544

My Git setup runs fine on Linux, but when I try to set things up under Windows (using Git for Windows and TortoiseGit), I don't know where to put my private SSH key (or, better still, how to tell ssh where it's located). I'm using the standard ssh.exe option during installation of Git for Windows. The setup runs fine if I allow password authentication (in lieu of RSA) on the server.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
binaryorganic
  • 5,901
  • 4
  • 17
  • 19
  • I have the same problem, I can ssh into my dev box using a public key as "root" using the "Git Bash" program that is installed with "Git For Windows" but I can't log in as "git" with my key even though I have copied my "authorized_keys" file from my "root" to my "git" user and set the owners and permissions correctly. Why can't I login as "git" when "root" works with the exact same "authorized_keys" file. Instead for "git" it passes up all the private keys, which are the exact same that work with "root" and asks for a password. This is a Centos 5.5 server by the way. –  Nov 05 '10 at 01:36
  • @fuzzy lollipop: Do you have the right permissions on your git user's authorized_keys file? It should be chmod 600, and should be owned by the git user. If it's owned by the root user, it wont work – Dan McClain Nov 05 '10 at 17:20
  • yes all the files and directories are the correct owners and permissions –  Nov 06 '10 at 07:21

32 Answers32

522

For Git Bash

If you are running msysgit (I am assuming you are) and are looking to run Git Bash (I recommend it over TortoiseGit, but I lean to the CLI more than GUI now), you need to figure out what your home directory is for Git Bash by starting it then type pwd (On Windows 7, it will be something like C:\Users\phsr I think). While you're in Git Bash, you should mkdir .ssh.

After you have the home directory, and a .ssh folder under that, you want to open PuTTYgen and open the key (.ppk file) you have previously created. Once your key is open, you want to select Conversions -> Export OpenSSH key and save it to HOME\.ssh\id_rsa. After you have the key at that location, Git Bash will recognize the key and use it.

Note: Comments indicate that this doesn't work in all cases. You may need to copy the OpenSSH key to Program Files\Git\.ssh\id_rsa (or Program Files (x86)\Git\.ssh\id_rsa).

For TortoiseGit

When using TortoiseGit, you need to set the SSH key via pacey's directions. You need to do that for every repository you are using TortoiseGit with.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Dan McClain
  • 6,473
  • 1
  • 20
  • 24
  • 4
    pacey's instructions for tortoisegit won't work until you have the repository (because the 'remote' configuration setting doesn't appear unless you act on a repo), and you probably can't get the repository in the first place if you can't authenticate yourself in order to clone from the origin. Tricky! – Kylotan Oct 06 '11 at 19:59
  • 46
    With GitBash I found I had to copy my `~/.ssh/id_rsa` file to `Program Files\Git\.ssh\id_rsa` - which was a little confusing, but now IntelliJ and Windows cmd can push to git repositories that use key authentication. – JP. May 23 '12 at 12:17
  • 10
    Likewise. I just installed git-for-windows, I am running it from cmd.exe. I needed to put the files `id_rsa` and `id_rsa.pub` into `c:\program files (x86)\Git\.ssh` . The `.ssh` dir was already present. Thanks, JP. – Cheeso Jul 26 '12 at 01:07
  • 5
    Second paragraph was golden. :) – Bjørn Aug 31 '12 at 10:51
  • so I should be calling the key itself id_rsa with no extension, or putting it inside that folder? – Damon Nov 27 '12 at 02:07
  • 4
    @Damon: It should be `id_rsa` without the extension. That is the file name, it is not a directory – Dan McClain Nov 27 '12 at 13:26
  • 1
    this answer did NOT work for me. Hugh's [answer](http://serverfault.com/a/382801/97210) did. – Jake Berger Mar 04 '13 at 06:09
  • If msysgit detects PuTTY saved sessions it will by default use PuTTY's plink instead of ssh, so you need to set up your keys using PuTTY instead. – Dickon Reed Jul 08 '13 at 11:32
  • 2
    @DanMcClain "_you need to figure out what your home directory is for Git Bash by starting it then type `pwd`_" -- according to [Wiki](http://en.wikipedia.org/wiki/Pwd), `pwd` stands for _print working directory_ and nearly always displays _current_ (**working**) directory, not **home** one (see example in Wiki, with issuing `pwd` several times to see _different_ directory each time). As far as I'm not mistaken, **home** directory is _constant_ and does not change from time to time. To determine **home** directory in my Git Bash, I always go to it, by executing `cd ~`. – trejder Dec 12 '13 at 08:22
  • I used "env" command in gitbash and looked for the HOMEPATH. That is where I found my .ssh folder – bumperbox Jan 25 '14 at 19:50
  • The latest git for windows puts an ".ssh" directory in your user directory on windows 7: "C:/Users/USERNAME/.ssh" That is the directory that if you put an open ssh key named "id_rsa" will allow you to load the key in a git bash. – carter Aug 22 '14 at 19:21
  • 2
    Windows 10 laziest method: type '%USERPROFILE%' in the path bar (gotten from https://git-scm.com/book/en/v1/Getting-Started-First-Time-Git-Setup) – ibgib Aug 09 '15 at 20:37
  • This is so helpful. Thanks for solving something that used to work perfectly and then just died – JonE Aug 20 '15 at 13:17
  • 4
    What if I want to add [multiple keys](http://stackoverflow.com/questions/2419566/best-way-to-use-multiple-ssh-private-keys-on-one-client) which names differ from `id_rsa`? – patryk.beza Oct 18 '15 at 10:37
  • 3
    use `ssh -v git@github.com` to see what files your ssh is trying to use – Brig Mar 25 '16 at 21:22
  • @Brig `'ssh' is not recognized as an internal or external command...` – Kev Jan 06 '17 at 11:13
  • @JP. For my part, I had to put my already-generated keys to `C:\Users\xxxx\.ssh` to use them in `Git GUI 0.21.GITGUI` and `git v2.13.0.windows-1` – Xenos May 31 '17 at 09:22
  • `set HOME=%USERPROFILE%` fixed the issue for me, using Windows CMD. – Aaron Mason Dec 08 '17 at 00:13
  • Also keep in mind that if you don't specify the user in the git url, git will use your Windows user name rather than the one you might have on your nix/mac machine (doh) – Colin Dec 29 '17 at 22:49
  • This accepted solution disregards the question asked, and the current addendum about moving SSH keys under `Program Files` is not viable for anyone with a multi-user machine. – Mark Mar 19 '18 at 19:42
  • 1
    A comment with not so many upvotes saved me, the top voted comments don't even solve anything – Rainb Jul 04 '20 at 21:10
  • Finally got around to fixing this issue with msysgit/Git Bash and this answer solved it for me. Exporting the `id_rsa` file to `%USERPROFILE%\.ssh\id_rsa` worked immediately. – twig Oct 29 '21 at 05:25
  • Adding to @trejder: you can use `echo $HOME` instead of the unreliable `pwd` – PythoNic Feb 14 '22 at 01:54
  • i was asked for user + password even after this explaination. I had to change the /.git/config File. Remote origin needed `url=git@gitlab.com:...` instead of `url=https://gitlab.com...` (continue the ... according to your project, host or whatever) – PythoNic Feb 14 '22 at 02:02
116

Using the built-in SSH client shipped with Git for Windows, you need to set up the HOME environment variable so that the Git SSH client can find the key.

For example, on a Windows Vista installation, this would be done by issuing setx HOME c:\Users\admin\ on the command line.

It made my day and fixed the issue with Git provided that your private key is not password protected. If you want to use ssh-agent, then you can probably run ssh-agent cmd.exe (although I've never done that) and the ssh-add as usual.

Note that all Git/SSH tools are supposed to be run from a cmd.exe in order not to blink a window.

If this does not work correctly, using plink can probably be achieved by tweaking GIT_SSH. Refer to all the SVN + ssh tutorials; this is basically the same plumbing you need to setup.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Oct
  • 1,576
  • 1
  • 8
  • 5
  • 16
    This is what I was looking for since I'm trying to use the Windows command prompt, not git bash. – John Ruiz Mar 05 '12 at 18:33
  • Nice, easy fix but it would have been hard to figure out without this! – thaddeusmt Apr 13 '12 at 20:39
  • Important is as well to have no blanks between HOME = and c:\... Oct's solution did the trick for me. :-) – Lutz Apr 21 '12 at 23:09
  • Worth noting - if you have spaces in your home (if you are using win XP/server 2003 you will), then you should prefix the path with a single quote. Bizarrely - if you end it with a quote that will be in the variable... – Danny Staple Apr 16 '13 at 10:57
  • 2
    The `setx HOME c:\Users\admin\` command doesn't seems to be working in Git Bash. You have to use `cmd` instead. – trejder Dec 12 '13 at 08:01
  • Wish I would have found this days ago. :( Works! – Matt Oct 16 '18 at 12:33
62

You can specify the key location for TortoiseGit the following way:

  • Open an Explorer Window.
  • Open the Contextmenu and navigate TortoiseGitSettings
  • In the now opened window, navigate to GitRemote
  • Set the path to your PuTTY key in the corresponding input box.

A screenshot is below:

Enter image description here

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
pacey
  • 3,833
  • 1
  • 15
  • 31
  • 9
    Additionally if you need to convert your private key into '.ppk' format from other format you can follow [THIS](http://develop-for-fun.blogspot.com/2013/12/configure-tortoise-git.html) – Tariq M Nasim Dec 18 '13 at 11:04
  • It worked for me. – Maxim Eliseev Sep 10 '14 at 16:53
  • 6
    Git > Remote only appears once you've successfully cloned the repository. – Steve Pitchers Jul 23 '15 at 09:18
  • 5
    A much easier solution is to set everything up working properly in git (using openSSH), and then tell TortoiseGit to use the ssh.exe used by git. See http://stackoverflow.com/a/33328628/318317 That way, you only need to fix this once. – Daniel Rose Feb 04 '16 at 16:04
56

None of the previous answers worked for me. Here was what worked for me in the end. It is actually fairly simple, if you know what to type. It doesn't need PuTTY.

  • Open a Git Bash prompt
  • Type 'ssh-keygen'
    • Accept the default location
    • Choose a blank passphrase (so just press 'enter' to all questions')
  • Now copy the public key to your server, for example: scp ~/.ssh/id_rsa.pub someuser@someserver.com:~

That's the bit on your own computer done. Now ssh into the destination server, then do

mkdir -p ~/.ssh
cd ~/.ssh
cat ../id_rsa.pub >> authorized_keys
rm ../id_rsa.pub

That's it! You're done! From Git Bash, do the following to test:

ssh someuser@someserver.com ls

If it lists the files in your home directory on the Git server, and then you're done!

For GitHub, you don't have shell access to their server, but you can upload the key using their website, so for the bit 'now copy to your server', do:

  • In Git Bash, type 'cat ~/.ssh/id_rsa.pub', select the result, and copy it to the clipboard.
  • On the GitHub website, go to 'Account settings', 'SSH and GPG keys', click 'New SSH key', and paste the key.
Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Hugh Perkins
  • 1,065
  • 7
  • 9
  • Me too, other answers made git ask me for key passphrase. – Zlatko Oct 12 '12 at 06:47
  • Excellent answer ;) – ingh.am Nov 29 '12 at 09:49
  • doesn't work with github since they don't allow shell access – ton.yeung Feb 05 '13 at 19:58
  • 10
    Don't create keys without passphrases. It's like putting your password in a text file, except that everyone knows the default location for private keys. – GregB Apr 11 '13 at 06:10
  • 21
    You're answering the wrong question. The Q is how to point to an existing private key. – Orangutech Apr 17 '13 at 18:18
  • 8
    @GregB, I look at it like this: any server for which I create a password-less key is as secure as my laptop, it's an extension of the security perimeter of my laptop. Actually, not even, since my home directory is encrypted ;-) So, it's as secure as the encrypted home partition on my laptop, which is 'good enough' for securing access to github, in my opinion. (which may vary from your opinion of course!) – Hugh Perkins Jun 21 '13 at 05:38
  • 4
    @GregB Don't fall down into paranoia! :] Sure, that using password-protected keys is much more secure, than using password-less, but claiming that password-less key is as easy to break as storing passwords in a text file is an obvious false. I've seen many guides, that encourage users to use password-protected keys, but I have never seen any claiming, that using them without passwords is not secure at all. Plus: some systems doesn't support solutions for remembering key's password, entered by users, and asks for it, each time key is used. Which makes using SSH keys pointless in this situation. – trejder Dec 12 '13 at 08:33
  • 5
    For the sake of the conversation, which has deviated from the original question, SSH keys are certainly more cryptographically secure than passwords, but that security is put at risk by not encrypting your SSH keys. My personal approach is to unlock my keys at the beginning of the day using an SSH agent, which then keeps the decrypted keys in memory so that I don't need to re-enter the password throughout the day. As @Hugh Perkins comments, and I'm paraphrasing, you all know your security requirements better than I/we do :). – GregB Dec 13 '13 at 18:09
  • @GregB "SSH keys are certainly more cryptographically secure than passwords" this is not always the case ... a 64 character password consisting of randomized characters 0-f (hex) is apparently more secure than a 4096 bit RSA key – CaffeineAddiction Feb 22 '17 at 15:56
53

If you're using msysgit with the OpenSSH tools, you need to either create ~/.ssh/id_rsa, or create a Git configuration in ~/.ssh/config which points to your key.

Here's an example of a Git configuration for Bitbucket that will use the correct username, and a key other than the default key (in case you maintain one key for SSH connections, and another for Git accounts).

~/.ssh/config:

Host bitbucket.org
    Hostname bitbucket.org
    User git
    IdentityFile /C/keys/yourkey.key

Once in Git Bash, you can run two commands to add your key to your current session's ssh-agent to avoid having to repeatedly type the key's password.

eval `ssh-agent`
ssh-add /C/keys/yourkey.key
Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
GregB
  • 1,362
  • 2
  • 13
  • 21
17

I just set %HOME%=%HOMEPATH%

This has the advantage of working for all users logged into the system (they each get separate .ssh folders).

In Vista:

  1. Right-click on Computer
  2. Choose Properties
  3. Click on Advanced System Settings
  4. Click on Environment Variables
  5. In the bottom section (System Variables) Click on New
  6. For Variable name type: HOME
  7. For Variable path type: %HOMEPATH%
  8. Click OK
Jono
  • 271
  • 2
  • 2
11

In my case I was using Git for Windows in the Docker container windowsservercore.

My Git was installed by Chocolatey to C:\Program Files\Git.

I had to update the file C:\Program Files\Git\etc\ssh\ssh_config with this:

Host example.com
   Identityfile ~/.ssh/id_rsa

Then I was could use key from C:\Users\<user>\.ssh\id_rsa

If you are using Git for windows together with OpenSSH for Windows. Git is still using its own ssh.

Plus if you plan using ssh-keyscan host.com > known_hosts from OpenSSH, be careful because piping output from stdout of keyscan (on Windows) changes encoding to UCS-2, but OpenSSH can read only UTF-8! So make sure to change the known_hosts file encoding.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
oglop
  • 251
  • 3
  • 8
  • This helped, but for anyone who's using an id_dsa key, you'll also need to add "PubkeyAcceptedKeyTypes ssh-dss" under your host. – Michael Russo Nov 30 '17 at 16:47
7

Your private key needs to be added to the SSH agent on your workstation. How you achieve this may depend on what git client you are using, however puTTY and its associated agent (pageant) might do the trick for you, here's the link to the official binaries and source:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Declan Shanaghy
  • 211
  • 1
  • 5
  • I stated above that I'm using Git for Windows and am using ssh.exe (packaged w/ git) in lieu of putty. There must be some standard practice for adding a private key, I just can't seem to find out how. While switching software may indeed allow me to log in, there has to be a way to do it with the standard Git setup, no? – binaryorganic Oct 25 '10 at 21:32
  • Sorry i dont work on windows, only linux. But the key does have to be in your SSH agent. is there an agent.exe or something along those lines? – Declan Shanaghy Oct 25 '10 at 22:01
  • 1
    Yeah, setup was cake on the linux side. But I've got to have it working on Windows too unfortunately. There are several ssh-related executable files in the git/bin folder on the Windows box (ssh, ssh-add, ssh-agent, ssh-keygen & ssh-keyscan), but I don't know how to make any of them do anything. They just blink a cmd window open and close right away. I'm stumped. – binaryorganic Oct 26 '10 at 01:13
  • 8
    Pageant does indeed solve the problem for me -- I have a shortcut in my Start Menu's Startup folder (`C:\Users\owen.blacker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup`) pointing to `"C:\Program Files (x86)\PuTTY\pageant.exe" "C:\Users\owen.blacker\Documents\SSH\OwenBlackerPersonal.ppk" "C:\Users\owen.blacker\Documents\SSH\OwenBlackerWork.ppk"`, so that it loads my SSH keys on startup and this makes GIT "just work" :o) – Owen Blacker Jun 27 '12 at 12:51
  • @OwenBlacker OMFG! You **definitely should** write this comment as a full-size **answer**! This is **the only solution here**, that actually helped me and solved my problem! Pity, that I can give you only +1! :] – trejder Dec 12 '13 at 09:01
  • @OwenBlacker I get an error 'unable to open the file' when trying to use Pageant :( – Ian Grainger Aug 02 '17 at 09:00
5

When mixing GitHub for Windows and Git GUI for Windows, you might run into issues where Git GUI keeps prompting you for a username and password. The cure for this is to change the remote URL from https: (which is what GitHub for Windows creates) to the Git protocol. In the .git directory in the configuration file, find:

[remote "origin"]
   url = https://github.com/**username**/**reponame**.git
   fetch = +refs/heads/*:refs/remotes/origin/*

Change it to:

[remote "origin"]
    url = git@github.com:**username**/**reponame**.git
    fetch = +refs/heads/*:refs/remotes/origin/*
Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
IDisposable
  • 392
  • 4
  • 5
5

The most efficient way is using Pageant because it will let you write the passphrase only once at the beginning of the session instead of every push. All answers here were too short, so I'll post a detailed guide here:

  1. Download pageant.exe, puttygen.exe, putty.exe and plink.exe from PuTTY's website. Place them in C:\puttyTools directory.
  2. Run puttygen.exe.
  3. Click button Generate.
  4. Wiggle the mouse around in the top part of the window until the progress bar is full, as the program asks you to do.
  5. Provide a passphrase, and repeat it in the subsequent textbox.
  6. Click "Save private key". The usual directory to save these in is %USERPROFILE%\.ssh (in my computer this maps to C:\Users\andres\.ssh\). It doesn't matter what you call the key, but for demonstration purposes, I'm going to call it github.ppk. This file should have an extension of .ppk.
  7. Copy the text in the top text box in PuTTYgen, the one labeled Public key for pasting into OpenSSH authorized_keys file and paste it into a new SSH key in GitHub's settings. Give it a title that describes what machine the key is on (e.g. "Work laptop").
  8. Run pageant.exe, a new systray icon will appear.
  9. Right click on the icon -> Add key.
  10. Locate your ppk file, enter your passphrase.
  11. Create these new user environment variables (via looking for application Environ through WindowsMenu which will find Edit environment variables for your account): GIT_SSH = "C:\puttyTools\plink.exe" and SVN_SSH = "C:\puttyTools\PuTTY\plink.exe"
  12. Open putty.exe and try to connect to the host where you host your Git repositories. For example, try to connect to github.com via SSH, and a dialog will ask you if you accept the fingerprint of the server: click on YES.
  13. Run a new instance of your MINGW64 Git console, and verify that the environment variables are there by writing the command env | grep -i ssh.
  14. You should be all set. Try to clone with the Git + SSH protocol from your host.

(Originally extracted from these two guides which I combined in one: How to setup Git for Windows and Configure MinGW-W64+MSYS to use PuTTY Plink/Pageant.)

knocte
  • 347
  • 1
  • 6
  • 18
4

I had similar issues and none of the answers here solved the problem. It turns out, my key pair were originally generated with an empty passphrase. (I know, dumb.)

Once I created a new keypair and uploaded the public key to GitHub, things started working again.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
4

The standard location for the files is in %USERPROFILE%\.ssh.

%USERPROFILE% is the equivalent of $HOME in Unix (normally maps to something like c:\users\youruserid).

If you are using the SSH tools that came with Git, which are the standard command line Unix-style tools, you can use something like my script here to work with ssh-agent across all shells.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Eric Blade
  • 149
  • 1
  • 1
  • For future readers, `%USERPROFILE% is the equivalent of $HOME` is _not_ the equivalent of `$HOME`. A lot of bad acting Linux apps ported to Windows treat t the two the same e but they should _not_ be treated the same. – Micah Zoltu Aug 30 '17 at 18:23
  • Micah, can you inform the differences in intent for that? Also, even with different intent, it would seem that if all the tools use one as the other, then doesn't it effectively become equivalent? – Eric Blade Aug 31 '17 at 19:54
  • Tools that use `%USERPROFILE%` on Windows in the same way as `$HOME` on Linux are violating well documented best practices/recommendations for Windows development (published by MS long ago and updated over time). There are many tools that do this, but the argument to follow them is much like the argument "X pees in the pool, so we should too." `USERPROFILE` is where the user stores documents _they_ create/save (e.g., save dialog). `APPDATA` is for per-user configuration data. `LOCALAPPDATA` is for per-user caches and large files. `PROGRAMDATA` is for machine-wide configuration and cache. – Micah Zoltu Aug 31 '17 at 20:32
  • In general, the only tools that misbehave with USERPROFILE are tools written by Linux developers and then ported to Windows. As a developer, you probably use a lot of these so it _feels_ like "everyone is doing it" but outside of the development tooling ecosystem most Windows applications actually are good citizens. Even Microsoft sometimes makes the mistake of not putting things in the right place (they are a huge company), though in general when you point it out to them they make an effort to resolve the problem and follow OS guidelines. – Micah Zoltu Aug 31 '17 at 20:34
  • 1
    (sorry, StackExchange character limits on comments). Here is more details about the folders and a brief description of what goes in each. There are other resources as well, including more consumable blog posts, but this one offers the most technical accuracy: https://technet.microsoft.com/en-us/library/cc749104(v=ws.10).aspx – Micah Zoltu Aug 31 '17 at 20:39
4

I've fixed the above issue by creating

~/.ssh/config

file and put:

IdentityFile C:\Users\adria\.ssh\mysshkey
Adrian Onu
  • 141
  • 1
3

OK, I looked at the suggestion of ..

But placing in my private SSH keys in public folder I didn't think was a good idea, so I started to look for where the knownhost was.

So if you want to correctly protect your SSH key you need to put your key in the following directory:

For Windows 7, 8, and 8.1 32-bit:

C:\Users\\AppData\Local\VirtualStore\Program Files\Git\

For Windows 7, 8, and 8.1 64-bit:

C:\Users\\AppData\Local\VirtualStore\Program Files (x86)\Git\

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
  • This was the simplest solution on my Win7 machine. Like you, I searched for `known_hosts`. Sure enough, it was in `C:\Users\Dave\AppData\Local\VirtualStore\Program Files (x86)\Git\.ssh`. By placing my key file (id_rsa) in that directory, ssh was able to find it without complaint. I did a little reading - this is how Windows handles (legacy) software attempting to write to forbidden areas (such as "C:\Program Files\"), so Git's ssh is completely unaware that it is writing to the VirtualStore directory, Windows is handling that transparently. At least these files belong to a user! – DaveGauer Apr 29 '15 at 23:40
1

You can specify both the path to the key and the name of the key file like so (on Ubuntu). For example:

ssh -i /home/joe/.ssh/eui_rsa
Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
jim
  • 27
  • 1
  • This absolutely solves the problem and allows you to store your keys where ever you would like. – DaveGauer Apr 29 '15 at 23:26
  • The question was specifically about windows. I have git on my Ubuntu machine working like this, but I can't tell what to set `GIT_SSH_COMMAND` to on my Windows machine. – mjaggard Sep 06 '17 at 19:12
1

The following answer also applies to this question when running ssh from Windows Service Account: Jenkins (Windows Service) with Git over SSH

Alexander Pacha
  • 169
  • 2
  • 9
  • Following the link you provided I was able to get my Jenkins setup. I needed to set the HOME environment variable to the Git program path which held the .ssh directory I created my SSH key in. – Spechal Sep 03 '13 at 18:52
1

Pageant (an SSH agent supplied with the PuTTY bundle) solves the problem for me.

I have a shortcut in my Start Menu's Startup folder (C:\Users\owen.blacker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup) pointing to "C:\Program Files (x86)\PuTTY\pageant.exe" "C:\Users\owen.blacker\Documents\SSH\OwenBlackerPersonal.ppk" "C:\Users\owen.blacker\Documents\SSH\OwenBlackerWork.ppk", so that it loads my SSH keys on startup and this makes Git "just work" :o)

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Owen Blacker
  • 631
  • 1
  • 7
  • 20
  • 4
    I think you need several other settings correct for this to work (such as GIT_SSH set to TortoisePLink.exe I think?), and although it has worked for me in the past, I often get problems with it on other machines. :-( – Simon East Jun 12 '14 at 04:08
  • I get 'Unable to open the file' from Pageant :( Which I know is set up correctly as I'm using it for TortoiseGit :( – Ian Grainger Aug 02 '17 at 09:02
1

My msysgit OpenSSL/Bash Git experience (not PuTTY's plink) is that the search order for your the .ssh/ folder is as follows.

  1. %HOME%/.ssh/
  2. %HOMEDRIVE%%HOMEPATH%/.ssh/
  3. %USERPROFILE%/.ssh/

Hence why so many people suggest setting HOME if one of the others is not what you expect. More importantly, you can check for yourself; to debug use ssh -v to a server that uses public key authentication as follows:

$ ssh -v git@github.com
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /d/.ssh/config
...
debug1: identity file /d/.ssh/identity type -1
debug1: identity file /d/.ssh/id_rsa type 1
debug1: identity file /d/.ssh/id_dsa type -1
...
debug1: Next authentication method: publickey
debug1: Trying private key: /d/.ssh/identity
debug1: Offering public key: /d/.ssh/id_rsa
..
Hi kcd83! You've successfully authenticated, but GitHub does not provide shell access.

We found ssh searching on an obscure drive and none of the previous answers seemed to explain what we saw.

Sometimes %HOMEDRIVE%%HOMEPATH% is a mapped network drive (e.g. H:/) which causes unnecessary failures when there are network/fileserver issues, even when %USERPROFILE%/.ssh is C:/Users/Username/.ssh and has the keys locally. Setting %HOME% to %USERPROFILE% stops it looking at the remote home drive.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
KCD
  • 878
  • 3
  • 11
  • 23
  • this answer helped me solve a very peculiar issue where the encryption algorithm of my key wasn't supported by one of the operating systems I was using – maja Jan 11 '22 at 14:10
1

TortoiseGit lets you specify the key to use when cloning a repository. Simply check "Load Putty Key" and browse to the .ppk file, as in the screenshot: https://i.stack.imgur.com/lAyzT.png

chicks
  • 3,639
  • 10
  • 26
  • 36
NGNeer
  • 11
  • 2
  • If disabled, check `Settings... -> Network -> SSH client` is set to `C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe` – Nikita Bosik Nov 01 '17 at 11:49
1

Using Windows 10, I could not get the pageant generated SSH key working (at least for Git on the command line, using SourceTree I didn't have an issue) when running:

git push origin master

So my solution:

  1. I opened 'Git Bash'
  2. Ran

    ssh-keygen
    
  3. Confirmed keys now exist

    ls ~/.ssh
    
  4. Opened id_rsa.pub in Notepad++, selected all the contents

  5. Added a new key in Bitbucket, https://bitbucket.org/account/user/myusername/ssh-keys/

  6. Labelled and pasted contents into the key field --> Add Key

After that, command line Git worked. It appears that it wants the old PEM format, because if I try to import this key into pageant it says as much.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
HostMyBus
  • 11
  • 3
1

Many answers say this, but for me not fast enough!

in windows using msys (standard windows console) C:\Users\{you}\.ssh\id_rsa

Basically it doesn't bother scanning installed keys (at least not on my new laptop) and so needs specifically id_rsa

I encountered this wanting to clone some private work repo's in ruby MSYS CLI for windows 10 64-bit

MrMesees
  • 127
  • 5
0

Windows --> Preferences --> ssh2--> general--> load the private key . The pair's public key should have been uploaded to the git and voila things should work.

0

Reading your comment to Declan's answer, try opening a command prompt first (Start → Runcmd) and then navigate to that git/bin folder and run ssh-keygen. Theoretically that will generate an RSA key and place it in the appropriate directory. Then you just have got to find it and share your public key with the world.

The reason that the window "blinks" is because Windows runs the program, and when it executes, it closes the command prompt, thinking you're done with it, when you really need the output.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
naydichev
  • 101
0

Using v0.17 of Git Gui on Windows I clicked on the following menu command: HelpShow SSH Key.

A dialog appeared entitled Your OpenSSH Public Key. I generated a key and copied it to the clipboard. Then I continued to follow the setup-ssh instructions on githelp from Step Three onwards. Afterwards Git Gui communicated with GitHub silently - no need to enter any credentials.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
snow6oy
  • 109
  • 3
0

On my Windows 7 system Git Gui looks for the RSA key in the userprofile/.ssh folder or more specifically c:/users/yourusername/.ssh/.

The tricky part for my setup was getting the shared host at hostmonster to accept the key. The only way I could get it to work was by using Git Gui to create the key pairs (without a password) and then copy and pasting the public key via the control panel, ssh, manage keys.

To start at the beginning, you have to create the keys in Git Gui by going to menu Help, Show SSH key, then Generate Key. Now you will have two new keys in the .ssh directory. Open the .pub file and copy the contents.

Log in to your control panel on the shared host and go into SSH, Manage SSH keys, and Import key. Paste into the Public box, and make sure you name it the right name without the extension-- mine was id_rsa. Now you must authorize the key using the manage authorization link, so it will get concatenated into the authorized_keys file.

Now your Git Gui and your Git Bash should be able to push using SSH without having to type the password. Oddly, I was able to push using SSH via Git Bash and Git Gui just fine on my own servers running Linux, it was just the shared hosting that was giving me fits. I hope this helps someone as it took me hours of trial and error to come up with this--and it's so simple!

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
0

If you're on Windows 7/8, you should look in C:\Users\Your_User_Name.ssh Just copy & paste your id_rsa file here and it will all work out-of-the-box.

eeree
  • 109
  • 3
0

If you are using the Git command line for Windows you can do as follows:

Open cmd.exe and execute setx HOME c:\PATH_TO_PRIVATE_KEY.

Create a new folder, .ssh, (if not exist) inside c:\PATH_TO_PRIVATE_KEY and copy your id_rsa file (your private key) into it.

Done. Now you can use the Git command line normally.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
duccom
  • 1
  • 1
0

One mistake I made when using SSH on Windows was that when I attempted to use the keys through the Git Bash client, all of the files within ~/.ssh were the wrong permissions, yet it did not attempt to tell me that it was a problem.

Just as a test, make sure you've set everything in your ~/.ssh directory to chmod 600.

Spedge
  • 109
  • 3
0

If you have the necessary permissions on the Windows machine, and your policies permit it, I would suggest installing Cygwin (https://cygwin.com/), especially considering that you have prior experience with Linux. Cygwin will make it possible to handle your ssh-keys as you would on any other Linux/Unix machine. And it provides access to almost all of the cli tools of Linux.

torbenl
  • 101
  • 1
  • 1
    It is perfectly reasonable to make suggestions like this as comments. But as the question explicitly requests git for windows you should expect down votes for posting this as an answer. – rob May 16 '17 at 08:33
0

You can also load PuTTY Agent (pageant) and add the private key you generated with PuTTY for the server.

Git recognizes this and uses that for push/pull.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
0

I was using TortoiseGit as well as Git Bash on Windows, depending on need. I've added everything into TortoiseGit, and it worked fine, but Git Bash wasn't picking it up even though the keys were in the correct directory. It turns out I had to do this from Git Bash:

ssh-add C:\\Users\\<YOUR_USER>\\.ssh\\id_rsa

You can of course change the path to wherever your key is located, remembering to use \\ as the separator.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Vlad Schnakovszki
  • 563
  • 1
  • 4
  • 12
0

If using Git for Windows, once the SSH keys have been generated, you must add your SSH key to ssh-agent.

See Generating a new SSH key and adding it to the ssh-agent.

eval $(ssh-agent -s)

// Tell where the keys are located

ssh-add ~/.ssh/id_rsa
Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Matoeil
  • 101
  • 2
  • Welcome to Server Fault. This question already has a widely accepted answer accepted several years ago. Keep looking for newer questions or those that can be significantly improved. – Matthew Wetmore Sep 13 '17 at 19:21
  • 1
    the widely accepted answer did not work for me whereas this one did. I believe it might help someone to know the key must be added to the ssh agent and it can be done with 2lines of instructions – Matoeil Sep 14 '17 at 10:05