How to Set Up SSH Keys for GitHub (Mac, Linux and Windows)
On this page
How to Set Up SSH Keys for GitHub (Mac, Linux and Windows)
I've set up SSH keys on probably 50 different machines at this point — new laptops, work desktops, CI servers, VMs — and I still occasionally forget a step. It's one of those tasks that you do infrequently enough to forget the details, but it's genuinely useful once it's done. No more typing passwords or fumbling with personal access tokens every time you push.
Here's the complete walkthrough for macOS, Linux, and Windows.
What Is an SSH Key and Why Use It?
SSH uses asymmetric cryptography: a private key stays on your machine and a public key goes to GitHub. When you connect, GitHub verifies your identity using the key pair. No password ever goes over the wire.
Why bother over HTTPS?
- No need for personal access tokens or passwords
- More secure — your private key never leaves your machine
- Works seamlessly in scripts and CI/CD pipelines
- Faster auth when you're pushing constantly throughout the day
Prerequisites
- Git installed
- A GitHub account
- Terminal access (Terminal on Mac/Linux, Git Bash or PowerShell on Windows)
Step 1 — Check for Existing SSH Keys
Before generating a new key, see if you already have one lying around.
Mac / Linux:
ls -al ~/.ssh
Windows (Git Bash or PowerShell):
ls ~/.ssh
Look for id_ed25519 and id_ed25519.pub (or the older id_rsa and id_rsa.pub). If they exist and you want to reuse them, skip to Step 3. If not, keep going.
Step 2 — Generate a New SSH Key
These days, Ed25519 is the way to go. It's faster, more secure, and produces shorter keys than the old RSA-4096. Only use RSA if you're dealing with ancient systems.
Mac and Linux
ssh-keygen -t ed25519 -C "[email protected]"
Replace the email with whatever's on your GitHub account. The -C flag is just a label to help you identify the key later.
You'll see:
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/you/.ssh/id_ed25519):
Hit Enter for the default location. Then set a passphrase:
Enter passphrase (empty for no passphrase):
I always set a passphrase. It encrypts your private key on disk, so even if someone gets the file, they can't use it. Don't worry about having to type it every time — the SSH agent handles that (next step).
Windows
Git Bash (recommended):
ssh-keygen -t ed25519 -C "[email protected]"
Same prompts as above. Keys land in C:\Users\YourName\.ssh\.
PowerShell (Windows 10/11 with OpenSSH):
Check if OpenSSH is available:
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
If it's not installed:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Then generate:
ssh-keygen -t ed25519 -C "[email protected]"
Step 3 — Add Your Key to the SSH Agent
The SSH agent holds your decrypted key in memory so you only enter the passphrase once per session.
Mac
eval "$(ssh-agent -s)"
ssh-add --apple-use-keychain ~/.ssh/id_ed25519
The --apple-use-keychain flag stores the passphrase in macOS Keychain, so it persists across reboots. On older macOS (Monterey and earlier), use -K instead.
To make this permanent, add to ~/.ssh/config:
Host github.com
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
Linux
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
To persist across sessions, add the ssh-add command to your shell profile (~/.bashrc, ~/.zshrc), or let your desktop's keyring manager handle it (GNOME Keyring, KWallet, etc.).
Windows (Git Bash)
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
Windows (PowerShell with OpenSSH):
Set-Service ssh-agent -StartupType Automatic
Start-Service ssh-agent
ssh-add $env:USERPROFILE\.ssh\id_ed25519
Step 4 — Add Your Public Key to GitHub
Copy your public key to the clipboard. Never share the private key (the file without .pub).
Mac:
pbcopy < ~/.ssh/id_ed25519.pub
Linux:
xclip -selection clipboard < ~/.ssh/id_ed25519.pub
# or if xclip isn't available:
cat ~/.ssh/id_ed25519.pub
Windows (Git Bash):
clip < ~/.ssh/id_ed25519.pub
Windows (PowerShell):
Get-Content $env:USERPROFILE\.ssh\id_ed25519.pub | Set-Clipboard
Now add it to GitHub:
- Go to GitHub → Settings → SSH and GPG keys
- Click New SSH key
- Give it a descriptive title (e.g.,
MacBook Pro 2025orWork Linux Desktop) - Set Key type to
Authentication Key - Paste your public key into the Key field
- Click Add SSH key
Step 5 — Test the Connection
Let's make sure everything's wired up:
ssh -T [email protected]
First time connecting, you'll see a host authenticity prompt:
The authenticity of host 'github.com (140.82.121.4)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Type yes. (GitHub's official fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU — verify it matches.)
If it works, you'll see:
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
That message always sounds vaguely threatening, but it just means everything's working.
Step 6 — Clone Repositories Using SSH
With SSH configured, always grab the SSH URL:
# SSH (correct)
git clone [email protected]:username/repository.git
# HTTPS (requires token-based auth)
git clone https://github.com/username/repository.git
If you already cloned via HTTPS and want to switch:
git remote set-url origin [email protected]:username/repository.git
Verify:
git remote -v
Managing Multiple GitHub Accounts
If you juggle personal and work GitHub accounts (I do), create separate keys and configure ~/.ssh/config:
# Personal account
Host github-personal
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_personal
# Work account
Host github-work
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_work
Then clone using the custom host:
git clone git@github-personal:personaluser/repo.git
git clone git@github-work:workorg/repo.git
This takes a few minutes to set up and saves endless confusion about which account you're pushing with.
FAQ
Q: What's the difference between Ed25519 and RSA?
Ed25519 uses elliptic curve cryptography — shorter keys, faster operations, equivalent or better security than RSA-4096. Use Ed25519 unless you're working with systems old enough to not support it.
Q: Do I need one SSH key per computer or per GitHub account?
One key per computer is standard. Generate a separate key on each machine and add each to GitHub. That way you can revoke access from a specific machine without affecting others.
Q: Is a passphrase required?
No, but I strongly recommend one. Without it, anyone who gets your key file can authenticate as you. With the SSH agent, you type the passphrase once per session — the security benefit far outweighs the minor hassle.
Q: My SSH test fails with "Permission denied (publickey)". What do I do?
Run ssh -vT [email protected] for verbose output. Common causes: key not added to the agent (ssh-add), wrong key registered on GitHub, or a firewall blocking port 22. For the firewall case, try SSH over HTTPS port 443 by adding Port 443 and Hostname ssh.github.com to your ~/.ssh/config.
Q: Can I use the same SSH key for GitHub, GitLab, and Bitbucket?
Yes. Copy the same public key to each service. Or generate service-specific keys and use ~/.ssh/config to route each host to the right key — handy if you want to revoke one service independently.
Q: How do I rotate or revoke a key?
Delete the key from GitHub under Settings → SSH and GPG keys, delete the local files (~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub), and generate a fresh pair. SSH keys don't have built-in expiry, so periodic rotation is good security hygiene.
Q: Will SSH keys work in GitHub Actions?
Yes. Add the private key as a secret and configure the agent in your pipeline. GitHub Actions also has its own GITHUB_TOKEN for repo operations, which is usually simpler for pure automation.
SSH key setup is one of those one-time tasks that pays off every single day. Once it's in place, the auth friction of daily Git work just disappears — and your credentials are way more secure than any password. Set it up once per machine and never think about it again.
Sources
- GitHub Docs — Connecting to GitHub with SSH — Official guide for generating SSH keys and adding them to your GitHub account
- GitHub Docs — Testing your SSH connection — How to verify your SSH setup is working correctly
- OpenSSH Manual — ssh-keygen — Reference documentation for the ssh-keygen tool
- GitHub Docs — Using SSH over the HTTPS port — Workaround for networks that block SSH port 22