How to make git not prompt for passphrase for ssh key?

Question

I'm using git bash and I setup ssh key using ssh-keygen and each time I do something with a repo git ask me for passphrase for /c/Users/jankiewj/.ssh/id_rsa. Is there a way to disable that passphrase.

EDIT: I've edited original title (removed Windows) since I've just used fresh install of Ubuntu on my work laptop and when ssh key have pass phrase it always ask for it and the solution to fix this is the same. This probably work the same on MacOSX that is also Unix and use same basic tools.

This page on serverfault might help http://serverfault.com/questions/194567/how-do-i-tell-git-for-windows-where-to-find-my-private-rsa-key — , Dec 08 '15 at 11:41
https://superuser.com/questions/1433917/windows-10-ssh-client-password-less-access — Mike Lowery, May 29 '20 at 21:12
@MikeLowery this looks like PowerShell question and answer. This is about git bash, linux like env for Windows before WSL, but with WSL is the same. — jcubic, May 30 '20 at 06:19

jcubic · Accepted Answer · 2021-03-15T22:09:51.820

122

You can run this in git bash, Windows WLS or bash on real GNU/Linux.

eval `ssh-agent -s`
ssh-add ~/.ssh/*_rsa

it will ask for pass phrase in the second command, and that's it. Each additional action you will need to do (which once required pass phrase) won't ask you for the pass phrase (see an example in the screen shot below):

edited Mar 15 '21 at 22:09

answered Feb 24 '16 at 14:19

jcubic

2,833
2
23
23

20

I have to enter it again, as soon as I close git bash... is there a permanent solution? – Black Sep 18 '18 at 07:59
2

@Black it's per bash session, I've put this in `.bashrc` so each time I open git bash I get the prompt and for that session I'm all set. – jcubic Sep 18 '18 at 09:36
What exactly do you put in .bashrc? And where is .bashrc? – Black Sep 18 '18 at 09:38
Edit: nevermind, You have to create the file yourselv in `~/.bashrc` then enter the lines from your post into it and save, thats it :) thx! – Black Sep 18 '18 at 09:55
Instead of using the lines above, especially in the `.bashrc`, I would use a script, and place it in either the `.bash_profile` or `.profile`. [Here](https://bitbucket.org/snippets/Rockin4Life33/xAaqBn) is a snippet of the main portion of my `.bash_profile`, it should resolve this for anyone still looking for an answer; it's similar to an answer below. At the top of the script I load up my `.bashrc`, which if not applicable just leave that out. Note: you will need to change references to `id_rsa` to whatever you named your private SSH key, and maybe the path. – Rockin4Life33 Aug 06 '19 at 01:41
What's with the `eval`? – Det Sep 07 '19 at 07:07
@Det `ssh-agent -s` return variables + echo in bash format, like a small script, so you need to execute it, and you need this in current context so `$()` will not work. Check `man ssh-agent` for `-s` option. – jcubic Sep 07 '19 at 07:53
this only works in git bash – br4nnigan Feb 13 '20 at 09:45
@brannigan I use this only on Windows and it work the same in Windows WSL (linux on windows), on GNU/Linux I don't need this at all, but I have ssh key without passphrase, maybe this is the reason. On all the systems I use bash. – jcubic Feb 13 '20 at 14:25
Why do we need the first step? It only outputs `Agent pid xxxxx` – Niing Sep 15 '21 at 02:09
1

@Niing commands can do something that you don't know and print something else. You don't know what that command does. If you want to know for sure, you can read its source code, the program is open source. – jcubic Sep 16 '21 at 06:25
1

@jcubic: it creates an new agent and prints the id of it :) Thanks I should check things like that. – Niing Sep 16 '21 at 06:49

score 32 · Answer 2 · answered Apr 04 '19 at 23:02

32

A slightly better and permanent solution is to auto launch the ssh-agent when opening the git bash on windows. You can copy/paste the below in your .profile or .bashrc. I prefer to put it on the .profile

env=~/.ssh/agent.env

agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }

agent_start () {
    (umask 077; ssh-agent >| "$env")
    . "$env" >| /dev/null ; }

agent_load_env

# agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running
agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)

if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
    agent_start
    ssh-add
elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
    ssh-add
fi

unset env

This solution was taken from this github help article

answered Apr 04 '19 at 23:02

velval

443
1
5
7

I've put my simple code into `.bashrc`, how your solution different? On Windows bash each shell is independent so agent is never running when you run the shell. – jcubic Apr 05 '19 at 07:41
1

Solution works fine by putting the code into the `.bashrc`. Prompting the ssh passphrase only at the first time. Safed my life. Thank you. – Ben Asmussen Jun 10 '19 at 19:39
1

This should really be the accepted answer as it presents a solution that is persistent and better meets what I think the OP was asking. – Richard D Jul 17 '19 at 17:00
What do I do if I accidentally typed the wrong password on startup? Edit: Based on https://superuser.com/a/271673/647110, you can `ssh-add -D` to delete all keys. – Nils Guillermin Aug 19 '19 at 15:16
For those wondering , i had to `touch ~/.profile` into git bash in order to have the file .profile – grunk May 20 '20 at 08:26
3

This solution still requires you to enter your passphrase when you first open git bash, and you have to have git bash open to run git commands. This is not a good permanent solution – user2023861 Jul 20 '20 at 16:03
@user2023861: Slight tweak to method so password prompt only appears as needed: stackoverflow.com/a/59441543/117030 – Leftium Jun 26 '21 at 21:18
For others who end up here trying to figure out why their script isn't executing when they add it to either `~/.profile` or `~/.bashrc`, I found I needed to add it to `~/.bash_profile` for it to get picked up and used by Git Bash on Windows. – csrowell Feb 14 '22 at 16:39

JBSnorro · Answer 3 · 2021-06-07T11:48:44.657

2

TDLR: For windows users,

run ssh-add "C:\\Users\\<your user>/.ssh/id_rsa"
not ssh-add ~/.ssh/id_rsa

For example I see this all the time:

$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /c/Users/User/.ssh/id_rsa: 
Identity added: /c/Users/User/.ssh/id_rsa (/c/Users/User/.ssh/id_rsa)

$ git pull
Enter passphrase for key 'C:\Users\User/.ssh/id_rsa':

Note the inconsistent path separators: the ssh-agent converts ~ using Unix path separators, but git uses Windows path separators instead. Given that the path of the id_rsa file is used as key, this explains why the cache is missed.

Another difference is C:/ instead of /c/
Related remark: When git asks you for the passphrase, it won't be cached, so you can be entering it there indefinitely. Try passing the phrase to ssh-add only.
On Windows, assume that ~ is "multivalued", so it's best to be explicit.
ssh-add looks at default locations like ~/.ssh/id_rsa. On Windows, assume that's ambiguous. Explicitly pass in the explicitly formatted path instead of relying on default paths:
- ssh-add "C:\\Users\\<your user>/.ssh/id_rsa", i.e. in @velval's answer too.

edited Jun 07 '21 at 11:48

answered Jun 07 '21 at 11:36

JBSnorro

237
1
9

NOTE That the question is about GIT Bash on Windows and also the accepted answer, so it's still `ssh-add ~/.ssh/id_rsa` (even on Windows). GIT Bash is a unix environment. The same will be in WSL (Windows Subsystem for Linux) so your answer is wrong. – jcubic Jun 07 '21 at 19:22
If think that you didn't installed GIT Bash properly and installed git tools into cmd.exe, so this is not GIT Bash as in question. Please create another question where you can ask about cmd.exe instead of GIT Bash. This will only confuse people. – jcubic Jun 07 '21 at 19:23
@jcubic My answer is about Git Bash on Windows too, just like the question and accepted answer. I'm pretty sure that is clear from my answer, but if not, where can I improve? – JBSnorro Jun 08 '21 at 08:29
I know this is old, but putting in the full path instead of of `~/.ssh` is what worked for me. – gin93r Jan 03 '23 at 17:05

score 1 · Answer 4 · answered Dec 08 '15 at 14:40

1

Im not sure if I want to recommend it, but when you create the Key and asked to set password, just hit enter and skip the password.

Have a look at this link for how to use ssh-keygen: https://help.github.com/articles/working-with-ssh-key-passphrases/

Perhaps ssh-agent can help you somehow. But not sure without knowing your current system.

answered Dec 08 '15 at 14:40

David Bern

180
5

9

definitely not a good answer – Kennet Celeste Sep 09 '19 at 02:40
1

It was the only way to solve it on windows 10. After following all the steps of "Generating a new SSH key and adding it to the ssh-agent" github guide, it was always asking me for the passphrase. Even after added it. That behavior was breaking my maven deployment flow because at `mvn release:perform` phase it tries to checkout the release tag without providing the passphrase. So only clearing the passphrase solved this issue. – Fernando Miguel Carvalho Dec 17 '19 at 12:47
Not recommended. Then everybody accessing your machine can use the private/public key pair. – psuzzi Jun 04 '22 at 09:15
yea.... if everyone who can access your machine can access your files, you have other issues to handle as well...... But still, what you say is correct. – David Bern Jun 04 '22 at 18:44
1

This is the correct answer. Any valid solution to OP's question, namely not having to enter your passphrase, means effectively anyone with access to your computer can use your key *without your passphrase*. It's literally what was asked for and this is the simplest way to achieve that. If you want the extra protection from a passphrase, then you're going to have to keep entering that passphrase. What kind of passphrase is one you can use without entering it? – Kryomaani Sep 13 '22 at 01:20
@Kryomaani, hard disagree. Nowhere does OP mention that there is zero security concern, so advocating for no security is a terrible answer. If a user wants to clone 5 git repositories, the default Windows behavior is to prompt the user for their password 5 times. This can be made better by caching the password for the session, and thus only requiring entry a single time, without sacrificing all notion of security. – Casey Kuball Jan 10 '23 at 19:17

score 0 · Answer 5 · answered Dec 16 '20 at 15:52

Keychain is a program to do this work intelligently.

It should be ran from the .bashrc (or equivalent) and it will setup the environment correctly no configuration other than which keys it should load.

This what I use: keychain --quiet key1.pem key2.pem

It realizes that the shell is Zsh and it worked exactly the same when I used Bash.

score -2 · Answer 6 · answered Mar 27 '19 at 08:45

-2

Enter this git command in your repos location "ssh-keygen -p" This will then prompt you to enter the keyfile location, the old passphrase, and the new passphrase (which can be left blank to have no passphrase). Don't enter anything in new password and it will remove passphrase

answered Mar 27 '19 at 08:45

bharti

21
1

3

Leaving a blank password is insecure and many corporate devs won't be able to have a blank passphrase due to restriction. It's a lame workaround, not a solution for OP issue. – cbaldan Jun 02 '19 at 16:06
lame perhaps, but for local use only, Tasty and expeditious™ – Jim P Sep 17 '19 at 17:12
clearly not the best answer, but it is a valid answer. a security warning would be nice though.. – Daniel Alder Jan 11 '23 at 12:47

How to make git not prompt for passphrase for ssh key?

6 Answers6

Linked