Git keeps asking me for my ssh key passphrase

637
votes

I created keys as instructed in the github tutorial, registered them with github, and tried using ssh-agent explicitly — yet git continues to ask me for my passphrase every time I try to do a pull or a push.

What could be the cause?

18
gitssh-agent
Related: stackoverflow.com/questions/14762034/…Jeff

18 Answers

1207
votes

Once you have started the SSH agent with:

eval $(ssh-agent)

Do either:

  1. To add your private key to it:

     ssh-add

    This will ask you your passphrase just once, and then you should be allowed to push, provided that you uploaded the public key to Github.

  2. To add and save your key permanently on macOS:

     ssh-add -K

    This will persist it after you close and re-open it by storing it in user's keychain.

  3. To add and save your key permanently on Ubuntu (or equivalent):

      ssh-add ~/.ssh/id_rsa
265
votes

This has been happening to me after restarts since upgrading from OS X El Capitan (10.11) to macOS Sierra (10.12). The ssh-add solution worked temporarily but would not persist across another restart.

The permanent solution was to edit (or create) ~/.ssh/config and enable the UseKeychain option.

Host *
    UseKeychain yes

Related: macOS keeps asking my ssh passphrase since I updated to Sierra

65
votes

If you've tried ssh-add and you're still prompted to enter your passphrase then try using ssh-add -K. This adds your passphrase to your keychain.

Update: if you're using macOS Sierra then you likely need to do another step as the above might no longer work. Add the following to your ~/.ssh/config:

Host *
  UseKeychain yes
60
votes

I would try the following:

  1. Start GitBash
  2. Edit your ~/.bashrc file
  3. Add the following lines to the file

SSH_ENV=$HOME/.ssh/environment

# start the ssh-agent
function start_agent {
    echo "Initializing new SSH agent..."
    # spawn ssh-agent
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > ${SSH_ENV}
    echo succeeded
    chmod 600 ${SSH_ENV}
    . ${SSH_ENV} > /dev/null
    /usr/bin/ssh-add
}

if [ -f "${SSH_ENV}" ]; then
     . ${SSH_ENV} > /dev/null
     ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
        start_agent;
    }
else
    start_agent;
fi
  1. Save and close the file
  2. Close GitBash
  3. Reopen GitBash
  4. Enter your passphrase
41
votes

What worked for me on Windows was (I had cloned code from a repo 1st):

eval $(ssh-agent)
ssh-add 
git pull

at which time it asked me one last time for my passphrase

Credits: the solution was taken from https://unix.stackexchange.com/questions/12195/how-to-avoid-being-asked-passphrase-each-time-i-push-to-bitbucket

30
votes

Try adding this to your ~/.ssh/config:

Host *
   AddKeysToAgent yes
   UseKeychain yes
   IdentityFile ~/.ssh/id_rsa

... assuming your private key is named id_rsa

7
votes

I had a similar issue, but the other answers didn't fix my problem. I thought I'd go ahead and post this just in case someone else has a screwy setup like me.

It turns out I had multiple keys and Git was using the wrong one first. It would prompt me for my passphrase, and I would enter it, then Git would use a different key that would work (that I didn't need to enter the passphrase on).

I just deleted the key that it was using to prompt me for a passphrase and now it works!

7
votes

If the above solutions are not working for me, one thing to check is that you actually have the public key too (typically id_rsa.pub). It is unusual not to, but that was the cause for me.

To create your public key from your private key:

ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
5
votes

It sounds like you may be having trouble with SSH-Agent itself. I would try troubleshooting that.

1) Did you do ssh-add to add your key to SSH?

2) Are you closing the terminal window between uses, because if you close the window you will have to enter the password again when you reopen it.

4
votes

If you are not using GitBash and are on Windows - you need to start your ssh-agent using this command

start-ssh-agent.cmd

If your ssh agent is not set up, you can open PowerShell as admin and set it to manual mode

Get-Service -Name ssh-agent | Set-Service -StartupType Manual
3
votes

For Windows or Linux users, a possible solution is described on GitHub Docs, which I report below for your convenience.

You can run ssh-agent automatically when you open bash or Git shell. Copy the following lines and paste them into your ~/.profile or ~/.bashrc file:

env=~/.ssh/agent.env

agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }

agent_start () {
    (umask 077; ssh-agent >| "$env")
    . "$env" >| /dev/null ; }

agent_load_env

# agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running
agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)

if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
    agent_start
    ssh-add
elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
    ssh-add
fi

unset env

If your private key is not stored in one of the default locations (like ~/.ssh/id_rsa), you'll need to tell your SSH authentication agent where to find it. To add your key to ssh-agent, type ssh-add ~/path/to/my_key.

Now, when you first run Git Bash, you are prompted for your passphrase. The ssh-agent process will continue to run until you log out, shut down your computer, or kill the process.

2
votes

I try different solutions but nothing help. But this steps (My GitBash SSH environment always asks for my passphrase, what can I do?) from Bitbucket.com seams works well :

The idea is:

  1. you create ~/.bashrc file

  2. add follow script:

    SSH_ENV=$HOME/.ssh/environment

# start the ssh-agent
    function start_agent {
    echo "Initializing new SSH agent..."
    # spawn ssh-agent
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
    echo succeeded
    chmod 600 "${SSH_ENV}"
    . "${SSH_ENV}" > /dev/null
    /usr/bin/ssh-add
}

if [ -f "${SSH_ENV}" ]; then
     . "${SSH_ENV}" > /dev/null
     ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
        start_agent;
    }
else
    start_agent;
fi

  3. re-run Bash

1
votes

Another possible solution that is not mentioned above is to check your remote with the following command:

git remote -v

If the remote does not start with git but starts with https you might want to change it to git by following the example below.

git remote -v // origin is https://github.com/user/myrepo.git
git remote set-url origin [email protected]:user/myrepo.git
git remote -v // check if remote is changed
1
votes

Update the url of the origin remote using SSH instead of HTTPS;

git remote set-url origin "SSH URL COPIED FROM GIT REPO."

This what works with me.

0
votes

on mac, if your ssh key need passphrase everytime and you want to skip it, then you can try below, it works fine for me

  1. eval "$(ssh-agent -s)"
  2. ssh-add -K .ssh/id_rsa
  3. add this default ssh configuration works for me

Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa

0
votes

In case you are on Win10:

I had the same problem. (previously had to update ssh-agent individually with a script from here because of a different problem)

Git did access my ssh config (git pull threw exceptions when I had nonsense-lines in ssh config), but never seemed to care about the private key I had added via ssh-agent and referenced in my config.

What fixed the problem was to execute the following command in PowerShell:

git config core.sshCommand (get-command ssh).Source.Replace('\','/')

(Details are in this link)

0
votes

If you happen to be using fish, there's a gist for it:

# config.fish
if not pgrep -f ssh-agent > /dev/null
  eval (ssh-agent -c)
  set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK
  set -Ux SSH_AGENT_PID $SSH_AGENT_PID
  set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK
end
0
votes

Run the following:

eval $(ssh-agent) && ssh-add ~/.ssh/id_rsa &>/dev/null

Enter the passphrase, then check git. Git should not ask for passphrase after this command.

The original source: https://gist.github.com/egoens/c3aa494fc246bb4828e517407d56718d