Git for Windows - Asking for SSH passphrase every push

Asked 6/4, 2021 at 16:26 Answered 6/4, 2021 at 17:43

I installed git for windows today and doing some tests I've seen that in every push I'm asked for the passphrase (something that don't happens at Linux).

I've made some suggestions of another thread, I've seen that i had not configured the ssh-agent, but i did this and the problem persists.

Some suggestion? Thanks!

Pact answered 6/4, 2021 at 16:26 Comment(3)

Can you elaborate on how you configured ssh-agent? – Circinus 6/4, 2021 at 17:32

@Circinus ssh-agent is an optional component in Windows. In Windows 11, you can install it (though it might be installed by default) through the Settings->Apps->Optional Features settings. Then open services and make sure the OpenSSH Authentication Agent is running and will automatically start. As long as you use the MS provided SSH for your SSH needs, that agent will work. Once you add your keys to it, it will lock/unlock automatically for you! Just like in Linux or MacOS. – Bumgarner 2/11, 2023 at 5:58

This gist helps me and it worked: gist.github.com/danieldogeanu/16c61e9b80345c5837b9e5045a701c99 – Clairvoyant 8/5 at 13:21

I had the same issue and waisted couple of hours trying to figure out why windows kept asking me for a ssh password, what helped me is a solution from: https://www.teapotcoder.com/post/how-to-fix-git-ssh-asking-for-password-on-windows-10/

Open PowerShell and type command

Get-Command ssh

If the output of that lists an executable not in your git usr/bin directory then do this:

git config core.sshCommand (get-command ssh).Source.Replace('\','/')

Or, if you want to test this in your current PowerShell session w/o messing with Git config

$ENV:GIT_SSH_COMMAND = (get-command ssh).Source.Replace('\','/')

Why does this work?

When you install git, it comes with ssh. But if you have a newer version of Windows 10, Windows has an install of SSH that comes with it. Installed in C:\Windows\System32\OpenSSH. That gets put into the environment PATH and so testing:

ssh -T [email protected]

Uses your key you added via ssh-add using the Windows provided binaries. But git is using the ssh stuff within the git usr/bin folder. Different set of keys. So you’d end up getting prompted for your passphrase every single time you git pull.

Exodontics answered 6/4, 2021 at 17:29 Comment(4)

So basically you tell Git to use the Windows ssh.exe – Taproot 21/4, 2023 at 8:34

This is 100% the correct solution for Windows 11. You don't have to mess with configuring a second ssh-agent as the other solution suggests; the OpenSSH agent is a Windows Service under windows 10 & 11, so you just need to configure git to use the Windows version of ssh. Thank you - pulled out a lot of hair before stumbling on this answer. – Bumgarner 2/11, 2023 at 5:55

I'd appreciate clarification on whether the command git config core.sshCommand (get-command ssh).Source.Replace('\','/') applies solely to the specific Git repository where it's executed or if it affects Git globally on the machine. My confusion arises from encountering an error message, 'fatal: not in a git directory' when attempting to run this command outside of a Git repository. Could someone please shed some light on this matter? – Adaline 16/3 at 22:0

@GustavoLeindecker I believe this will only apply for the current git project. The git config command does have a --global option/flag to apply the setting globally. (Not tested, just speaking from experience for other git config commands) – Ecg 31/5 at 15:44

Try below

User Git bash instead of powershell
Copy your key file to ~/.ssh
paste below code to your ~/.profile or ~/.bashrc

Restart Git Bash

        env=~/.ssh/agent.env
        agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }

        agent_start () {
            (umask 077; ssh-agent >| "$env")
            . "$env" >| /dev/null ; }

        agent_load_env

        # agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running
        agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)

        if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
            agent_start
            ssh-add
        elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
            ssh-add
        fi

        unset env

On start up git bash will prompt or passphrase of key and then work seamlessly. Script will also start SSH agent and add key file using ssh-add

Dufy answered 6/4, 2021 at 17:43 Comment(1)

Yeah, don't do this. @alexS has the correct solution here. – Bumgarner 2/11, 2023 at 5:59

Recommended topics

Hot tags