SSH Setup Guide for GitHub

Set it up once, never deal with tokens or passwords again.

What's in this guide

macOS Setup

This guide is written for macOS Catalina (10.15) or newer. Older versions may not include the required SSH tools or may behave differently. If you're unsure which version you're on, click the Apple menu and select About This Mac.

1
Open Terminal

Press Cmd + Space to open Spotlight, type Terminal, and press Enter.

This opens the built-in macOS terminal app. All commands in this section are typed here.

2
Make sure Git is installed

Type this and press Enter:

git --version

If Git is already installed, you'll see a version number like git version 2.39.5. You're good, skip to Step 3.

If it's not installed, macOS will pop up a dialog asking to install Command Line Developer Tools. Click Install and wait for it to finish (this can take a few minutes). Once done, run the command again to confirm. This is normal and only happens once.

3
Generate your SSH key

Paste this command into Terminal, replacing the email with the email tied to your GitHub account:

ssh-keygen -t ed25519 -C "your-email@example.com"

ssh-keygen generates a new SSH key pair (one public, one private). The -t ed25519 flag picks a modern, secure key type. The -C flag attaches your email as a label so you can identify the key later.

It will ask you a few things:

  • "Enter file in which to save the key" - just press Enter to accept the default location.
  • "Enter passphrase" - just press Enter twice to skip it (recommended).

You'll see some output including a "randomart image." That means it worked.

Why skip the passphrase? It adds extra security but means typing it every time you push or pull. For personal machines, skipping it is standard practice. Passphrases are more useful in corporate or shared environments.

By default, your key saved to ~/.ssh/id_ed25519 inside your home folder. You do not need to navigate there, but it's good to know.

4
Create the SSH config file

This step tells macOS to remember your key across restarts. Without it, you'd have to re-add the key every time you reboot.

Run these two commands, one at a time:

touch ~/.ssh/config

touch creates an empty file if it doesn't already exist. The ~/.ssh/ part means "inside the .ssh folder in your home directory."

open ~/.ssh/config

open launches the file in TextEdit (macOS's built-in text editor).

Paste the following into it:

Host github.com AddKeysToAgent yes IdentityFile ~/.ssh/id_ed25519

Save the file (Cmd + S) and close TextEdit.

If you set a passphrase in Step 3, use this version instead (copy and paste it over everything in the file). This stores the passphrase in your macOS Keychain so you don't have to type it every time:

Host github.com AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_ed25519
5
Add your key to the SSH agent

Back in Terminal, run these commands one at a time:

eval "$(ssh-agent -s)"

This starts the SSH agent, a small background program that holds your key in memory so you don't have to provide it every time. You should see something like Agent pid 12345.

Now hand your private key to the agent:

ssh-add ~/.ssh/id_ed25519

ssh-add loads your key into the agent. The path after it tells it which key file to use.

You should see Identity added.

If you set a passphrase in Step 3, use ssh-add --apple-use-keychain ~/.ssh/id_ed25519 instead. The --apple-use-keychain flag saves your passphrase to macOS Keychain.

6
Copy your public key to the clipboard
pbcopy < ~/.ssh/id_ed25519.pub

pbcopy is a macOS command that copies text to your clipboard (like pressing Cmd+C). The < feeds the contents of the file into it. Nothing will appear in the terminal, but it worked.

You'll paste this into GitHub next.

Make sure you copied the right file. The file must end in .pub (that's the public key). Never share the file without the .pub extension. That's your private key.
7
Add the key to GitHub
  1. Go to github.com and sign in.
  2. Click your profile picture (top right corner) and select Settings.
  3. In the left sidebar, click SSH and GPG keys.
  4. Click the green New SSH key button.
  5. For Title, type something you'll recognize (e.g., "MacBook" or "My Laptop").
  6. Leave Key type as Authentication Key.
  7. Click in the Key field and paste (Cmd + V).
  8. Click Add SSH key.
8
Test the connection

Back in Terminal, run:

ssh -T git@github.com

ssh -T connects to GitHub as a test. The -T flag means "don't open an interactive session, just check if I can authenticate."

You'll see a scary-looking message. This is normal. The first time you connect, you'll see something like "The authenticity of host 'github.com' can't be established..." followed by a fingerprint. This is just your computer verifying GitHub's identity. Type yes and press Enter. You won't see this again.

After that, you should see:

Hi your-username! You've successfully authenticated, but GitHub does not provide shell access.

That message means it worked. If you see your GitHub username, SSH is set up.

On a Mac? You're done with setup. Skip the Windows section below and jump straight to Cloning a Repo with SSH to learn how to use SSH going forward.

Windows Setup

This guide requires Windows 10 (version 1809 or newer) or Windows 11. Older versions of Windows do not include the built-in OpenSSH tools these steps rely on. To check your version, press Win + R, type winver, and press Enter.

1
Open PowerShell and install Git

Click the Start menu, type PowerShell, and open Windows PowerShell. All commands in this guide are typed here.

Use PowerShell, not Command Prompt. Some commands in this guide won't work in the old Command Prompt (cmd.exe). Make sure your prompt starts with PS (e.g., PS C:\Users\YourName>).

Windows doesn't come with Git, so install it by running:

winget install Git.Git

After it finishes, close and reopen PowerShell so it recognizes the new commands. Then verify it worked:

git --version

You should see a version number like git version 2.47.1.windows.1.

If winget is not recognized, your Windows version may be too old. You can download Git manually from git-scm.com instead.

2
Start the SSH agent service

Windows has a built-in SSH agent, but it's turned off by default. You need to enable it once using an admin PowerShell window.

Keep your current PowerShell window open. You'll come back to it after this step. Open a second PowerShell window as administrator: search for PowerShell in the Start menu, right-click Windows PowerShell, and choose Run as administrator.

In the admin PowerShell window, run these two commands one at a time:

Get-Service ssh-agent | Set-Service -StartupType Automatic

This tells Windows to automatically start the SSH agent every time your computer boots up.

Start-Service ssh-agent

This starts the agent right now (instead of waiting for a reboot). Neither command will print anything if it worked. No output means success.

Close the admin window and switch back to your original PowerShell window for the rest of the steps. You only have to do this once. After enabling the service, the SSH agent runs automatically in the background forever.

3
Generate your SSH key

Paste this command, replacing the email with the email tied to your GitHub account:

ssh-keygen -t ed25519 -C "your-email@example.com"

ssh-keygen generates a new SSH key pair (one public, one private). The -t ed25519 flag picks a modern, secure key type. The -C flag attaches your email as a label so you can identify the key later.

It will ask you a few things:

  • "Enter file in which to save the key" - press Enter to accept the default location.
  • "Enter passphrase" - just press Enter twice to skip it (recommended).

You'll see some output including a "randomart image." That means it worked.

Why skip the passphrase? It adds extra security but means typing it every time you push or pull. For personal machines, skipping it is standard practice. Passphrases are more useful in corporate or shared environments.

By default, your key saved to C:\Users\YourName\.ssh\id_ed25519. You don't need to navigate there, but it's good to know.

4
Add your key to the SSH agent
ssh-add $HOME\.ssh\id_ed25519

ssh-add loads your private key into the SSH agent so it can authenticate on your behalf. The path after it points to the key file you just created. $HOME is a variable that expands to your user folder (e.g., C:\Users\YourName).

You should see Identity added. Because you enabled the SSH agent service in Step 2, your key stays loaded even after a reboot.

5
Configure Git to use the correct SSH

Git for Windows ships with its own SSH program, which doesn't talk to the Windows SSH agent you just set up. This one-time command tells Git to use the Windows built-in SSH instead:

git config --global core.sshCommand "C:/Windows/System32/OpenSSH/ssh.exe"

git config --global saves a setting that applies to all your Git projects. Here, it tells Git which SSH program to use. Without this, Git might fail to find your key.

6
Copy your public key to the clipboard
cat $HOME\.ssh\id_ed25519.pub | clip

cat prints the contents of a file, and | clip pipes that output straight to your clipboard (like pressing Ctrl+C). Nothing will appear in PowerShell, but it worked.

You'll paste this into GitHub next.

Make sure you copied the right file. The file must end in .pub (that's the public key). Never share the file without the .pub extension. That's your private key.
7
Add the key to GitHub
  1. Go to github.com and sign in.
  2. Click your profile picture (top right corner) and select Settings.
  3. In the left sidebar, click SSH and GPG keys.
  4. Click the green New SSH key button.
  5. For Title, type something you'll recognize (e.g., "Windows Desktop" or "My Laptop").
  6. Leave Key type as Authentication Key.
  7. Click in the Key field and paste (Ctrl + V).
  8. Click Add SSH key.
8
Test the connection

Back in PowerShell, run:

ssh -T git@github.com

ssh -T connects to GitHub as a test. The -T flag means "don't open an interactive session, just check if I can authenticate."

You'll see a scary-looking message. This is normal. The first time you connect, you'll see something like "The authenticity of host 'github.com' can't be established..." followed by a fingerprint. This is just your computer verifying GitHub's identity. Type yes and press Enter. You won't see this again.

After that, you should see:

Hi your-username! You've successfully authenticated, but GitHub does not provide shell access.

That message means it worked. If you see your GitHub username, SSH is set up.

Do I have to use PowerShell forever now? Nope. PowerShell is only needed for the setup steps above. Once SSH is configured, the agent runs as a background Windows service. Your everyday Git commands (git clone, git push, git pull, etc.) work in any terminal: PowerShell, Command Prompt, VS Code's built-in terminal, or Windows Terminal. Use whatever you're comfortable with.

Cloning a Repo with SSH

1
Copy the SSH URL from GitHub
  1. Go to the repository page on GitHub.
  2. Click the green Code button.
  3. Select the SSH tab (not HTTPS, not GitHub CLI).
  4. Copy the URL. It starts with git@github.com:.
2
Navigate to where you want the project

Open your terminal (Terminal on Mac, any terminal on Windows) and use the cd (change directory) command to move into the folder where you want the repo to live.

Start typing a folder name and press Tab to autocomplete it. For example, type cd Des then hit Tab, and it fills in Desktop for you. This works in Terminal, PowerShell, and most other terminals.

For example, to navigate to a folder called "Projects" on your Desktop:

Mac:

cd ~/Desktop/Projects

Windows:

cd $HOME\Desktop\Projects

~ (Mac) and $HOME (Windows) are both shortcuts that mean "my home folder" (e.g., /Users/YourName on Mac or C:\Users\YourName on Windows).

If you're not sure where you are, you can check your current location:

pwd
3
Clone it

Once you're in the right folder, run:

git clone git@github.com:username/repo-name.git

Replace the URL with the one you copied. This creates a new folder with the repo inside it. To start working in the project:

cd repo-name

That's it. No tokens, no passwords, no pop-ups.

Made by Mikey Voss