How do I tell Git for Windows where to find my private RSA key?

windows ssh git rsa private-key

1,067,139

Solution 1

For Git Bash

If you are running msysgit (I am assuming you are) and are looking to run Git Bash (I recommend it over TortoiseGit, but I lean to the CLI more than GUI now), you need to figure out what your home directory is for Git Bash by starting it then type pwd (On Windows 7, it will be something like C:\Users\phsr I think). While you're in Git Bash, you should mkdir .ssh.

After you have the home directory, and a .ssh folder under that, you want to open PuTTYgen and open the key (.ppk file) you have previously created. Once your key is open, you want to select Conversions -> Export OpenSSH key and save it to HOME\.ssh\id_rsa. After you have the key at that location, Git Bash will recognize the key and use it.

Note: Comments indicate that this doesn't work in all cases. You may need to copy the OpenSSH key to Program Files\Git\.ssh\id_rsa (or Program Files (x86)\Git\.ssh\id_rsa).

For TortoiseGit

When using TortoiseGit, you need to set the SSH key via pacey's directions. You need to do that for every repository you are using TortoiseGit with.

Solution 2

Using the built-in SSH client shipped with Git for Windows, you need to set up the HOME environment variable so that the Git SSH client can find the key.

For example, on a Windows Vista installation, this would be done by issuing setx HOME c:\Users\admin\ on the command line.

It made my day and fixed the issue with Git provided that your private key is not password protected. If you want to use ssh-agent, then you can probably run ssh-agent cmd.exe (although I've never done that) and the ssh-add as usual.

Note that all Git/SSH tools are supposed to be run from a cmd.exe in order not to blink a window.

If this does not work correctly, using plink can probably be achieved by tweaking GIT_SSH. Refer to all the SVN + ssh tutorials; this is basically the same plumbing you need to setup.

Solution 3

You can specify the key location for TortoiseGit the following way:

Open an Explorer Window.
Open the Contextmenu and navigate TortoiseGit → Settings
In the now opened window, navigate to Git → Remote
Set the path to your PuTTY key in the corresponding input box.

A screenshot is below:

Enter image description here

Solution 4

None of the previous answers worked for me. Here was what worked for me in the end. It is actually fairly simple, if you know what to type. It doesn't need PuTTY.

Open a Git Bash prompt
Type 'ssh-keygen'
- Accept the default location
- Choose a blank passphrase (so just press 'enter' to all questions')
Now copy the public key to your server, for example: scp ~/.ssh/id_rsa.pub [email protected]:~

That's the bit on your own computer done. Now ssh into the destination server, then do

mkdir -p ~/.ssh
cd ~/.ssh
cat ../id_rsa.pub >> authorized_keys
rm ../id_rsa.pub

That's it! You're done! From Git Bash, do the following to test:

ssh [email protected] ls

If it lists the files in your home directory on the Git server, and then you're done!

For GitHub, you don't have shell access to their server, but you can upload the key using their website, so for the bit 'now copy to your server', do:

In Git Bash, type 'cat ~/.ssh/id_rsa.pub', select the result, and copy it to the clipboard.
On the GitHub website, go to 'Account settings', 'SSH and GPG keys', click 'New SSH key', and paste the key.

Solution 5

If you're using msysgit with the OpenSSH tools, you need to either create ~/.ssh/id_rsa, or create a Git configuration in ~/.ssh/config which points to your key.

Here's an example of a Git configuration for Bitbucket that will use the correct username, and a key other than the default key (in case you maintain one key for SSH connections, and another for Git accounts).

~/.ssh/config:

Host bitbucket.org
    Hostname bitbucket.org
    User git
    IdentityFile /C/keys/yourkey.key

Once in Git Bash, you can run two commands to add your key to your current session's ssh-agent to avoid having to repeatedly type the key's password.

eval `ssh-agent`
ssh-add /C/keys/yourkey.key

View more solutions

1,067,139

Author by

binaryorganic

I'm a Web Designer, SEO & Standards Consultant from Cleveland, Ohio.

Updated on September 17, 2022

Comments

binaryorganic over 1 year

My Git setup runs fine on Linux, but when I try to set things up under Windows (using Git for Windows and TortoiseGit), I don't know where to put my private SSH key (or, better still, how to tell ssh where it's located). I'm using the standard ssh.exe option during installation of Git for Windows. The setup runs fine if I allow password authentication (in lieu of RSA) on the server.
- Admin over 13 years
  
  I have the same problem, I can ssh into my dev box using a public key as "root" using the "Git Bash" program that is installed with "Git For Windows" but I can't log in as "git" with my key even though I have copied my "authorized_keys" file from my "root" to my "git" user and set the owners and permissions correctly. Why can't I login as "git" when "root" works with the exact same "authorized_keys" file. Instead for "git" it passes up all the private keys, which are the exact same that work with "root" and asks for a password. This is a Centos 5.5 server by the way.
- Dan McClain over 13 years
  
  @fuzzy lollipop: Do you have the right permissions on your git user's authorized_keys file? It should be chmod 600, and should be owned by the git user. If it's owned by the root user, it wont work
- Admin over 13 years
  
  yes all the files and directories are the correct owners and permissions
binaryorganic over 13 years

I stated above that I'm using Git for Windows and am using ssh.exe (packaged w/ git) in lieu of putty. There must be some standard practice for adding a private key, I just can't seem to find out how. While switching software may indeed allow me to log in, there has to be a way to do it with the standard Git setup, no?
Declan Shanaghy over 13 years

Sorry i dont work on windows, only linux. But the key does have to be in your SSH agent. is there an agent.exe or something along those lines?
binaryorganic over 13 years

Yeah, setup was cake on the linux side. But I've got to have it working on Windows too unfortunately. There are several ssh-related executable files in the git/bin folder on the Windows box (ssh, ssh-add, ssh-agent, ssh-keygen & ssh-keyscan), but I don't know how to make any of them do anything. They just blink a cmd window open and close right away. I'm stumped.
dev over 12 years

pacey's instructions for tortoisegit won't work until you have the repository (because the 'remote' configuration setting doesn't appear unless you act on a repo), and you probably can't get the repository in the first place if you can't authenticate yourself in order to clone from the origin. Tricky!
Corvo Attano about 12 years

This is what I was looking for since I'm trying to use the Windows command prompt, not git bash.
thaddeusmt about 12 years

Nice, easy fix but it would have been hard to figure out without this!
Lutz about 12 years

Important is as well to have no blanks between HOME = and c:\... Oct's solution did the trick for me. :-)
JP. almost 12 years

With GitBash I found I had to copy my ~/.ssh/id_rsa file to Program Files\Git\.ssh\id_rsa - which was a little confusing, but now IntelliJ and Windows cmd can push to git repositories that use key authentication.
Owen Blacker almost 12 years

Pageant does indeed solve the problem for me -- I have a shortcut in my Start Menu's Startup folder (C:\Users\owen.blacker\AppData\Roaming\Microsoft\Windows\Sta‌rt Menu\Programs\Startup) pointing to "C:\Program Files (x86)\PuTTY\pageant.exe" "C:\Users\owen.blacker\Documents\SSH\OwenBlackerPersonal.ppk‌" "C:\Users\owen.blacker\Documents\SSH\OwenBlackerWork.ppk", so that it loads my SSH keys on startup and this makes GIT "just work" :o)
user1227502 almost 12 years

Likewise. I just installed git-for-windows, I am running it from cmd.exe. I needed to put the files id_rsa and id_rsa.pub into c:\program files (x86)\Git\.ssh . The .ssh dir was already present. Thanks, JP.
samsamuel over 11 years

Second paragraph was golden. :)
Zlatko over 11 years

Me too, other answers made git ask me for key passphrase.
Damon over 11 years

so I should be calling the key itself id_rsa with no extension, or putting it inside that folder?
ingh.am over 11 years

Excellent answer ;)
ton.yeung over 11 years

doesn't work with github since they don't allow shell access
Jake Berger about 11 years

this answer did NOT work for me. Hugh's answer did.
GregB about 11 years

Don't create keys without passphrases. It's like putting your password in a text file, except that everyone knows the default location for private keys.
Danny Staple about 11 years

Worth noting - if you have spaces in your home (if you are using win XP/server 2003 you will), then you should prefix the path with a single quote. Bizarrely - if you end it with a quote that will be in the variable...
dingyaguang117 about 11 years

You're answering the wrong question. The Q is how to point to an existing private key.
Hugh Perkins almost 11 years

@GregB, I look at it like this: any server for which I create a password-less key is as secure as my laptop, it's an extension of the security perimeter of my laptop. Actually, not even, since my home directory is encrypted ;-) So, it's as secure as the encrypted home partition on my laptop, which is 'good enough' for securing access to github, in my opinion. (which may vary from your opinion of course!)
Sarah Vessels almost 11 years

I did this but for github.com: Host github.com IdentityFile ~/.ssh/github_rsa
Dickon Reed almost 11 years

If msysgit detects PuTTY saved sessions it will by default use PuTTY's plink instead of ssh, so you need to set up your keys using PuTTY instead.
Spechal over 10 years

Following the link you provided I was able to get my Jenkins setup. I needed to set the HOME environment variable to the Git program path which held the .ssh directory I created my SSH key in.
igor over 10 years

In my case I've added HOME = %USERPROFILE%
trejder over 10 years

The setx HOME c:\Users\admin` command doesn't seems to be working in Git Bash. You have to use cmd` instead.
trejder over 10 years

@GregB Don't fall down into paranoia! :] Sure, that using password-protected keys is much more secure, than using password-less, but claiming that password-less key is as easy to break as storing passwords in a text file is an obvious false. I've seen many guides, that encourage users to use password-protected keys, but I have never seen any claiming, that using them without passwords is not secure at all. Plus: some systems doesn't support solutions for remembering key's password, entered by users, and asks for it, each time key is used. Which makes using SSH keys pointless in this situation.
trejder over 10 years

@OwenBlacker OMFG! You definitely should write this comment as a full-size answer! This is the only solution here, that actually helped me and solved my problem! Pity, that I can give you only +1! :]
GregB over 10 years

For the sake of the conversation, which has deviated from the original question, SSH keys are certainly more cryptographically secure than passwords, but that security is put at risk by not encrypting your SSH keys. My personal approach is to unlock my keys at the beginning of the day using an SSH agent, which then keeps the decrypted keys in memory so that I don't need to re-enter the password throughout the day. As @Hugh Perkins comments, and I'm paraphrasing, you all know your security requirements better than I/we do :).
Tariq M Nasim over 10 years

Additionally if you need to convert your private key into '.ppk' format from other format you can follow THIS
bumperbox over 10 years

I used "env" command in gitbash and looked for the HOMEPATH. That is where I found my .ssh folder
Simon East almost 10 years

I think you need several other settings correct for this to work (such as GIT_SSH set to TortoisePLink.exe I think?), and although it has worked for me in the past, I often get problems with it on other machines. :-(
roeland almost 10 years

If you have a space in your path you have to use quotes: IdentityFile "/C/My Keys/key"
Scoop over 9 years

this. ughhhhhhhhhhhhh. good bye 2 hours
DaveGauer about 9 years

This absolutely solves the problem and allows you to store your keys where ever you would like.
DaveGauer about 9 years

This was the simplest solution on my Win7 machine. Like you, I searched for known_hosts. Sure enough, it was in C:\Users\Dave\AppData\Local\VirtualStore\Program Files (x86)\Git\.ssh. By placing my key file (id_rsa) in that directory, ssh was able to find it without complaint. I did a little reading - this is how Windows handles (legacy) software attempting to write to forbidden areas (such as "C:\Program Files\"), so Git's ssh is completely unaware that it is writing to the VirtualStore directory, Windows is handling that transparently. At least these files belong to a user!
Steve Pitchers almost 9 years

Git > Remote only appears once you've successfully cloned the repository.
ibgib almost 9 years

Windows 10 laziest method: type '%USERPROFILE%' in the path bar (gotten from git-scm.com/book/en/v1/Getting-Started-First-Time-Git-Setup)
JonE over 8 years

This is so helpful. Thanks for solving something that used to work perfectly and then just died
patryk.beza over 8 years

What if I want to add multiple keys which names differ from id_rsa?
Daniel Rose over 8 years

A much easier solution is to set everything up working properly in git (using openSSH), and then tell TortoiseGit to use the ssh.exe used by git. See stackoverflow.com/a/33328628/318317 That way, you only need to fix this once.
Graeme Perrow about 8 years

Note that %HOMEPATH% does not contain the drive letter, so if your source is not on C: you need to prepend C: to %HOME%.
hiroshi about 8 years

Yeah it is very annoying. It is natural and easy to clone a repo with github for windows GUI, but when use git cui outside of git shell failed. I wonder how the git command in the git shell works with https url...
Brig about 8 years

use ssh -v [email protected] to see what files your ssh is trying to use
nmz787 about 8 years

for SSH is the prefix always git@{SERVER URL} ?
IDisposable about 8 years

Yes, as far as I've ever seen :)
sipher_z over 7 years

@Brig 'ssh' is not recognized as an internal or external command...
CaffeineAddiction about 7 years

@GregB "SSH keys are certainly more cryptographically secure than passwords" this is not always the case ... a 64 character password consisting of randomized characters 0-f (hex) is apparently more secure than a 4096 bit RSA key
rob about 7 years

It is perfectly reasonable to make suggestions like this as comments. But as the question explicitly requests git for windows you should expect down votes for posting this as an answer.
Xenos almost 7 years

@JP. For my part, I had to put my already-generated keys to C:\Users\xxxx\.ssh to use them in Git GUI 0.21.GITGUI and git v2.13.0.windows-1
Kirill Husiatyn almost 7 years

I prefer this way, because this allowed me fast connect existed keys from other PC
Ian Grainger almost 7 years

@OwenBlacker I get an error 'unable to open the file' when trying to use Pageant :(
Ian Grainger almost 7 years

I get 'Unable to open the file' from Pageant :( Which I know is set up correctly as I'm using it for TortoiseGit :(
Ian Grainger almost 7 years

Already had this - still asks me all the time
Micah Zoltu over 6 years

For future readers, %USERPROFILE% is the equivalent of $HOME is not the equivalent of $HOME. A lot of bad acting Linux apps ported to Windows treat t the two the same e but they should not be treated the same.
Eric Blade over 6 years

Micah, can you inform the differences in intent for that? Also, even with different intent, it would seem that if all the tools use one as the other, then doesn't it effectively become equivalent?
Micah Zoltu over 6 years

Tools that use %USERPROFILE% on Windows in the same way as $HOME on Linux are violating well documented best practices/recommendations for Windows development (published by MS long ago and updated over time). There are many tools that do this, but the argument to follow them is much like the argument "X pees in the pool, so we should too." USERPROFILE is where the user stores documents they create/save (e.g., save dialog). APPDATA is for per-user configuration data. LOCALAPPDATA is for per-user caches and large files. PROGRAMDATA is for machine-wide configuration and cache.
Micah Zoltu over 6 years

In general, the only tools that misbehave with USERPROFILE are tools written by Linux developers and then ported to Windows. As a developer, you probably use a lot of these so it feels like "everyone is doing it" but outside of the development tooling ecosystem most Windows applications actually are good citizens. Even Microsoft sometimes makes the mistake of not putting things in the right place (they are a huge company), though in general when you point it out to them they make an effort to resolve the problem and follow OS guidelines.
Micah Zoltu over 6 years

(sorry, StackExchange character limits on comments). Here is more details about the folders and a brief description of what goes in each. There are other resources as well, including more consumable blog posts, but this one offers the most technical accuracy: technet.microsoft.com/en-us/library/cc749104(v=ws.10).aspx
Mireodon over 6 years

The question was specifically about windows. I have git on my Ubuntu machine working like this, but I can't tell what to set GIT_SSH_COMMAND to on my Windows machine.
Matthew Wetmore over 6 years

Welcome to Server Fault. This question already has a widely accepted answer accepted several years ago. Keep looking for newer questions or those that can be significantly improved.
Nikita Bosik over 6 years

If disabled, check Settings... -> Network -> SSH client is set to C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe
Michael Russo over 6 years

This helped, but for anyone who's using an id_dsa key, you'll also need to add "PubkeyAcceptedKeyTypes ssh-dss" under your host.
Aaron Mason over 6 years

set HOME=%USERPROFILE% fixed the issue for me, using Windows CMD.
Colin over 6 years

Also keep in mind that if you don't specify the user in the git url, git will use your Windows user name rather than the one you might have on your nix/mac machine (doh)
Mark about 6 years

This accepted solution disregards the question asked, and the current addendum about moving SSH keys under Program Files is not viable for anyone with a multi-user machine.
Matt over 5 years

Wish I would have found this days ago. :( Works!
pangyuteng over 5 years

set %HOME%=%HOMEPATH% worked for me! Thank you!!
Rainb almost 4 years

this is not the answer to the question
Rainb almost 4 years

OH MY GOD THIS WORKED FOR ME WHEN NO PREVIOUS ANSWERS WORKED!
Rainb almost 4 years

A comment with not so many upvotes saved me, the top voted comments don't even solve anything
user4015990 over 2 years

Thank you. This saved my day.
twig over 2 years

Finally got around to fixing this issue with msysgit/Git Bash and this answer solved it for me. Exporting the id_rsa file to %USERPROFILE%\.ssh\id_rsa worked immediately.
maja over 2 years

this answer helped me solve a very peculiar issue where the encryption algorithm of my key wasn't supported by one of the operating systems I was using
PythoNic over 2 years

Adding to @trejder: you can use echo $HOME instead of the unreliable pwd
PythoNic over 2 years

i was asked for user + password even after this explaination. I had to change the <repo>/.git/config File. Remote origin needed [email protected]:... instead of url=https://gitlab.com... (continue the ... according to your project, host or whatever)
Admin almost 2 years

to cope with the fact that %HOMEPATH% is not a full path, use: 1. via command-line, setx HOME %HOMEDRIVE%%HOMEPATH%; 2. via Control Panel, in step 7 above use %HOMEDRIVE%%HOMEPATH%.