Git on Windows not asking for SSH key password, or using SSH Key

git enter passphrase for key windows
git use ssh key
git bash add ssh key permanently
git add ssh key
generate ssh key
git ssh not asking for password
git bash ssh
git ssh key windows

The fundamental problem is that I am never seeing a prompt to enter in my SSH-Key password, SSH-Agent or no. As such, it's acting like I entered the wrong password and defaulting to pretending I have no keys.

This is happening on multiple computers. I set up my ssh keys awhile ago, and everything is great, but every so often I will do a git push (usually after restarting my computer) and I will get asked for my git origin server's password RATHER than my ssh key's password. Since my origin server does not HAVE a password, this leaves me unable to push changes.

Sometimes it resolves itself after restarting, sometimes not. Usually I do a lot of flailing guesses and one of them ends up fixing the problem, but I can't currently remember which ones work and which don't.

What is the CORRECT way to go about fixing this? What is the actual problem? Is my SSH Key locked? Is some windows process not starting correctly? Is a Path variable being eaten? I don't know a lot about windows (usually I develop on linux), so I'm extra at a loss here.

Edit: The first answer mentions ssh-agent. Some googling got me to here:

https://help.github.com/articles/working-with-ssh-key-passphrases/#platform-windows

Which explains how to set up ssh-agent to autostart and know about your keys in windows. (I didn't even know you could use bash profiles in windows).

This did not help.

My git bash now says "Identity added: /c/Users/{{ME}}/.ssh/id_rsa" It does NOT ask me for my key password, and I still cannot push to my origin server (it asks for a server password, still).

I can confirm that my ssh key does live in the place the agent is looking. I can also confirm that the key is added: ssh-add -l shows a single key, from the location my key is stored.

Edit: Setting GIT_SSH as an environment variable pointing at the executable for ssh does nothing either, but it was a long shot anyways.

Edit: ssh git@git.myhost.com outputs:

$ ssh -v git@git.myhost.lan
OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug1: Reading configuration data /c/Users/eschjen/.ssh/config
debug1: /c/Users/eschjen/.ssh/config line 1: Applying options for git.myhost
.lan
debug1: Connecting to git.myhost.lan [10.116.22.40] port 22.
debug1: Connection established.
debug1: identity file /c/Users/eschjen/.ssh/id_rsa type 1
debug1: identity file /c/Users/eschjen/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ae:81:77:0d:1c:8e:6a:aa:a8:69:36:1b:e4:ca:33:ee
debug1: Host 'git.myhost.lan' is known and matches the RSA host key.
debug1: Found key in /c/Users/eschjen/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mi
c,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/eschjen/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mi
c,password
debug1: Next authentication method: password
git@git.myhost.lan's password:

The output screen helped me take the tack that the ssh key was being used, but rejected by the server. I found that the ssh key my server knows about does not match the ssh key my machine has, somehow, despite everything working fine less than a month ago. I re-added the ssh key I have, and was able to push my changes.

Anybody have any idea how the ssh key would be re-generated (I'm fairly sure I didn't do it explicitly) during all of this?

It's not enough to add the identity. There should be a file called config(no extension) in your C:\Users\{{username}}\.ssh directory.

You can define the key to use for a given host there like this:

Host myhost.name.com
 IdentityFile ~/.ssh/my_keyfile_name

The result of correct configuration is a input request for a password:

Enter passphrase for key '/c/Users/{{username}}/.ssh/my_keyfile_name':

Edit1: You can retrieve the verbose output of ssh by adding the -v parameter. Real world example (host name replaced):

λ ssh -v igor@myhost.at
OpenSSH_6.6.1, OpenSSL 1.0.1m 19 Mar 2015
debug1: Reading configuration data /c/Users/Igor/.ssh/config
debug1: /c/Users/Igor/.ssh/config line 4: Applying options for myhost.at
debug1: Connecting to myhost.at [192.168.2.1] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Igor/.ssh/myhost-server type -1
debug1: identity file /c/Users/Igor/.ssh/myhost-server-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze5
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze5 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 67:3f:96:7b:6a:68:55:89:a8:30:a9:ed:67:ef:40:a4
debug1: Host 'myhost.at' is known and matches the RSA host key.
debug1: Found key in /c/Users/Igor/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/Igor/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /c/Users/Igor/.ssh/myhost-server
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/c/Users/Igor/.ssh/myhost-server':

I think this would help tremendously. Added comment to OP requesting this information.

How to make git not prompt for passphrase for ssh key on windows , You can run this in git bash: eval `ssh-agent -s` ssh-add ~/.ssh/*_rsa. it will ask for pass phrase in the second command, and that's it. Each additional action you� Uses your key you added via ssh-add using the Windows provided binaries. But git is using the ssh stuff within the git usr/bin folder. Different set of keys. So you’d end up getting prompted for your passphrase every single time you git pull.

you need to tell your computer to add the key again after restarting the system. Most of the time this is done with the ssh-agent

Setting up SSH and Git on Windows 10 - DEV, Today I want to explain how you can setup SSH and Git o. Note: This is not about 100% securing your keys but about how to generate keys for use with GitHub. servers (for example the Github server) without typing in a password everytime. SSH works via two keys, the Private Key and the Public Key. Using ssh -v the output shows ssh is using the correct public key. So running the following command on the site server. ssh git@10.10.10.10 connects (and then disconnects) but . git clone git@10.10.10.10:somerepo.git asks for the password of the git user. The site server has a user (with a ssh key) registered on gitlab.

I wasted several hours trying to solve the same problem - SSH would not ask for the passphrase for my keypair even with pageant NOT running.

SSH uses different key formats (SSH-1 and SSH-2), and more importantly, refuses to read RSA keys if they are in SSH-2 format. Generating the keypair with Puttygen and then converting it to SSH-1 format to save in .ssh\id_rsa solved the problem for me.

  1. Generate a keypair
  2. Save it with a meaningful name (like Basement-Computer.ppk)
  3. Export the file to OpenSSH format and save it with the name id_rsa (no extension)

Git clone will now ask for the passphrase (or at least it did for me). Google's instructions for setting up a Git repo https://cloud.google.com/source-repositories/docs/authentication#ssh neglects to mention that crucial third step.

Solved: git with ssh authentication prompts for password, You mean a passphrase? No I did not setup a passphrase for the key pair. This service used to register not to ask for the SSH key password every time. Initially, the service is disabled and stopped, so set the service to start automatically and start it now.

How do I tell Git for Windows where to find my private RSA key , When using TortoiseGit, you need to set the SSH key via pacey's directions. fixed the issue with Git provided that your private key is not password protected. For example, try to connect to github.com via SSH, and a dialog will ask you if you� Associate the public key generated in the previous step with your user ID. Open your security settings by browsing to the web portal and selecting your avatar in the upper right of the user interface. Select Security in the menu that appears. Select SSH public keys, and then select + New Key.

Use this if ssh key keeps asking for password � GitHub, This will ask you for the passphrase, enter it and it won't ask again. ssh-add ~/. ssh/id_rsa &>/dev/null. and copied generated keys to local machine and added new public key to ~/.ssh/authorized_keys on remote host. cat id_rsa.pub >> authorized_keys Using generated keys from remote host machine connection now works. So if other solutions fail this is another thing to try.

No prompt for passphrase for git key on windows. � Issue #317 , for windows. The key I'm using with git has a passphrase. Permission denied (publickey). fatal: Could not read from remote repository. Please make It seems QtPass fails to ask for the password for the ssh-key. The FAQ� There are different ways to solve this: you can configure either sshd (server-side) or ssh (client-side) not to use password authentication. Disabling password authentication on the server makes your server more secure, but you will be in trouble if you loose your key.

Comments
  • Please provide the output of ssh with the -v flag set for the failed connection attempt.
  • Done. I can't make heads or tails of the log. It LOOKS like it offers up my RSA public key...and then just forgets about it and skips right to password authentication. No errors, no problems. If "roaming not allowed by server" is important, why do I have no issues in Linux, and no issues sometimes on my windows machine? ...Maybe it's because I'm on wifi?
  • Nope, wired IP address is no better than wifi IP address.
  • ... Well, one thing that output did for me is make me confirm that my key is actually in the server. Somehow it wasn't. I don't rememember regenerating my windows key, and I promise you I have spent quite some time using my windows machine successfully with git. And I see a key on my git server that I am fairly sure corresponded to my windows machine that is NOT my current key. Any clue what happened?
  • Thanks for the accept. I propose to move the follow up to a different question as it has completely different requirements.
  • Nothing is happening yet. I'm not entirely sure how specifying a host would help, though, since ssh-add is supposed to ask for my key's password and it doesn't have any host parameters. Git push is still not appearing to use my key, and is not asking for a password for it, just jumping ahead to asking for the server's password.
  • Which tools are you using to perform your connection? I use the linux tools bundled with git (git-scm.com) which includes the ssh binary. I do NOT need to set up any key-adding measure to my startup manually.
  • This does not appear to be my problem. I am not upset that I am asked to enter a password in every time I want to use my key. Rather, I am NOT being asked for a password, and instead git is jumping to asking for a server password. Using ssh-agent does not help with this.
  • Hmm but you still have to tell your system which key to use. Where do you do it then, when not with ssh-agent or manually adding the key
  • I'm not sure I parse your question. If I only have a single key, why do I have to specify which to use? If this must happen in any case, the answer is that I am not doing it (and thus it might be my problem). I will do more research. I will say using ssh-agent is not helping, if that is the way to specify which.
  • You said that sometimes when you restart it works, so something on your systems seems to open the key. Maybe github for Windows or putty or similar?
  • Ssh-agent is one way to add your key automatically. Even if you only have one key, your system still needs to know which it is etc.