I have multiple passphrase-protected SSH keys on my laptop that allow me to authenticate with various devices and services. I don’t mind typing my passphrase when logging in to a remote computer via SSH. To me, the action is conceptually similar to entering a local password at login. However, since I use SSH keys for authentication to GitHub, every git command that affects a remote repository results in a prompt for an SSH key passphrase.
This is really annoying.
I’ve seen ssh-agent mentioned as a solution to this issue, but only in the context of a Linux environment. How can I take advantage of this functionality on my Windows laptop? The ssh-agent that is included with git, while technically a Windows executable, is configured for a pseudo-Linux environment.
Thankfully, in recent versions on Windows 10, OpenSSH ships as an optional feature. After enabling the feature, a proper ssh-agent is available for use.
After enabling OpenSSH in Windows, the ssh-agent service needs to be enabled. Open an elevated PowerShell window and run:
PS> Get-Service ssh-agent | Set-Service -StartupType Automatic
This will start the ssh-agent service automatically.
Verify that your PATH is properly configured by executing the following:
PS> Get-Command ssh | Select-Object Source Source ------ C:\Windows\System32\OpenSSH\ssh.exe
Validate that your output is similar to mine. The ssh executable should be in the System32 folder, not the Git for Windows directory. If your output doesn’t match, your PATH variable probably needs to be modified to prioritize the
C:\Windows\System32\OpenSSH directory over the Git for Windows directory.
Start the ssh-agent service by executing the ssh-agent process.
The ssh-agent service should now be running. Since we set the ssh-agent service to start automatically, you’ll only have to do this once.
Keys need to be imported to the ssh-agent service so that they can be unlocked for use. Execute the following and follow the prompts to load and unlock your keys.
You can view the available keys by running
Read more about importing ssh keys here.
Git for Windows uses the ssh binaries included with git by default. While this works well enough in most situations, one side-effect is that git has no idea how to talk to the Windows ssh-agent service. In order for git commands to use the Windows ssh-agent service, git needs to be informed of the system OpenSSH path. To accomplish this, the environment variable
GIT_SSH needs to be set with the path of the system OpenSSH executable.
Run the following command to update the environment variable:
PS> [Environment]::SetEnvironmentVariable("GIT_SSH", "$((Get-Command ssh).Source)", [System.EnvironmentVariableTarget]::User)
Open a new PowerShell window to activate the new environment variables.
Test remote git commands with SSH authentication (e.g.
git pull) and verify that the passphrase prompt does not occur with each command.
Congrats, you’ve just saved yourself a lot of time down the road.