Generate ssh key for github windows

After you’ve checked for existing SSH keys, you can generate a new SSH key to use for authentication, then add it to the ssh-agent.

About SSH key passphrases

You can access and write data in repositories on GitHub.com using SSH (Secure Shell Protocol). When you connect via SSH, you authenticate using a private key file on your local machine. For more information, see «About SSH.»

When you generate an SSH key, you can add a passphrase to further secure the key. Whenever you use the key, you must enter the passphrase. If your key has a passphrase and you don’t want to enter the passphrase every time you use the key, you can add your key to the SSH agent. The SSH agent manages your SSH keys and remembers your passphrase.

If you don’t already have an SSH key, you must generate a new SSH key to use for authentication. If you’re unsure whether you already have an SSH key, you can check for existing keys. For more information, see «Checking for existing SSH keys.»

If you want to use a hardware security key to authenticate to GitHub, you must generate a new SSH key for your hardware security key. You must connect your hardware security key to your computer when you authenticate with the key pair. For more information, see the OpenSSH 8.2 release notes.

Generating a new SSH key

You can generate a new SSH key on your local machine. After you generate the key, you can add the public key to your account on GitHub.com to enable authentication for Git operations over SSH.

1. Open TerminalTerminalGit Bash.

2. Paste the text below, substituting in your GitHub email address.

   ssh-keygen -t ed25519 -C "your_email@example.com"
   

   Note: If you are using a legacy system that doesn’t support the Ed25519 algorithm, use:

    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
   

   This creates a new SSH key, using the provided email as a label.

   > Generating public/private ALGORITHM key pair.
   

   When you’re prompted to «Enter a file in which to save the key», you can press Enter to accept the default file location. Please note that if you created SSH keys previously, ssh-keygen may ask you to rewrite another key, in which case we recommend creating a custom-named SSH key. To do so, type the default file location and replace id_ssh_keyname with your custom key name.

3. At the prompt, type a secure passphrase. For more information, see «Working with SSH key passphrases.»

   > Enter passphrase (empty for no passphrase): [Type a passphrase]
   > Enter same passphrase again: [Type passphrase again]
   

Adding your SSH key to the ssh-agent

Before adding a new SSH key to the ssh-agent to manage your keys, you should have checked for existing SSH keys and generated a new SSH key. When adding your SSH key to the agent, use the default macOS ssh-add command, and not an application installed by macports, homebrew, or some other external source.

Generating a new SSH key for a hardware security key

If you are using macOS or Linux, you may need to update your SSH client or install a new SSH client prior to generating a new SSH key. For more information, see «Error: Unknown key type.»

1. Insert your hardware security key into your computer.

2. Open TerminalTerminalGit Bash.

3. Paste the text below, substituting in the email address for your account on GitHub.

   Note: If the command fails and you receive the error invalid format or feature not supported, you may be using a hardware security key that does not support the Ed25519 algorithm. Enter the following command instead.

    ssh-keygen -t ecdsa-sk -C "your_email@example.com"
   

4. When you are prompted, touch the button on your hardware security key.

5. When you are prompted to «Enter a file in which to save the key,» press Enter to accept the default file location.

6. When you are prompted to type a passphrase, press Enter.

   > Enter passphrase (empty for no passphrase): [Type a passphrase]
   > Enter same passphrase again: [Type passphrase again]
   

7. Add the SSH public key to your account on GitHub. For more information, see «Adding a new SSH key to your GitHub account.»

4.3 Git на сервере — Генерация открытого SSH ключа

$ cd ~/.ssh
$ ls
authorized_keys2  id_dsa       known_hosts
config            id_dsa.pub

$ ssh-keygen -o
Generating public/private rsa key pair.
Enter file in which to save the key (/home/schacon/.ssh/id_rsa):
Created directory '/home/schacon/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/schacon/.ssh/id_rsa.
Your public key has been saved in /home/schacon/.ssh/id_rsa.pub.
The key fingerprint is:
d0:82:24:8e:d7:f1:bb:9b:33:53:96:93:49:da:9b:e3 schacon@mylaptop.local

$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU
GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3
Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA
t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En
mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx
NrRFi9wrf+M7Q== schacon@mylaptop.local

Git and GitHub are essential tools for every developer. They’re widely used in almost every kind of software development project.

There are other Git hosting services like Gitlab and Bitbucket, but GitHub is the most popular choice for developers. You can even edit your profile to seem more attractive to recruiters.

You can use Git and GitHub to organize your projects, collaborate with other developers, and — of course — at Kinsta.

But because Git and GitHub are related yet different tools, you need to update your workflow with each of them constantly.

Pro tip: use SSH keys for each one of your machines… and use this guide to get started 🔑😄. So, in this tutorial, you’ll learn what they are, some of their advantages, and how to generate and configure GitHub SSH keys.Click to Tweet

We recommend using SSH keys for each one of your machines. So, in this tutorial, you’ll learn what they are, some of their advantages, and how to generate and configure GitHub SSH keys.

Let’s get started!

What Are SSH Keys?

Simply put, SSH keys are credentials used for the SSH (Secure Shell) protocol to enable secure access to remote computers over the internet. Usually, that authentication occurs in a command-line environment.

This protocol is based on client-server architecture, which means you as the user (or “client”) need to use special software, called an SSH client, to log into a remote server and execute commands. This is basically what you’re doing when authenticating via a terminal to GitHub.

But SSH is not only used for GitHub. It’s broadly used by other platforms like Kinsta, Google Cloud, and Amazon Web services to create a secure channel to access their services.

Now, heading into how SSH keys really work, you need to understand the differences between public and private keys.

Public vs Private Keys

Let’s start with the basics.

The SSH protocol uses a technique of cryptography called asymmetric encryption. This term may sound complicated and weird, but nothing could be further from the truth.

Basically, asymmetric encryption is a system that uses a pair of keys, namely public and private keys.

As you may guess, the public key can be shared with anyone. Its main purpose is to encrypt data, converting the message into secret code or ciphertext. This key is usually sent to other systems — for example, servers — to encrypt the data before sending it over the internet.

On the other hand, the private key is the one that you must keep to yourself. It’s used to decrypt the encrypted data with your public key. Without it, it’s impossible to decode your encrypted information.

This method allows you and the server to keep a safe communication channel for transmitting the information.

Here’s what happens in the background when you connect to a server via SSH:

1. The client sends the public key to the server.
2. The server asks the client to sign a random message encrypted with the public key using the private key.
3. The client signs the message and forwards the result to the server.
4. A secure connection is established between the client and the server.

It’s important to keep your private keys safe and share them with anyone under no circumstances. They’re literally the key to all the information sent to you.

Using SSH Keys With GitHub

Since August 13, 2021, Github no longer accepts password authentication for command-line access. This means now you need to authenticate via a personal access token or use an SSH key (a little bit more convenient).

Here’s what happens when you try to authenticate with your GitHub password over HTTP in a terminal:

Username for 'https://github.com': yourusername

Password for 'https://[email protected]':

remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.

remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.

fatal: Authentication failed for 'https://github.com/yourusername/repository.git/'

GitHub needs your public key to authorize you to edit any of your repos via SSH.

Let’s see how you can generate SSH keys locally.

How to Generate SSH Keys Locally

Now that you understand a little bit about the SSH protocol and the differences between public and private keys, it’s time to set up the secure SSH channel between your machine and your GitHub repos.

Before we move forward, you should already have a GitHub account, and a terminal/command prompt with Git installed in your system. If you’re running Windows, make sure you installed Git bash, which has all the tools you’ll need to follow along with this tutorial built-in.

The OpenSSH client is the most popular open-source software used to connect via SSH. You won’t need to worry about your operating system because it’s installed by default on Linux, macOS, and Windows 10.

You need to fire up a command prompt on Windows or a terminal on Unix-based systems to generate local SSH keys. Usually, you can do this by searching for “terminal”, “cmd”, or “powershell” in your application panel, then clicking the icon that shows up.

After doing this, you should have a window similar to the following image.

Run the following command to generate a local SSH pair of keys:

ssh-keygen -t ed25519 -C "[email protected]"

It’s time to tell you a secret: No one can really remember this command! Most developers have to Google it every time because:

1. It’s a really long command, with forgettable, random-seeming numbers.
2. We use it rarely, so it’s not worth it to commit it to memory most of the time.

However, it’s important to understand each command that we introduce into our terminals, so let’s see what each part of this one means.

• ssh-keygen: The command-line tool used for creating a new pair of SSH keys. You can see its flags with ssh-keygen help
• -t ed25519: The -t flag is used to indicate the algorithm used to create the digital signature of the key pair. If your system supports it, ed25519 is the best algorithm you can use to create SSH key pairs.
• -C “email”: The -C flag is used to provide a custom comment at the end of the public key, which usually is the email or identification of the creator of the key pair.

After you’ve typed the command into your terminal, you’ll have to enter the file to which you would like to save the keys. By default, it’s located in your home directory, in a hidden folder named “.ssh”, but you can change it to whatever you like.

Then you’ll be asked for a passphrase to add to your key pair. This adds an extra layer of security if, at any time, your device is compromised. It is not obligatory to add a passphrase, but it’s always recommended.

This is what the whole process looks like:

As you can see, this command generates two files in the directory you selected (commonly ~/.ssh): the public key with the .pub extension, and the private one without an extension.

We’ll show you how to add the public key to your GitHub account later.

Add SSH Key to ssh-agent

The ssh-agent program runs in the background, holds your private keys and passphrases safely, and keeps them ready to use by ssh. It’s a great utility that saves you from typing your passphrase every time you want to connect to a server.

Because of this, you’re going to add your new private key to this agent. Here’s how:

1. Make sure ssh-agent is running in the background.

   eval `ssh-agent`
   # Agent pid 334065

   If you get a message similar to this if everything is fine. It means the ssh-agent is running under a particular process id (PID).

2. Add your SSH private key (the one without extension) to the ssh-agent.

   ssh-add ~/.ssh/kinsta_keys

   Replace kinsta_keys with the name of your SSH key. If this is the first key you’ve created, it should be named “id_algorithm_used,” for instance, id_ed25519.

Add SSH Key to GitHub Account

The final step is to add your public key to your GitHub account. Just follow these instructions:

1. Copy your SSH public key to your clipboard. You can open the file where it is located with a text editor and copy it, or use the terminal to show its contents.

   cat ~/.ssh/kinsta_keys.pub
   # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl3dIeudNqd0DPMRD6OIh65tjkxFNOtwGcWB2gCgPhk [email protected]

2. Log into GitHub and go to the upper-right section of the page, click in your profile photo, and select Settings.
   
3. Then, in profile your settings, click SSH and GPG keys.
   
4. Click the New SSH key button.
   
5. Give your new SSH key on GitHub a Title — usually, the device you’ll use that key from. And then paste the key into the Key area.
   
6. Add your SSH key.
   

Test SSH Connection With a Repo Push

It’s time to test everything you’ve done so far. You’re going to change, commit, and push to one of your existing repos using SSH to ensure your connection is set up correctly.

For our example, we will modify the simple HTML site we created in our Git for Web Development tutorial.

First, we’ll need to clone the repository into our local machine. We can go to the repo page on GitHub and copy the SSH address it provides.

Then, clone the repo using a terminal:

git clone [email protected]:DaniDiazTech/HTML-site.git

Now, let’s add a simple <h1> tag in the index.html file:

...
<div class="container my-2">
    <h1 class="text-center">A new title!<h1>
</div>

<div class="container my-3">
...

We’re not touching any JavaScript or CSS to keep this edit simple. But if you’re skilled with JavaScript, you might find a place at Kinsta. Check the coding skills you need to be part of the Kinsta team.

After doing this, commit the changes:

git commit -am "Added a simple title"

And push them into GitHub just as you’d normally do.

git push

If everything went fine, congratulations! You just set up an SSH connection between your machine and GitHub.

Manage Multiple SSH Keys for Different GitHub Accounts

If you have multiple GitHub accounts — let’s say one for your personal projects and one for your work — it’s difficult to use SSH for both of them. You would normally need separate machines to authenticate to different GitHub accounts.

But this can be solved easily by configuring the SSH config file.

Let’s get into it.

1. Create another SSH key pair, and add it to your other GitHub account. Keep in mind the name of the file you’re assigning the new key to.

   ssh-keygen -t ed25519 -C "[email protected]"

2. Create the SSH config file. The config file tells the ssh program how it should behave. By default, the config file may not exist, so create it inside the .ssh/ folder:

   touch ~/.ssh/config

3. Modify the SSH config file. Open the config file and paste the code below:

   #Your day-to-day GitHub account
   
   Host github.com
     HostName github.com
     IdentityFile ~/.ssh/id_ed25519
     IdentitiesOnly yes
   
   # Work account
   Host github-work
     HostName github.com
     IdentityFile ~/.ssh/work_key_file
     IdentitiesOnly yes

Now, every time you need to authenticate via SSH using your work or secondary account, you tweak a bit the repo SSH address, from:

[email protected]:workaccount/project.git

…to:

git@github-work:workaccount/project.git

Git and GitHub are essential tools for every developer & this guide will help you unlock a new addition: SSH Keys 🔑Click to Tweet

Summary

Congratulations — you’ve learned most of the practical knowledge you need to connect to GitHub via SSH!

This tutorial discussed the need for the SSH protocol, the differences between public and private keys, how to generate keys, add them to GitHub, and even manage multiple SSH keys for different GitHub accounts. Keep in mind that unless you want to lose access to everything, your private key needs to stay that way: private.

With this knowledge, now you’re ready to develop a flawless workflow with Git and GitHub. Keep coding!

Introduction

Git connects to remotes by default via HTTPS, which requires you to enter your login and password every time you run a command like Git pull or git push, using the SSH protocol. You may connect to servers and authenticate to access their services. The three services listed allow Git to connect through SSH rather than HTTPS. Using public-key encryption eliminates the need to type a login and password for each Git command.

Make sure a Git is installed

Make sure Git is installed before you start. Run the following command in your Windows terminal to see if Git is installed on your computer:

git --version

Install Git

To install Git, you can download the latest version from the official Git website. You can also install Git using Chocolatey or Winget package manager.

Install Git official website

To install Git from the official website, follow the steps below:

1. Go to the official Git website and download the latest version of Git for Windows.
2. Run the installer and follow the steps below:
   1. Click Next on the first two screens to accept the default options.
   2. Click Next on the Select Components screen.
   3. Click Next on the Choosing the default editor used by Git screen.
   4. Click Next on the Choosing the default terminal emulator screen.
   5. Select the Use Git from the Windows Command Prompt option.
   6. Select the Checkout Windows-style, commit Unix-style line endings option.
   7. Select the Use Windows’ default console window option.
   8. Click Next on the Configuring the line ending conversions screen.
   9. Click Next on the Configuring the terminal emulator to use with Git Bash screen.
   10. Click Install on the Choosing HTTPS transport backend screen.
   11. Click Finish on the Completing the Git Setup screen.
3. Open a new command prompt window and verify that Git is installed correctly by typing git --version.

Install Git using Chocolatey

To install Git using Chocolatey, follow the steps below:

1. Open Windows Terminal.
2. Run the following command to install Git:

choco install git -y

1. Verify that Git is installed correctly by typing git --version.

Install Git using Winget

To install Git using Winget, follow the steps below:

1. Open Windows Terminal.
2. Run the following command to install Git:

winget install --id=Git.Git  -e

1. Verify that Git is installed correctly by typing git --version.

Note: Don’t forget to specify global Git settings using the following command after installing git:

git config --global user.name 'USERNAME'
git config --global user.email 'YOUR_EMAIL@EXAMPLE.COM'

Generate SSH keys

To generate SSH keys, follow the steps below:

1. Open Windows Terminal.
2. Run the following command (change your YOUR_EMAIL@EXAMPLE.COM with your email address) to establish a new SSH key pair:

ssh-keygen -t rsa -b 4096 -C "YOUR_EMAIL@EXAMPLE.COM"

1. It will ask you where you want to save the private key (id rsa), and you may accept the default location by pressing Enter.

Whether you already have a private key, it will ask if you want to override it:

Overwrite (y/n)?

1. If this happens, hit Enter and type y. Then, enter and re-enter the following passcode (think of it as a password):

Enter a file in which to save the key (/c/Users/you/.ssh/id_rsa): [Press enter]

1. Enter a secure passphrase.

Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]

1. The SSH key pair is created in ~/.ssh, and the whole interaction should look like this:

1. Verify that the SSH key was created by running the following command:

ls .\.ssh\

Add SSH key to the ssh-agent to your account

Copy the SSH key to your clipboard by running the following command:

Get-Content .\.ssh\id_rsa.pub | Set-Clipboard

GitHub

Sign in to your GitHub account using a browser by going to github.com and entering your username and password. Click your profile photo in the upper-right corner of the page, then Settings:

Select SSH and GPG keys from the user settings sidebar. Then select New SSH key from the drop-down menu. Put a descriptive label for the new key in the Title area (for example, your computer’s name) and paste your public key into the Key field. Last but not least, click Add SSH key:

The key is now visible in the list of SSH keys linked to your account:

GitLab

Sign in to your GitLab account using a browser by going to gitlab.com and entering your username and password. Click your profile photo in the upper-right corner of the page, then Settings:

Click SSH Keys in the User Settings sidebar. In the Key area, paste your public key. Fill in the Title area for the new key with a descriptive term (for example, the name of your computer). Finally, click the Add key:

The key is now visible in the list of SSH keys linked to your account:

Bitbucket

Log in to your Bitbucket account using a browser by going to bitbucket.org and entering your username and password. Click your profile photo in the lower-left corner of the website, then Bitbucket settings:

SSH keys may be found in the Settings sidebar’s Security section. After that, select Add key from the drop-down menu. Fill up the Description box with a descriptive label for the new key (such as your computer’s name), and then paste your public key into the Key field. Last but not least, choose to Add key:

The key has now been added to your account’s list of SSH keys:

Test connecting via SSH

Before utilizing SSH with Git, GitHub, GitLab, and Bitbucket allow you to verify whether the connection has been set up successfully.

GitHub Test Connecting via SSH

Open the terminal once you’ve added your SSH key to your GitHub account and type:

ssh -T git@github.com

If you’re connecting to GitHub over SSH for the first time, the SSH client will ask if you trust the GitHub server’s public key:

The authenticity of host 'github.com (140.82.113.4)' can't be established.
RSA key fingerprint is SHA256:a5d6c20b1790b4c144b9d26c9b201bbee3797aa010f2701c09c1b3a6262d2c02.
Are you sure you want to continue connecting (yes/no)?

Press Enter after typing yes. GitHub has been added to the list of trustworthy hosts in the SSH client:

Warning: Permanently added 'github.com,140.82.113.4' (RSA) to the list of known hosts.

You won’t be asked about GitHub’s public key again once you’ve added it to the list of known hosts.

The server notifies you that you have successfully authenticated and ends the connection: Because this remote access through SSH is offered by GitHub only for testing purposes and not for practical usage, the server informs you that you have successfully authenticated and terminates the connection:

Hi YOUR_USER_NAME! You've successfully authenticated, but GitHub does not provide shell access.

If you passed the test, you may now utilize SSH with GitHub.

The entire interaction should look something like this:

ssh -T git@github.com

The authenticity of host 'github.com (140.82.113.4)' can't be established.
RSA key fingerprint is SHA256:a5d6c20b1790b4c144b9d26c9b201bbee3797aa010f2701c09c1b3a6262d2c02.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,140.82.113.4' (RSA) to the list of known hosts.
Hi your_user_name! You've successfully authenticated, but GitHub does not provide shell access.
YOUR_USER_NAME@YOUR_HOST_NAME:~>

GitLab Test Connecting via SSH

The test is pretty similar if you’ve added your SSH key to your GitLab account:

ssh -T git@gitlab.com

The authenticity of host 'gitlab.com (35.231.145.151)' can't be established.
ECDSA key fingerprint is SHA256:4ac7a7fd4296d5e6267c9188346375ff78f6097a802e83c0feaf25277c9e70cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.com,35.231.145.151' (ECDSA) to the list of known hosts.
Welcome to GitLab, @YOUR_USER_NAME!

If you passed the test, you may now utilize SSH with GitLab.

Bitbucket Test Connecting via SSH

The test is pretty similar if you’ve added your SSH key to your Bitbucket account:

ssh -T git@bitbucket.org

The authenticity of host 'bitbucket.org (104.192.143.1)' can't be established.
RSA key fingerprint is SHA256:fb7d37d5497c43f73325e0a98638cac8dda3b01a8c31f4ee11e2e953c19e0252.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'bitbucket.org,104.192.143.1' (RSA) to the list of known hosts.
logged in as YOUR_USER_NAME.

You can use git or hg to connect to Bitbucket. Shell access is disabled.

If you passed the test, you may now utilize SSH with Bitbucket.

References

• GitHub SSH Key Setup
• GitLab SSH Key Setup
• Bitbucket SSH Key Setup