jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity
Files
main
docs/content/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases.md

104 lines
3.9 KiB
Markdown
Raw Permalink Blame History

---
title: Working with SSH key passphrases
intro: You can secure your SSH keys and configure an authentication agent so that you won't have to reenter your passphrase every time you use your SSH keys.
redirect_from:
- /ssh-key-passphrases
- /working-with-key-passphrases
- /articles/working-with-ssh-key-passphrases
- /github/authenticating-to-github/working-with-ssh-key-passphrases
- /github/authenticating-to-github/connecting-to-github-with-ssh/working-with-ssh-key-passphrases
versions:
fpt: '*'
ghes: '*'
ghec: '*'
topics:
- SSH
shortTitle: SSH key passphrases
---
## About passphrases for SSH keys
With SSH keys, if someone gains access to your computer, the attacker can gain access to every system that uses that key. To add an extra layer of security, you can add a passphrase to your SSH key. To avoid entering the passphrase every time you connect, you can securely cache the key in the SSH agent.
## Adding or changing a passphrase
You can change the passphrase for an existing private key without regenerating the keypair by typing the following command:
```shell
$ ssh-keygen -p -f ~/.ssh/id_ed25519
> Enter old passphrase: [Type old passphrase]
> Key has comment 'your_email@example.com'
> Enter new passphrase (empty for no passphrase): [Type new passphrase]
> Enter same passphrase again: [Repeat the new passphrase]
> Your identification has been saved with the new passphrase.
```
If your key already has a passphrase, you will be prompted to enter it before you can change to a new passphrase.
{% windows %}
## Auto-launching `ssh-agent` on Git for Windows
You can run `ssh-agent` automatically when you open bash or Git shell. Copy the following lines and paste them into your `~/.profile` or `~/.bashrc` file in Git shell:
``` bash
env=~/.ssh/agent.env
agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }
agent_start () {
(umask 077; ssh-agent >| "$env")
. "$env" >| /dev/null ; }
agent_load_env
# agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2=agent not running
agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)
if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
agent_start
ssh-add
elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
ssh-add
fi
unset env
```
If your private key is not stored in one of the default locations (like `~/.ssh/id_rsa`), you'll need to tell your SSH authentication agent where to find it. To add your key to ssh-agent, type `ssh-add ~/path/to/my_key`. For more information, see [AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
> [!TIP]
> If you want `ssh-agent` to forget your key after some time, you can configure it to do so by running `ssh-add -t <seconds>`.
Now, when you first run Git Bash, you are prompted for your passphrase:
```shell
> Initializing new SSH agent...
> succeeded
> Enter passphrase for /c/Users/YOU/.ssh/id_rsa:
> Identity added: /c/Users/YOU/.ssh/id_rsa (/c/Users/YOU/.ssh/id_rsa)
> Welcome to Git (version 1.6.0.2-preview20080923)
>
> Run 'git help git' to display the help index.
> Run 'git help <command>' to display help for specific commands.
```
The `ssh-agent` process will continue to run until you log out, shut down your computer, or kill the process.
{% endwindows %}
{% mac %}
## Saving your passphrase in the keychain
On Mac OS X Leopard through OS X El Capitan, these default private key files are handled automatically:
* _.ssh/id_rsa_
* _.ssh/identity_
The first time you use your key, you will be prompted to enter your passphrase. If you choose to save the passphrase with your keychain, you won't have to enter it again.
Otherwise, you can store your passphrase in the keychain when you add your key to the ssh-agent. For more information, see [AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent).
{% endmac %}
Reference in New Issue View Git Blame Copy Permalink