Developer Tips Vol IV - Setting Up Git & GitHub SSH on Windows

I set up a new windows dev box today, and one of the first things I do is setup Git with GitHub SSH authentication, and its surprisingly fiddly! Between PowerShell, Git Bash, OpenSSH, and Windows services, it’s easy for keys to end up in the wrong place or for the SSH agent to silently fail.

This guide walks through the exact steps to get SSH authentication working quickly and reliably on Windows 10/11 using PowerShell and the built‑in OpenSSH agent.

Why SSH Instead of HTTPS?

Using SSH means:

• No more typing GitHub passwords or PATs
• Secure, key‑based authentication
• Works seamlessly across all your repos
• Plays nicely with multiple accounts (personal + work)

Once it’s set up, it’s done and you never have to think about it again.

Choosing the Right Git Installer Options

When installing Git for Windows, two options matter:

1. SSH executable → Choose “Use external OpenSSH”

This uses Windows’ built‑in OpenSSH, which integrates with:

• PowerShell
• Windows Terminal
• VS Code
• The Windows ssh-agent service
• Your C:\Users\<you>\.ssh folder

The bundled OpenSSH is only useful if you live entirely inside Git Bash.
For a modern Windows dev setup, external OpenSSH is the correct choice.

2. HTTPS backend → Choose “Use the native Windows Secure Channel library”

This makes Git use Windows’ certificate store, which means:

• Fewer TLS/certificate errors
• Works with corporate proxies
• No manual CA bundle updates
• Better compatibility with Git Credential Manager

OpenSSL is only needed for niche workflows.
For almost everyone, WinSSL is the right choice.

1. Create the .ssh Folder

Windows doesn’t always create this automatically, so start by ensuring it exists:

mkdir $env:USERPROFILE\.ssh -Force

2. Generate an SSH Key (Correctly)

first, lets explicitly generate the key inside the .ssh folder:

ssh-keygen -t ed25519 -C "your-email@example.com"

You should now have:

C:\Users\<you>\.ssh\id_ed25519
C:\Users\<you>\.ssh\id_ed25519.pub

3. Enable and Start the Windows SSH Agent

The OpenSSH Authentication Agent is a Windows service. It must be enabled and running.

Open PowerShell as Administrator and run:

Set-Service -Name ssh-agent -StartupType Automatic
Start-Service ssh-agent

Verify:

Get-Service ssh-agent

Expected:

Status   Name               DisplayName
------   ----               -----------
Running  ssh-agent          OpenSSH Authentication Agent

4. Add Your SSH Key to the Agent

Back in a normal PowerShell session:

ssh-add $env:USERPROFILE\.ssh\id_ed25519

If you get a permissions error, fix the ACL:

icacls $env:USERPROFILE\.ssh\id_ed25519 /inheritance:r /grant:r "$($env:USERNAME):(R,W)"
ssh-add $env:USERPROFILE\.ssh\id_ed25519

5. Add the Public Key to GitHub

Copy the public key to your clipboard:

Get-Content $env:USERPROFILE\.ssh\id_ed25519.pub | Set-Clipboard

Then go to:

GitHub → Settings → SSH and GPG keys → New SSH key

Paste it in.

6. Test the Connection

ssh -T git@github.com

You’ll see:

Hi <username>! You've successfully authenticated, but GitHub does not provide shell access.

That’s the success message.

7. Make Git Always Use SSH for GitHub

Optional but recommended:

git config --global url."git@github.com:".insteadOf "https://github.com/"

If you cloned any repos using HTTPS, switch them:

git remote set-url origin git@github.com:<user>/<repo>.git

Final Thoughts

Windows SSH setup can feel like a maze the first time through, but once the agent is running and your keys are in the right place, it’s a one‑time setup that makes Git operations frictionless.