You should not use the Open SSH client that comes with Git for Windows. Instead, Windows 10 has its own implementation of Open SSH that is integrated with the system. To achieve this:
- Start the
ssh-agent
from Windows Services:
- Type
Services
in theStart Menu
orWin+R
and then typeservices.msc
to launch the Services window; - Find the
OpenSSH Authentication Agent
in the list and double click on it; - In the
OpenSSH Authentication Agent Properties
window that appears, chooseAutomatic
from theStartup type:
dropdown and clickStart
fromService status:
. Make sure it now saysService status: Running
.
- Configure Git to use the Windows 10 implementation of OpenSSH by issuing the following command in Powershell:
git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe
- Configure SSH to automatically add the keys to the agent on startup by editing the
config
file found at$HOME\.ssh\config
(full path -C:\Users\%YOUR_USERNAME%\.ssh\config
), and add the following lines:
Host *
AddKeysToAgent yes
IdentitiesOnly yes
You can also add the following lines if you generated an SSH key with custom name or multiple SSH keys:
Host github.com
HostName github.com
User your_user_name
IdentityFile ~/.ssh/your_file_name
- Add your SSH key to the
ssh-agent
by issuing thessh-add
command and entering your passphrase:
ssh-add $HOME/.ssh/your_file_name
- Done! Now restart your Powershell and even Windows if necessary.
If this was useful, you can buy me a coffee here. Thank you!
Works great. Two things:
First, I didn't need this in ~/.ssh/config:
After ssh-add and restarting Windows, my keys are still decrypted and I can ssh from Powershell without a problem.
Second, is there a way to get the agent to ask for the passphrase once per key? I guess I'm used to the way ssh-agent works on Linux, where you add each key to the agent by supplying the passphrase and it stays decrypted until the agent process is killed, or the key is removed. I like the extra protection of having to supply the passphrase once.