Git keeps asking me for my ssh key passphrase

Asked 5/4, 2012 at 16:33 Answered 12/1 at 1:59

857

I created keys as instructed in the GitHub tutorial, added them to GitHub, and tried using ssh-agent explicitly — yet git continues to ask me for my passphrase every time I try to do a pull or a push.

What could be the cause?

Future answered 5/4, 2012 at 16:33 Comment(1)

Related: #14762534 – Courtship 16/6, 2015 at 5:5

1601

Once you have started the SSH agent with:

eval $(ssh-agent)

Do either:

To add your private key to it:
```
 ssh-add
```
This will ask you your passphrase just once, and then you should be allowed to push, provided that you uploaded the public key to Github.
To add and save your key permanently on macOS:
```
 ssh-add -K  
```
This will persist it after you close and re-open it by storing it in user's keychain.

If you see a warning about deprecated flags, try the new variant:
```
 ssh-add --apple-use-keychain 
```
To add and save your key permanently on Ubuntu (or equivalent):
```
  ssh-add ~/.ssh/id_rsa
```

Taw answered 5/4, 2012 at 16:47 Comment(22)

log-out of the server, ssh back in, run git pull, prompt me for password again. – Chilung 3/10, 2016 at 22:31

This didn't work for me. It is still asking for passphrase when I close Gitbash and open it again. – Kinsfolk 4/11, 2016 at 15:19

@OmarTariq If you close your git-bash session, you lose the ssh-agent instance. Some desktop environments launch a global agent so added keys are shared across terminal sessions, but that's specific to the OS you are using. – Taw 4/11, 2016 at 15:29

I'd just like to add another bit of info: If you have multiple ssh keys, you may want to specify the path to a particular id_rsa in your ssh-add command, e.g. ssh-add /Users/rubyx/.ssh/git/id_rsa – Marvellamarvellous 4/1, 2017 at 17:8

ssh-add -K will persist it after you close and re-open it by storing it in user's keychain. – Responsion 7/1, 2017 at 1:5

@Responsion ssh-add -K gives the following:

unknown option -- K usage: ssh-add [options] [file ...] Options:   -l          List fingerprints of all identities.   -L          List public key parameters of all identities.   -k          Load only keys and not certificates.   -c          Require confirmation to sign using identities   -t life     Set lifetime (in seconds) when adding identities.   -d          Delete identity.   -D          Delete all identities.   -x          Lock agent.   -X          Unlock agent.   -s pkcs11   Add keys from PKCS#11 provider.

– Sanctitude 12/2, 2017 at 10:35

This just prevents you having to retype it repeatedly. If you literally don't want any security, ever, then don't put a password on the key. – Tutu 1/3, 2017 at 17:9

I still get prompted for a passphrase regardless. – Chiu 9/3, 2017 at 20:37

I had to do this ssh-add -K ~/.ssh/id_rsa for it to persist on Mac. – Antipode 15/2, 2018 at 17:11

This was not working for me on Windows. But the following command solved my problem: git config credential.helper store After that I was asked one more time for my credentials, but after that no more. – Cranage 14/5, 2018 at 14:51

-K is apple specific. See help.github.com/articles/… – Fokine 17/7, 2018 at 15:32

The option in linux is -k in lower case. – Roundish 21/2, 2019 at 16:59

@PaulozOiOzuLLuFabrício I don't think that is correct, it lists -k as being the following on my Debian machine: -k Load only keys and not certificates. – Prent 25/3, 2019 at 18:37

@Cranage "Using this helper will store your passwords unencrypted on disk, protected only by filesystem permissions. If this is not an acceptable security tradeoff, try git-credential-cache[1], or find a helper that integrates with secure storage provided by your operating system. This command stores credentials indefinitely on disk for use by future git programs." – Vimineous 22/4, 2019 at 18:51

This worked for me. Thank you. Could you explain a little further how it works? – Bram 17/8, 2020 at 16:49

For Mac the k is in lower case not caps – Subscapular 21/7, 2021 at 5:30

That should be eval "${ssh-agent}" instead of eval ${ssh-agent}. – Ai 23/3, 2022 at 11:19

for mac OS you can use ssh-add --apple-use-keychain – Brancusi 23/3, 2022 at 12:20

--apple-use-keychain is new variant of -K see:

WARNING: The -K and -A flags are deprecated and have been replaced          by the --apple-use-keychain and --apple-load-keychain          flags, respectively.  To suppress this warning, set the          environment variable APPLE_SSH_ADD_BEHAVIOR as described in          the ssh-add(1) manual page.

– Metagenesis 5/5, 2022 at 5:59

I don't think this reply answers the question (and seems to be OS-specific, while the question is not)... – Herzel 5/8, 2022 at 7:41

I tried everything else, but re-running ssh-add -K worked. – Droll 13/2, 2023 at 7:36

This doesn't work. I'm still getting prompted for my passphrase. – Manzo 27/10, 2023 at 22:27

356

This has been happening to me after restarts since upgrading from OS X El Capitan (10.11) to macOS Sierra (10.12). The ssh-add solution worked temporarily but would not persist across another restart.

The permanent solution was to edit (or create) ~/.ssh/config and enable the UseKeychain option.

Host *
    UseKeychain yes

Contented answered 10/1, 2017 at 18:51 Comment(5)

worked for me thanks... I had done... ssh-add -K /Users/***/.ssh/git/id_rsa but it was still not working after terminal restart... thank you. – Darell 19/1, 2017 at 15:12

Want to why this happen? Read the technical note on OpenSSH changes developer.apple.com/library/content/technotes/tn2449/… – Niblick 25/4, 2017 at 15:38

Thanks, the accepted solution wasn't enough, but your solution did the trick ! (I'm on a mac M1). – Rotenone 18/11, 2022 at 15:50

Had the ~/.ssh/config as per github tutorial and it didn't work. It worked only once added lines in this answer. Probably Host *.github.com wasn't working for github.com. – Whippletree 23/12, 2022 at 22:56

Thanks for this. I set min to Host *github*, which worked for me. I didn't want to use Host *, as I also SSH into a RaspberryPi with a different setup – Froufrou 7/2, 2023 at 13:59

If you've tried ssh-add and you're still prompted to enter your passphrase then try using ssh-add -K. This adds your passphrase to your keychain.

Update: if you're using macOS Sierra then you likely need to do another step as the above might no longer work. Add the following to your ~/.ssh/config:

Host *
  UseKeychain yes

Bubbler answered 19/12, 2016 at 10:20 Comment(4)

Still prompts me for a passphrase. – Chiu 9/3, 2017 at 20:37

@Chiu Are you using macOS Sierra? If so, check out what I just added to the answer. I hope that helps. – Bubbler 11/3, 2017 at 8:30

Yes, I am on Sierra. However, here is the line that worked worked for me too: AddKeysToAgent yes – Chiu 13/3, 2017 at 13:21

This also works with BitBucket Cloud. I was having issues in GitKraken and this resolved my issues. – Potaufeu 18/3, 2020 at 15:38

I would try the following:

Start GitBash
Edit your ~/.bashrc file
Add the following lines to the file

SSH_ENV=$HOME/.ssh/environment

# start the ssh-agent
function start_agent {
    echo "Initializing new SSH agent..."
    # spawn ssh-agent
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > ${SSH_ENV}
    echo succeeded
    chmod 600 ${SSH_ENV}
    . ${SSH_ENV} > /dev/null
    /usr/bin/ssh-add
}

if [ -f "${SSH_ENV}" ]; then
     . ${SSH_ENV} > /dev/null
     ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
        start_agent;
    }
else
    start_agent;
fi

Save and close the file
Close GitBash
Reopen GitBash
Enter your passphrase

Odeen answered 1/10, 2013 at 7:3 Comment(9)

For future reference, this also works with zsh. Just add this to .zshrc – Ot 21/7, 2015 at 11:11

I believe this assumes your keyfile is called id_rsa. If you have a custom name, you should use eg. /usr/bin/ssh-add ~/.ssh/custom_filename – Callie 4/8, 2016 at 9:37

Can you explain what happen to this script? – Sesterce 31/10, 2018 at 4:54

@Lee it starts the ssh-agent if not already running, which is what makes sure not to ask you the ssh passphrase on every push (more or less). – Odeen 31/10, 2018 at 8:12

This just runs ssh-agent and adds the key on every login. You still have to enter password each time you login. So for example if you have scripts ssh-ing and doing GIT commands, this is unfortunately not useful at all. – Mayramays 8/8, 2019 at 12:0

@Mayramays It is not true for me. I had to add a password only once. I think the reason is that it creates .ssh/environment. – Emmittemmons 1/2, 2022 at 12:28

Where is .bashrc file located? – Hanging 29/3, 2023 at 8:41

@Hanging in your home directory (~/ points to the home dir). – Odeen 30/3, 2023 at 1:29

@Odeen It doesn't work for me on windows if home dir is C:\Users\%userprofile%`, not for ~/.profile` not for ~/.bashrc – Hanging 31/3, 2023 at 10:46

What worked for me on Windows was (I had cloned code from a repo 1st):

eval $(ssh-agent)
ssh-add 
git pull

at which time it asked me one last time for my passphrase

Credits: the solution was taken from https://unix.stackexchange.com/questions/12195/how-to-avoid-being-asked-passphrase-each-time-i-push-to-bitbucket

Paten answered 20/4, 2016 at 19:38 Comment(2)

if you are using a non default rsa file name, then be sure to use it on the second command: ssh-add /c/Users/you_user/.ssh/id_rsa_abcxyz – Mullane 3/8, 2020 at 9:16

this only works while the gitbash is active for me. Once I close it, again I need to provide credentials – Peacetime 13/11, 2020 at 0:24

Try adding this to your ~/.ssh/config:

Host *
   AddKeysToAgent yes
   UseKeychain yes
   IdentityFile ~/.ssh/id_rsa

... assuming your private key is named id_rsa

Chiu answered 9/3, 2017 at 20:40 Comment(6)

UseKeychain yes is only valid for mac – Francoise 13/4, 2018 at 7:26

@Oz123 what's the equivalent for windows – Chiu 13/4, 2018 at 13:32

@Oz123 I think the equivalent on Windows is AddKeysToAgent yes check this answer #52424126 – Vimineous 22/4, 2019 at 19:4

This is a much more universal answer than the others (works on any OS, except for the UseKeyChain part). I should be the accepted answer IMHO. Thanks @Chiu – Polyandrist 21/7, 2020 at 14:48

Excellent. How would you go about specifying several ssh keys if you have accounts in Gitlab, Github, etc. and you are managing projects locally to push to those? – Gird 12/5, 2021 at 7:46

@EmmanuelGoldstein For your case, instead of Host *, you'd specify each Host name separately. – Chiu 12/5, 2021 at 15:36

previously -K flag is used to add key but now:

ssh-add --apple-use-keychain

The -K and -A flags are deprecated and have been replaced by the --apple-use-keychain and --apple-load-keychain flags, respectively.

LATER EDIT: you may need to add ssh-add --apple-load-keychain -q to your .bash_profile or .bashrc or .zshrc or equivalent.

Ironworks answered 11/5, 2022 at 6:1 Comment(4)

For me this, worked. I was trying to import a private github repo via SSH – Folderol 14/6, 2022 at 6:36

I had to to do that and also add ssh-add --apple-load-keychain -q to my .bash_profile (or .zshrc if you use zsh). – Costanzo 31/8, 2022 at 15:8

Same here, I had to add what @AndréWillikValenti said to my .zshrc – Corundum 8/11, 2022 at 21:58

Thanks @alexventuraio, I added that step to the original answer. – Costanzo 10/11, 2022 at 11:2

Run the following:

eval $(ssh-agent) && ssh-add ~/.ssh/id_rsa &>/dev/null

Enter the passphrase, then check git. Git should not ask for passphrase after this command.

The original source: https://gist.github.com/egoens/c3aa494fc246bb4828e517407d56718d

Mercaptopurine answered 12/6, 2021 at 19:38 Comment(0)

If you are not using GitBash and are on Windows - you need to start your ssh-agent using this command

start-ssh-agent.cmd

If your ssh agent is not set up, you can open PowerShell as admin and set it to manual mode

Get-Service -Name ssh-agent | Set-Service -StartupType Manual

Stead answered 1/9, 2020 at 2:25 Comment(1)

I started the agent but it still asks me for my passphrase every time – Scriptorium 20/7, 2023 at 21:35

If the above solutions are not working for me, one thing to check is that you actually have the public key too (typically id_rsa.pub). It is unusual not to, but that was the cause for me.

To create your public key from your private key:

ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

Boredom answered 27/4, 2017 at 9:51 Comment(1)

This did it for me! Thanks! :) – Joycelynjoye 22/11, 2021 at 8:40

I had a similar issue, but the other answers didn't fix my problem. I thought I'd go ahead and post this just in case someone else has a screwy setup like me.

It turns out I had multiple keys and Git was using the wrong one first. It would prompt me for my passphrase, and I would enter it, then Git would use a different key that would work (that I didn't need to enter the passphrase on).

I just deleted the key that it was using to prompt me for a passphrase and now it works!

Sev answered 5/3, 2013 at 19:40 Comment(0)

In case you are on Win10:

I had the same problem. (previously had to update ssh-agent individually with a script from here because of a different problem)

Git did access my ssh config (git pull threw exceptions when I had nonsense-lines in ssh config), but never seemed to care about the private key I had added via ssh-agent and referenced in my config.

What fixed the problem was to execute the following command in PowerShell:

git config core.sshCommand (get-command ssh).Source.Replace('\','/')

(Details are in this link)

Keith answered 14/4, 2021 at 13:10 Comment(0)

It sounds like you may be having trouble with SSH-Agent itself. I would try troubleshooting that.

1) Did you do ssh-add to add your key to SSH?

2) Are you closing the terminal window between uses, because if you close the window you will have to enter the password again when you reopen it.

Haas answered 5/4, 2012 at 16:40 Comment(1)

Would be nice to add information on how to solve the first problem Jeff Welling. – Ferrick 19/8, 2016 at 15:13

For Windows or Linux users, a possible solution is described on GitHub Docs, which I report below for your convenience.

You can run ssh-agent automatically when you open bash or Git shell. Copy the following lines and paste them into your ~/.profile or ~/.bashrc file:

env=~/.ssh/agent.env

agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }

agent_start () {
    (umask 077; ssh-agent >| "$env")
    . "$env" >| /dev/null ; }

agent_load_env

# agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running
agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)

if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
    agent_start
    ssh-add
elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
    ssh-add
fi

unset env

If your private key is not stored in one of the default locations (like ~/.ssh/id_rsa), you'll need to tell your SSH authentication agent where to find it. To add your key to ssh-agent, type ssh-add ~/path/to/my_key.

Now, when you first run Git Bash, you are prompted for your passphrase. The ssh-agent process will continue to run until you log out, shut down your computer, or kill the process.

Stockade answered 12/11, 2020 at 18:22 Comment(3)

Here's the link to the specific section on the page Auto-launching ssh-agent on Git for Windows. Note: You must select the "Windows" tab on the page to see this section... there is no Linux tab listed, so I find this confusing on GitHub's part. – Steelyard 11/2, 2022 at 19:59

Where is this ~/.profile file is located? – Hanging 29/3, 2023 at 8:44

@Hanging you have to create it (if it doesn't exist) in C:\Users\<your-user>\.profile The "~" in a path, like "~/.profile", usually means your system user folder. – Antipyrine 4/4, 2023 at 12:31

I try different solutions but nothing help. But this steps (My GitBash SSH environment always asks for my passphrase, what can I do?) from Bitbucket.com seams works well :

The idea is:

you create ~/.bashrc file

add follow script:

 SSH_ENV=$HOME/.ssh/environment

 # start the ssh-agent
 function start_agent {
     echo "Initializing new SSH agent..."
     # spawn ssh-agent
     /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
     echo succeeded
     chmod 600 "${SSH_ENV}"
     . "${SSH_ENV}" > /dev/null
     /usr/bin/ssh-add
 }

 if [ -f "${SSH_ENV}" ]; then
     . "${SSH_ENV}" > /dev/null
     ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
         start_agent;
     }
 else
     start_agent;
 fi

re-run Bash

Cassiecassil answered 15/8, 2017 at 12:25 Comment(0)

Another possible solution that is not mentioned above is to check your remote with the following command:

git remote -v

If the remote does not start with git but starts with https you might want to change it to git by following the example below.

git remote -v // origin is https://github.com/user/myrepo.git
git remote set-url origin [email protected]:user/myrepo.git
git remote -v // check if remote is changed

Hulse answered 26/10, 2019 at 17:57 Comment(2)

This worked for me. in my case, I mistakenly set remote to [email protected] instead of github.com. – Biodegradable 7/8, 2020 at 3:17

worked for me as well, I didn't specify the user anymore, just this; origin [email protected]/myrepo.git – Sailcloth 16/5, 2022 at 3:31

on mac, if your ssh key need passphrase everytime and you want to skip it, then you can try below, it works fine for me

eval "$(ssh-agent -s)"
ssh-add -K .ssh/id_rsa
add this default ssh configuration works for me

Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa

Octosyllable answered 22/10, 2020 at 14:27 Comment(0)

Update the url of the origin remote using SSH instead of HTTPS;

git remote set-url origin "SSH URL COPIED FROM GIT REPO."

This what works with me.

Prod answered 9/4, 2021 at 13:57 Comment(0)

If you happen to be using fish, there's a gist for it:

# config.fish
if not pgrep -f ssh-agent > /dev/null
  eval (ssh-agent -c)
  set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK
  set -Ux SSH_AGENT_PID $SSH_AGENT_PID
  set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK
end

Soerabaja answered 30/4, 2021 at 15:2 Comment(0)

This command from GitHub Docs did the trick for me:

> Enter old passphrase: [Type old passphrase]
> Key has comment '[email protected]'
> Enter new passphrase (empty for no passphrase): [Type new passphrase]
> Enter same passphrase again: [Repeat the new passphrase]
> Your identification has been saved with the new passphrase.

Hawaiian answered 13/6, 2023 at 5:36 Comment(1)

I don't think this will work. Just changing to a new password won't help much and an empty password is discouraged. – Houck 15/6, 2023 at 13:3

Seems that your local repo hasnt updated with ssh keys...at least this is what happened to me when going from https to ssh.

Have you done a remote reset?

git remote set-url origin <ssh url>

Detrude answered 5/2, 2022 at 20:23 Comment(0)

Idk if someone needs something different but this help me a lot https://mcmap.net/q/54899/-running-script-upon-login-in-mac-os-x-closed

To me on every restart, I have to run ssh-add --apple-use-keychain to load credentials, so I add this command to the stack overflow answer and now its fixed

Grondin answered 3/11, 2022 at 2:33 Comment(0)

For skipping the passphrase we can create key without passphrase ))) But if this isn't a way to go For Windows I'm using the ssh-agent, you can add private key in it and remove from .ssh folder. How to setup ssh-agent:

# Check the current status of ssh-agent:
Get-Service | ?{$_.Name -like '*ssh-agent*'} | select -Property Name, StartType, Status

# Start the Service:
Start-Service ssh-agent

# Add your key as before:
ssh-add <path to the key>

ssh-agent works with C:\Windows\System32\OpenSSH\ssh.exe So we can setup this ssh.exe for git by creating environment variable:

GIT_SSH: C:\Windows\System32\OpenSSH\ssh.exe

This will be working for Git and Bash.

Also we can setup this path for TortoiseGit: Settings>Network>SSH>SSH Client

Hanging answered 29/3, 2023 at 11:20 Comment(0)

-1

you should now use ssh-add --apple-use-keychainon zsh, MacOS Sonoma

Affianced answered 12/1 at 1:59 Comment(1)

Already suggested in an earlier answer in https://mcmap.net/q/53601/-git-keeps-asking-me-for-my-ssh-key-passphrase by @Ironworks – Hokusai 8/3 at 12:53

-2

Maybe not the most secure way to fix this, but simply do not set a passphrase, it is optional. If you don't set a passphrase, it will not ask for it. You can change the passphrase with

$ ssh-keygen -p -f ~/.ssh/id_ed25519
> Enter old passphrase: [Type old passphrase]
> Key has comment '[email protected]'
> Enter new passphrase (empty for no passphrase): [Type new passphrase]
> Enter same passphrase again: [Repeat the new passphrase]
> Your identification has been saved with the new passphrase.

Oncoming answered 20/5, 2022 at 9:57 Comment(1)

don't do this folks, simply no. – Vardhamana 1/3 at 14:3

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags