfectly for me!
Thanks bsara!!!

This worked well for me. Thanks for sharing

For windows user please add the .bash_profile and.bashrc file in your root directory if not present. And the rest steps remain the same.
Thanks for the solution.

In my case the issue was in the system variables my HOME directory was not pointing to the correct User directory(where the ssh keys are). For Git Bash to be able to authenticate it needs to find your private key that is hosted in C:\Users\YOUR_UESR.ssh but if somehow this is pointing to the incorrect directory you'll end up in situation where you cannot connect.

What helped me to see the issue was running the below command

ssh -vT [email protected]

This command provides a verbose output with debug information that shows up resolved paths in your system. I've noticed the mismatched path that led me to the conclusion something is wrong with my system variables I opened them and saw the issue right away.

you saved my a$$ bro. 🙏🙏🙏

有用。