Skip to main content

Managing SSH private keys with ssh-agent on Windows to eliminate the hassle of entering the passphrase every time you push or pull

· 3 min read
zenge
zenge
Software Rookie @ China

1. Preface

Enable SSH login for GitHub. The recommended method for SSH authentication is using a private key.

However, if a passphrase is set when generating the private key (this passphrase protects the private key itself), you will be prompted to enter the passphrase every time you log in, push, or pull, which can be cumbersome.

gitpush

In this case, we can use ssh-agent to manage the private key and cache it, allowing automatic authentication during git push.

Follow steps for Windows.

2. Configure SSH-Agent to Start Automatically

  1. Open Windows Services (press Win + R, type services.msc, and hit Enter).
  2. Locate the service OpenSSH Authentication Agent.
  3. Right-click the service, select Properties, set its Startup type to Automatic, and click Start to activate the service immediately.

3. Add private key

When setting up SSH login, your generated key files (e.g., id_rsa) are typically stored under the user directory ~/.ssh/. Add the keys to SSH-Agent:

  ssh-add ~/.ssh/id_rsa  # Replace `~` with your actual user directory

To verify loaded keys: ssh-add -l.

4. Configure SSH to Use SSH-Agent

Edit ~/.ssh/config file in your user directory:

  Host github.com  
  ForwardAgent yes

5. Critical for Windows SSH

  • After configuration, Ensure Git for Windows uses the system's SSH client by running:
  git config --global core.sshCommand "C:/Windows/System32/OpenSSH/ssh.exe"

  • now subsequent git operations will no longer require the passphrase.

  • If issues persist, check if you have multiple Git clients installed (e.g., Git Bash, WSL, or other distributions).

  • Ops: After configuring everything, I spent hours troubleshooting before discovering this command. I initially thought ssh-agent was broken — don’t make the same mistake!

6. Key Concepts About SSH-Agent

SSH-Agent serves to:

  1. Manage passphrases for private keys.
  2. Enable public-key authentication.
  3. Support single sign-on (SSO) and private key forwarding.
  4. Simplify access in jump server (bastion host) scenarios.

By loading private keys into memory via SSH-Agent, you avoid repeated passphrase prompts.

Practical Use Case

Scenario:

  • Machine X runs SSH-Agent to manage private keys.
  • SSH from X to Machine Y.
  • Enable SSH clients on Y to use all private keys managed by X’s SSH-Agent.

Implementation:

  • The SSH client on Y requests keys from Y’s SSH server.
  • Since you’re connected from X to Y, the request is forwarded through the existing SSH connection to X’s SSH client, which communicates with X’s SSH-Agent. Results are relayed back to Y.
  • This leverages SSH-Agent forwarding to securely share keys across machines.