DEV Community

Darragh O'Riordan
Darragh O'Riordan

Posted on • Originally published at darraghoriordan.com on

How to use SSH with Git and ssh-agent on Windows

I needed to run git natively in windows (no wsl) for a recent project. I use ssh certificates with passphrases to authenticate with my git provider.

Ssh requires the certificate passphrase every time you use a connection. It's annoying typing this passphrase in to terminal when using a git command.

The Problem

On most *nix systems there is an ssh-agent installed that will store your pass phrases so you don't have to enter them when using Git with ssh.

Ssh-agent is harder to configure on windows because some of the default settings and paths are different to *nix systems.

I didn’t want to use Git for Windows because it uses GitBash. I couldn’t use WSL because I wanted git to work on any terminal in windows.

These are the steps I had to research to use Git on Windows with the built in Windows ssh-agent.

Note: You must be an administrator to perform the required actions.

Open ssl on Windows

If you use Windows 10 or higher there is a built-in openssl instance. You can turn it on in the Optional Features settings pane.

Microsoft provide more instructions here: https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui

Follow the instructions to install it if you don’t have it.

A note on certificates

I’ll assume that you have ssh certificates available and any ssh aliases are set in the config file

The default location for the config file on windows is

$HOME\.ssh\config
Enter fullscreen mode Exit fullscreen mode

You should create that file if you need ssh aliases. You can read more about this in my article on ssh for git accounts - https://www.darraghoriordan.com/2021/05/04/configure-multiple-github-accounts-one-computer/

Enabling Ssh agent

Open a powershell terminal as administrator and run the following to have ssh-agent available.

# Have ssh agent start automatically
Get-Service ssh-agent | Set-Service -StartupType Automatic

# Start ssh agent now
Start-Service ssh-agent

# Should work successfully
Get-Service ssh-agent
Enter fullscreen mode Exit fullscreen mode

Configure git to use Windows ssh

# tell git to use ssh.exe
git config --global core.sshCommand "'C:\Windows\System32\OpenSSH\ssh.exe'"

Enter fullscreen mode Exit fullscreen mode

Load keys into ssh agent

Copy your keys into a folder that ssh-agent can access. Anywhere in the $HOME/.ssh should be ok.

Then add the key to ssh-agent. You will be prompted for a password and ssh agent will remember it for you.

ssh-add "C:\Users\darragh\.ssh\authorized_keys\darraghPersonalGithub"
Enter fullscreen mode Exit fullscreen mode

Top comments (3)

Collapse
 
geraldew profile image
geraldew • Edited

I don't think you're making it clear why you'd want to run the SSH Agent rather than just an SSH Client.

Collapse
 
darraghor profile image
Darragh O'Riordan

Thanks for the feedback! I updated the intro and added a "The Problem" section to describe storing passphrases

Collapse
 
geraldew profile image
geraldew

Ah, well that now makes it even more interesting. Even though the place where I use Windows 10 is also where I don't have admin for it, I wasn't aware that the agent "will store your pass phrases" in any way. I had just assumed the agent was about providing an ability to be the non-initiator of an SSH connection.