Git keeps asking me for my ssh key passphrase

This has been happening to me after restarts since upgrading from OS X El Capitan (10.11) to macOS Sierra (10.12). The ssh-add solution worked temporarily but would not persist across another restart.

The permanent solution was to edit (or create) ~/.ssh/config and enable the UseKeychain option.

Host * UseKeychain yes 

Related: macOS keeps asking my ssh passphrase since I updated to Sierra

If you've tried ssh-add and you're still prompted to enter your passphrase then try using ssh-add -K. This adds your passphrase to your keychain.

Update: if you're using macOS Sierra then you likely need to do another step as the above might no longer work. Add the following to your ~/.ssh/config:

Host * UseKeychain yes 

I would try the following:

1. Start GitBash
2. Edit your ~/.bashrc file
3. Add the following lines to the file

SSH_ENV=$HOME/.ssh/environment # start the ssh-agent function start_agent { echo "Initializing new SSH agent..." # spawn ssh-agent /usr/bin/ssh-agent | sed 's/^echo/#echo/' > ${SSH_ENV} echo succeeded chmod 600 ${SSH_ENV} . ${SSH_ENV} > /dev/null /usr/bin/ssh-add } if [ -f "${SSH_ENV}" ]; then . ${SSH_ENV} > /dev/null ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || { start_agent; } else start_agent; fi 

4. Save and close the file
5. Close GitBash
6. Reopen GitBash
7. Enter your passphrase

What worked for me on Windows was (I had cloned code from a repo 1st):

eval $(ssh-agent) ssh-add git pull 

at which time it asked me one last time for my passphrase

Credits: the solution was taken from https://unix.stackexchange.com/questions/12195/how-to-avoid-being-asked-passphrase-each-time-i-push-to-bitbucket

Try adding this to your ~/.ssh/config:

Host * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_rsa 

... assuming your private key is named id_rsa

previously -K flag is used to add key but now:

ssh-add --apple-use-keychain 

The -K and -A flags are deprecated and have been replaced by the --apple-use-keychain and --apple-load-keychain flags, respectively.

LATER EDIT: you may need to add ssh-add --apple-load-keychain -q to your .bash_profile or .bashrc or .zshrc or equivalent.

Run the following:

eval $(ssh-agent) && ssh-add ~/.ssh/id_rsa &>/dev/null 

Enter the passphrase, then check git. Git should not ask for passphrase after this command.

The original source: https://gist.github.com/egoens/c3aa494fc246bb4828e517407d56718d

If you are not using GitBash and are on Windows - you need to start your ssh-agent using this command

start-ssh-agent.cmd 

If your ssh agent is not set up, you can open PowerShell as admin and set it to manual mode

Get-Service -Name ssh-agent | Set-Service -StartupType Manual 

If the above solutions are not working for me, one thing to check is that you actually have the public key too (typically id_rsa.pub). It is unusual not to, but that was the cause for me.

To create your public key from your private key:

ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub 

In case you are on Win10:

I had the same problem. (previously had to update ssh-agent individually with a script from here because of a different problem)

Git did access my ssh config (git pull threw exceptions when I had nonsense-lines in ssh config), but never seemed to care about the private key I had added via ssh-agent and referenced in my config.

What fixed the problem was to execute the following command in PowerShell:

git config core.sshCommand (get-command ssh).Source.Replace('\','/') 

(Details are in this link)

I had a similar issue, but the other answers didn't fix my problem. I thought I'd go ahead and post this just in case someone else has a screwy setup like me.

It turns out I had multiple keys and Git was using the wrong one first. It would prompt me for my passphrase, and I would enter it, then Git would use a different key that would work (that I didn't need to enter the passphrase on).

I just deleted the key that it was using to prompt me for a passphrase and now it works!

For Windows or Linux users, a possible solution is described on GitHub Docs, which I report below for your convenience.

You can run ssh-agent automatically when you open bash or Git shell. Copy the following lines and paste them into your ~/.profile or ~/.bashrc file:

env=~/.ssh/agent.env agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; } agent_start () { (umask 077; ssh-agent >| "$env") . "$env" >| /dev/null ; } agent_load_env # agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?) if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then agent_start ssh-add elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then ssh-add fi unset env 

If your private key is not stored in one of the default locations (like ~/.ssh/id_rsa), you'll need to tell your SSH authentication agent where to find it. To add your key to ssh-agent, type ssh-add ~/path/to/my_key.

Now, when you first run Git Bash, you are prompted for your passphrase. The ssh-agent process will continue to run until you log out, shut down your computer, or kill the process.

It sounds like you may be having trouble with SSH-Agent itself. I would try troubleshooting that.

1) Did you do ssh-add to add your key to SSH?

2) Are you closing the terminal window between uses, because if you close the window you will have to enter the password again when you reopen it.

Another possible solution that is not mentioned above is to check your remote with the following command:

git remote -v 

If the remote does not start with git but starts with https you might want to change it to git by following the example below.

git remote -v // origin is https://github.com/user/myrepo.git git remote set-url origin [email protected]:user/myrepo.git git remote -v // check if remote is changed 

I try different solutions but nothing help. But this steps (My GitBash SSH environment always asks for my passphrase, what can I do?) from Bitbucket.com seams works well :

The idea is:

1. you create ~/.bashrc file

2. add follow script:

    SSH_ENV=$HOME/.ssh/environment # start the ssh-agent function start_agent { echo "Initializing new SSH agent..." # spawn ssh-agent /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}" echo succeeded chmod 600 "${SSH_ENV}" . "${SSH_ENV}" > /dev/null /usr/bin/ssh-add } if [ -f "${SSH_ENV}" ]; then . "${SSH_ENV}" > /dev/null ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || { start_agent; } else start_agent; fi 

3. re-run Bash

on mac, if your ssh key need passphrase everytime and you want to skip it, then you can try below, it works fine for me

1. eval "$(ssh-agent -s)"
2. ssh-add -K .ssh/id_rsa
3. add this default ssh configuration works for me

Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa

Update the url of the origin remote using SSH instead of HTTPS;

git remote set-url origin "SSH URL COPIED FROM GIT REPO." 

This what works with me.

If you happen to be using fish, there's a gist for it:

# config.fish if not pgrep -f ssh-agent > /dev/null eval (ssh-agent -c) set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK set -Ux SSH_AGENT_PID $SSH_AGENT_PID set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK end 

For skipping the passphrase we can create key without passphrase ))) But if this isn't a way to go For Windows I'm using the ssh-agent, you can add private key in it and remove from .ssh folder. How to setup ssh-agent:

# Check the current status of ssh-agent: Get-Service | ?{$_.Name -like '*ssh-agent*'} | select -Property Name, StartType, Status # Start the Service: Start-Service ssh-agent # Add your key as before: ssh-add <path to the key> 

ssh-agent works with C:\Windows\System32\OpenSSH\ssh.exe So we can setup this ssh.exe for git by creating environment variable:

GIT_SSH: C:\Windows\System32\OpenSSH\ssh.exe 

This will be working for Git and Bash.

Also we can setup this path for TortoiseGit: Settings>Network>SSH>SSH Client

This command from GitHub Docs did the trick for me:

> Enter old passphrase: [Type old passphrase] > Key has comment '[email protected]' > Enter new passphrase (empty for no passphrase): [Type new passphrase] > Enter same passphrase again: [Repeat the new passphrase] > Your identification has been saved with the new passphrase. 

As many already answered - fast way to get ssh-agent working is adding eval "$(ssh-agent -s)" to your ~/.bash_profile or equivalent.

Unfortunately, I saw none to mention how to add keys to the agent properly, since relying only on one ssh-key is not safe, and the fact that the keys are stored in a directory ~/.ssh/ implies it ;P
It is much better to keep your keys separated, for example - one for github access and another for gitlab, this way if you would accidentally leak one of your keys - accounts, bound to others will be safe. To do this you just need to add a simple for loop to your ~/.bash_profile like so:

#tag:ssh eval "$(ssh-agent -s)" for key in $(ls ${HOME}/.ssh | grep '.pub' | sed -e 's/.pub$//g'); do ssh-add ${HOME}/.ssh/${key} done #end:ssh 

yours way of implementing it may differ, but the concept is clear - use a loop for adding each of your keys separatley and don't keep all accounts bound to one key

I hope this is still relevant to you

Idk if someone needs something different but this help me a lot https://stackoverflow.com/a/6445525/11891580

To me on every restart, I have to run ssh-add --apple-use-keychain to load credentials, so I add this command to the stack overflow answer and now its fixed

I just removed passphrase

ssh-keygen -p -f ~/.ssh/id_ed25519 

Seems that your local repo hasnt updated with ssh keys...at least this is what happened to me when going from https to ssh.

Have you done a remote reset?

git remote set-url origin <ssh url> 

Maybe not the most secure way to fix this, but simply do not set a passphrase, it is optional. If you don't set a passphrase, it will not ask for it. You can change the passphrase with

$ ssh-keygen -p -f ~/.ssh/id_ed25519 > Enter old passphrase: [Type old passphrase] > Key has comment '[email protected]' > Enter new passphrase (empty for no passphrase): [Type new passphrase] > Enter same passphrase again: [Repeat the new passphrase] > Your identification has been saved with the new passphrase.