When I do git pull via the command line, it always asks for my github username and password. I'd like to tell it to use the ssh key in github, and never have to worry about it again. How do you do this?
9 Answers
To tell Git to use the key that you generated, add the following to your ssh config (on Linux, usually located at ~/.ssh/config):
Host github.com
User git
IdentityFile ~/.ssh/id_rsa
For the IdentityFile you should use the key that was generated by ssh-keygen (not the one whose name ends in .pub). The User must always be git.
4 Comments
Lacrosse343
This was my issue. I was trying ssh-agent and other things, but this config file fixed it.
monamona
This should be the top answer, since it answers the question that everyone really has. How to use the local key, no one with the capability to google has to ask for how to paste a key into github.
Drakinite
This one worked for me! I named my key something different than the default
id_ed25519, and it was passphrase-protected, so one/both of those two things made my Github key not be automatically added to the agent. Now, if I do something like git pull, it'll prompt me for the passphrase and then add the key to the agent! Thanks!
ixe013
Actually, the username must/should/can match your Github username (does not have to be
git).Having looked at these answers, it seems the one I found easiest is not included. In the working directory of the repo you are interested in specifying a specific key, do:
git config core.sshCommand 'ssh -i ~/.ssh/id_rsa' #specific private key
You can check to see that it worked (or see if there is an existing core.sshCommand for the repo) by doing:
git config --list
4 Comments
belkka
Setting up a specific (non-default) key for a specific repo is exactly what I was looking for! Though maybe using a default key is not that bad idea, eventually
Arkadij Kuzhel
Amazing! This is exactly what I looked for. Specific key for specific repo. This is how I use keys and that is why I've got so many of them.
Yarl
Excellent. Use
--global flag to achieve permanent effect.
mwsundberg
This also pairs well with commit signing with a ssh key (introduced in Git 2.34). Example config included in my answer lower down this page.
Assuming that you have used ssh-keygen to generate a key pair and uploaded the public key in the appropriate place in your github account, you should be able to set remote to use the url [email protected]:username/repo.git.
git remote set-url origin [email protected]:username/repo.git
If you do not have local changes that you care about, you can just delete your local repository and clone again:
git clone [email protected]:username/repo.git
Here are github's instructions on this setup, which you can use as a reference as needed.
2 Comments
Binar Web
everywhere on the internet there are tutorials on how to copy the generated key into github account. but, your answer still doesn't include the answer on how to use the private. "now I created the private key, how does git knows where to get it from?"
merlin2011
@BinarWeb You're welcome to propose an edit. I think I may have misunderstood the question.
Here's a consolidating answer if you want to use the same SSH key for signing commits as well as authenticating for clones/pulls/etc.
Given an SSH key-pair stored in .ssh/git_ed25519 and .ssh/git_ed25519.pub, this config will use that key for both signing commits and authenticating via SSH for remote repo access:
# Specify SSH key for remote authentication
[core]
sshCommand = ssh -o IdentitiesOnly=yes -i ~/.ssh/git_ed25519
# Specify SSH key for commit signing
[user]
signingKey = ~/.ssh/git_ed25519.pub
[gpg]
format = ssh
[commit]
gpgsign = true
Commands to add these options to the global config:
# SSH for remote authentication
git config --global core.sshCommand 'ssh -o IdentitiesOnly=yes -i ~/.ssh/git_ed25519'
# SSH for commit signing
git config --global user.signingKey '~/.ssh/git_ed25519.pub'
git config --global gpg.format ssh
git config --global commit.gpgsign true
Note that signing commits with SSH keys is only supported in Git v2.34 and up.
EDIT: Added the -o IdentitiesOnly=yes option to the ssh command so that it only sends the specified key instead of trying to authenticate with every key stored in ssh-agent.
Citations:
- Rich Signell's answer for the
core.sshCommandoption - Github docs for SSH commit signing options
- Git release notes for versions supporting ssh key commit signing
- SSH man page and this StackOverflow answer for using
-o IdentitiesOnly=yesto prevent checking extra keys
Comments
Git does not provide a dedicated way to configure which key to use for ssh connections (just uses whatever is set as default), but fortunately we can override the interal ssh command and specify it (add -i key_file)
1. To clone a repo with specific key you can use:
git clone -c "core.sshCommand=ssh -i ~/.ssh/id_rsa_repo" [email protected]:org/repo.git
Config will persist.
2. Then to change that to local config:
git config core.sshCommand "ssh -i ~/.ssh/id_rsa_repo"
Comments
Another possibility is that after creating the ssh you may have moved the keys to a different folder. In that case,
ssh-add ~/yourkeyfolder/yourkey
This will ensure that your key is known to the os.
Comments
If you use a Gnome-based Linux desktop, such as Ubuntu or Fedora, you can also use the built-in "Passwords and encryption" application to create and manage SSH keys. To create an SSH key, just open the application, click +, then SSH Key, fill out the form, enter the password for the key twice and finally insert the generated public key information into GitHub. After that, the git command will use this SSH key for SSH connections. You have to enter the password for the SSH key only once per session. In this case there is no need to configure ssh-agent or modify ~/.ssh/config, it just works.
Comments
Did you set up your SSH key and add it in GitHub? Then you need to modify your ~/.ssh/config file:
# Global settings - applies to all hosts unless overridden
Host \*
AddKeysToAgent yes
UseKeychain yes
# You can optionally list specific keys to load on startup if needed:
# IdentityFile \~/.ssh/id_ed25519
# IdentityFile \~/.ssh/id_ed25519_personal
# IdentityFile \~/.ssh/id_ed25519_enterprise
Also, run ssh-add with the Keychain flag: • On macOS Monterey 12.0 or newer:
ssh-add --apple-use-keychain ~/.ssh/id_ed25519
Comments
Since I wanted to switch my authentication method, the remote URL itself in my repository had to change.
I found the solution at git with ssh instead of https.
This is the solution that worked for me, in addition to all the advice given here.
Change the remote:
git remote set-url origin [email protected]:USERNAME/OTHERREPOSITORY.git
The command git remote -v should show:
origin [email protected]:USERNAME/OTHERREPOSITORY.git (fetch)
origin [email protected]:USERNAME/OTHERREPOSITORY.git (push)
git@github...instead ofhttps://....originand you've got a relatively recent Git,git remote set-url origin git@github...andgit remote set-url --push origin git@github.... Get thegit@github...part from GitHub by clicking on the SSH link for your clone URL. If that doesn't do it, you may have to (a) add a second key to GitHub, or (b) let your command-linegitknow about the key you're using in your IDE.