How to Use SSH with GitHub (Instead of HTTPS) on Windows WSL

Published Apr 5, 2021

Instead of using HTTPS to access our repositories on GitHub, we can use SSH.

HTTPS is Universally Accessible. GitHub repositories are generally more universally accessible through HTTPS than SSH. It only requires account credentials (username, password, etc.) to perform writes to the repository. There’s no setup required. HTTPS is also a port open on all firewalls, unlike SSH, which may be blocked by a firewall (although, SSH can be tunneled over HTTPS if blocked)

SSH is “Secure”. SSH keys allow GitHub to identify trusted computers, without using passwords. If my account credentials are stolen by an attacker, then my password can be changed to block access to my repositories. But if my private key were to be stolen, there’s much less an attacker can do. They could force push to a repostory, or even change the history, but that’s much more recoverable. GitHub will also automatically remove SSH keys that have been inactive for a year.

I always use a different, new SSH key for each machine I’m working on (both physical and virtual). If one key is compromised, then it’s only compromised on that machine. I can log in from another machine and delete that key manually.

1. Obtain an SSH key

Check for an existing key

The first thing to do is to see if there is an existing SSH key that we can use.

ls -al ~/.ssh

If an SSH key already exists, we’ll likely see one or more of the following files:

id_rsa.pub
id_ecdsa.pub
id_ed25519.pub

If these files don’t exist, we’ll generate a new key. If they do, we can directly add the key to ssh-agent (if we haven’t already) and then to our GitHub account.

Generate a new key

We’ll run the following, replacing some_email@gmail.com with your GitHub account email.

ssh-keygen -t ed25519 -C "some_email@gmail.com"

When prompted to enter the file location, just press Enter to use the default file location.

When prompted to type a passphrase, type in a secure passphrase to add an extra layer of security to this process.

2. Add key to ssh-agent

We’ll want to add our key to the ssh-agent in order to manage multiple, custom-named keys.

Any attempt to authenticate to a server will require us to use our private key to prove that we are who we say we are.

Since we used a passphrase to protect our private keys, each attempt will also require us to enter this passphrase, which can get tedious. This ssh-agent will cache our key and allow us to enter the passphrase only once (at the start of our session).

If we are routinely using SSH to access a variety of machines, each with their own private keys and passphrases, ssh-agent will allow us to use multiple keys very easily. It tries every available key in the key agent.

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

These commands will start the ssh-agent in the background, and then add our private key to the ssh-agent.

3. Add key to GitHub account

First, we need to copy the public key to our clipboard.

On Windows, we can use cat piped with clip (or just use cat and copy directly from the terminal).

cat ~/.ssh/id_ed25519.pub | clip

Now, we want to head over to our GitHub Key Settings page.

This will bring us to SettingsSSH and GPG keys.

Click on New SSH key.

For Title, specify the machine you are on (Personal Thinkpad WSL).

For Key, paste in the key.

4. Test SSH connection

Let’s verify our setup.

ssh -T git@github.com

When prompted to verify the authenticity of host github.com, verify that the RSA key fingerprint matches our key, and then type in yes.

If we don’t get a Permission denied (publickey) error, then we’re all ready to go. Otherwise, we should go look through some troubleshooting docs.


More CLI Articles