Windows 10 with Git SSH

Every time I setup a new PC/Laptop for development, I have to go through some steps to configure my Git ssh keys to work with Windows. While Microsoft does have partial support for SSH keys in Windows 10, if they are passphrase protected, it doesn’t work with command line, PowerShell or in some applications (like WebStorm/VSCode). This was something I’ve seen previous colleagues struggle with, and we almost always ended up using non-protected keys. Unfortunately, a non-protected key is not ideal for many reasons. The good news is that there is a way to set it up on Windows, even with passphrase protection.

A few prerequisites. Make sure you have Git installed. Not SourceTree, or the GitHub application, but Git. If you don’t have it, you can grab it here.

PuTTY

Now, grab and install PuTTY from here. PuTTY – if you don’t know it – is a Windows SSH and telnet client. PuTTY primarily is an SSH client, but has a set of tools that will allow you to generate SSH keys, and acts as a bridge between SSH client applications and your keys. If you still need to generate an SSH key, you can run the tool PuTTYgen, and generate your required key. GitHub, for example, wants an SSH2-RSA key (at least at the time of writing). Make sure to set a passphrase on your key.

Save your private and public keys somewhere safe. Copy the OpenSSH key text seen above into your Git provider’s site. In GitHub this is in your profile settings.

Linking Your Keys

PuTTY provides a tool called Pageant. This is the PuTTY authentication agent. When you run this, it adds an icon to your system tray. Right click on it, and select Add Key. Find the private key (a .ppk file) that you saved in the previous step, and load it. Here it will ask you for the passphrase that you entered earlier.

Once you’ve loaded the key, you now need to tell Git – or whatever other application you’re using, like SVN – how to find these keys. PuTTY also provides a tool called plink, which links SSH key requests to the keys currently loaded in Pageant. For Git, you need to add environment variable called GIT_SSH and point it to the plink executable.

After adding this, and restarting any terminals, you should be able to perform all the Git command line tricks you need. Visual Studio Code Git integration should now work flawlessly, and without asking you for a passphrase.

Final Note

When you restart your PC, you need to run Pageant again, and add the keys again. There are ways to automate this, but in my opinion, this removes the security layer created by adding a passphrase to your key. For me, entering the passphrase once per reboot is the perfect balance between security and convenience.

Posted in Uncategorized.