How to Use SSH with GitHub (Instead of HTTPS) on Windows WSL
Instead of using
HTTPS to access our repositories on GitHub, we can use
HTTPS is Universally Accessible. GitHub repositories are generally more universally accessible through
SSH. It only requires account credentials (username, password, etc.) to perform writes to the repository. There’s no setup required.
HTTPS is also a port open on all firewalls, unlike
SSH, which may be blocked by a firewall (although,
SSH can be tunneled over
HTTPS if blocked)
SSH is “Secure”.
SSH keys allow GitHub to identify trusted computers, without using passwords. If my account credentials are stolen by an attacker, then my password can be changed to block access to my repositories. But if my private key were to be stolen, there’s much less an attacker can do. They could force push to a repostory, or even change the history, but that’s much more recoverable. GitHub will also automatically remove
SSH keys that have been inactive for a year.
I always use a different, new
SSH key for each machine I’m working on (both physical and virtual). If one key is compromised, then it’s only compromised on that machine. I can log in from another machine and delete that key manually.
1. Obtain an
Check for an existing key
The first thing to do is to see if there is an existing
SSH key that we can use.
ls -al ~/.ssh
SSH key already exists, we’ll likely see one or more of the following files:
id_rsa.pub id_ecdsa.pub id_ed25519.pub
If these files don’t exist, we’ll generate a new key. If they do, we can directly add the key to
ssh-agent (if we haven’t already) and then to our GitHub account.
Generate a new key
We’ll run the following, replacing
firstname.lastname@example.org with your GitHub account email.
ssh-keygen -t ed25519 -C "email@example.com"
When prompted to enter the file location, just press
Enter to use the default file location.
When prompted to type a passphrase, type in a secure passphrase to add an extra layer of security to this process.
2. Add key to
We’ll want to add our key to the
ssh-agent in order to manage multiple, custom-named keys.
Any attempt to authenticate to a server will require us to use our private key to prove that we are who we say we are.
Since we used a passphrase to protect our private keys, each attempt will also require us to enter this passphrase, which can get tedious. This
ssh-agent will cache our key and allow us to enter the passphrase only once (at the start of our session).
If we are routinely using
SSH to access a variety of machines, each with their own private keys and passphrases,
ssh-agent will allow us to use multiple keys very easily. It tries every available key in the key agent.
eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_ed25519
These commands will start the
ssh-agent in the background, and then add our private key to the
3. Add key to GitHub account
First, we need to copy the public key to our clipboard.
On Windows, we can use
cat piped with
clip (or just use
cat and copy directly from the terminal).
cat ~/.ssh/id_ed25519.pub | clip
Now, we want to head over to our GitHub Key Settings page.
This will bring us to
SSH and GPG keys.
New SSH key.
Title, specify the machine you are on (
Personal Thinkpad WSL).
Key, paste in the key.
4. Test SSH connection
Let’s verify our setup.
ssh -T firstname.lastname@example.org
When prompted to verify the authenticity of host
github.com, verify that the
RSA key fingerprint matches our key, and then type in
If we don’t get a
Permission denied (publickey) error, then we’re all ready to go. Otherwise, we should go look through some troubleshooting docs.