You should not use the Open SSH client that comes with Git for Windows. Instead, Windows 10 has its own implementation of Open SSH that is integrated with the system. To achieve this:
- Start the
ssh-agentfrom Windows Services:
- Type
Servicesin theStart MenuorWin+Rand then typeservices.mscto launch the Services window; - Find the
OpenSSH Authentication Agentin the list and double click on it; - In the
OpenSSH Authentication Agent Propertieswindow that appears, chooseAutomaticfrom theStartup type:dropdown and clickStartfromService status:. Make sure it now saysService status: Running.
- Configure Git to use the Windows 10 implementation of OpenSSH by issuing the following command in Powershell:
git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe
- Configure SSH to automatically add the keys to the agent on startup by editing the
configfile found at$HOME\.ssh\config(full path -C:\Users\%YOUR_USERNAME%\.ssh\config), and add the following lines:
Host *
AddKeysToAgent yes
IdentitiesOnly yes
You can also add the following lines if you generated an SSH key with custom name or multiple SSH keys:
Host github.com
HostName github.com
User your_user_name
IdentityFile ~/.ssh/your_file_name
- Add your SSH key to the
ssh-agentby issuing thessh-addcommand and entering your passphrase:
ssh-add $HOME/.ssh/your_file_name
- Done! Now restart your Powershell and even Windows if necessary.
If this was useful, you can buy me a coffee here. Thank you!
Many thanks to all of you for your contributions. It really drives me mad not to find out how this whole stuff is working on Windows 11 with the OpenSSH Authentication Agent. It works, it even is ultra-convenient, it just is not clear how it works. The normal expected behavior of an SSH Agent for me is, that it loads my keys that I add to it (in my case on Windows 11 with ssh-add ~/.ssh/my_keyname) into the process memory and asks me for a password (if I set one, what I always do). In my .ssh folder there are always both files that build a keypair. The private key and the corresponding .pub public key file. All this works fine. I use ssh-add to add my key to the agent and then do my stuff on github and on some vps and linux vms. All fine. But now I shutdown or reboot my machine (sometimes you have to do something away from the machines, I guess) and come back later to start it up again. The fact, that now, even when I had the startup type of the OpenSSH Authentication Agent set to manual and I started it after my login, my ssh key with a secure passphrase works without ever asking me again for the passphrase is nuts. I was not able to find someone who could explain me, where and how the passphrase is cached, so that the agent can use my key permanently without ever needing me to enter the passphrase again. I know, it's super convenient and some might think why I complain, but it is disturbing. I am working with some pretty sensitive environments and I truly want to know, how this credential caching works. Till I found out, I will use ssh-add -D to delete the keys from the agent, whenever I do no longer need them. So if anybody can tell me how this works, it would make my sleep better again. TIA.