Git does not use SSH key (Windows)

Question

I created a SSH key for my GitLab repository and when I test it with SSH it does work and asks for the passphrase:

>ssh -T git@gitlab.lrz.de
Enter passphrase for key 'C:\Users\[username]/.ssh/id_ed25519':
Welcome to GitLab, @000[...]!

I also used

>git remote set-url origin git@gitlab.lrz.de:000[...]/project.git

without errors. However, when I try to commit and push to the repository, then Git asks for the Password of git@gitlab.lrz.de and not for the passphrase of the SSH key.

According to the Docs (https://docs.gitlab.com/ee/ssh/), you can set the ssh key in the config file ~/.ssh/config. So I created a text file in this directory with this content:

Host gitlab.lrz.de
 HostName gitlab.lrz.de
 IdentityFile ~/.ssh/id_ed25519

It still does not work and I am not sure if it even uses this config file. I was able to get everything running on a Linux server but not on this Windows computer. I tried it via command line and via Pycharm.

>git --version
git version 2.35.1.windows.1 

Answer 1

What helped me the most debugging this was to enable git tracing.

in cmd line:

set GIT_TRACE=1

in powershell or pwsh:

$env:GIT-TRACE=1 

Answer 2

You can use PuTTY as an SSH client and access your key via Pageant.

• Install PuTTY.
• Re-install Git for Windows. When asked, choose plink as SSH client (default is OpenSSH) and select plink.exe in PuTTY's installation directory.
• Open Pageant which was installed with PuTTY. Load your key.
• Work with git.

This solution is both reasonably secure and convenient. You may have you key protected with password, which is only asked once when you load the key in Pageant. When you're done, you may close Pageant or remove the key from list of loaded keys.

Answer 3

@kipy is nearly correct...

The issue is that git bundles its own SSH executable with it, and as in Windows (at least historically) the native OpenSSH client was optional, git won't acknowledge it by default. As a result of this, when you're doing things like:

ssh-add <my-key>

In Powershell (or whatever), that's not actually the SSH client that your git commands are using.

This complicates things further as, like me, you'll type:

ssh -T git@github.com

See the "Success!" message, and then scratch your head, wondering why git clone git@github.com:<username>/<repo>.git gives a (public key) error. I guess the clue is pretty clear, but not obvious... In one you run ssh directly, the other one you run git, which then calls 'ssh' by proxy.

The correct command to solve this, is to tell your git installation (via its config) which version of SSH you want it to use, so:

git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe

This will then prompt all git commands to use the same SSH client that your ssh command does.

This also allows you to use different keys for different remotes, as well as working in all terminals/applications.

---

NOTE: The above assumes that OpenSSH for Windows is installed via the Windows Optional Programs process, which is most likely the case, but just to be sure, you can open a PowerShell window, and run:

(Get-Command ssh).Path

Which will output something like:

C:\Windows\System32\OpenSSH\ssh.exe

If it doesn't output that, then replace the last part of the git config command above with this output instead.

Answer 4

When you have one or more ssh-keys on Windows, for pushing to separate Git-repositories:

c:\Users\anbj\.ssh\config:

    Host github.com
        Hostname github.com
        User git
        IdentityFile /c/Users/anbj/.ssh/id_ed25519_client_A

    Host otherhub.com
        Hostname otherhub.com
        User git
        IdentityFile /c/Users/anbj/.ssh/id_ed25519_client_B

NOTE Do not write a colon ( as in c: ). Confusingly this will work when running a test such as

    ssh -vT github.com

... but will fail once you got to do a Git push as in

    git push -u origin develop

Removing the colon and using an absolute path is what worked for me using Git 2.36.0.windows.1 on Windows 11.

Answer 5

in PyCharm try navigating to VCS -> Git -> Remotes and make sure that the URL configured there is aligned with the SSH URL (u can see the ssh URL when navigating to the repo via the browser and clicking on the clone button)

Answer 6

You can customize the ssh command used by git in the git config and then pass your key when using any git command.

git config core.sshCommand "ssh -i ~/.ssh/id_ed25519"