Ad – 728×90
🌐 Remote Repositories

SSH Keys for Git – Passwordless GitHub Authentication

Typing your GitHub password every time you push is annoying and — since GitHub removed password authentication for Git operations in 2021 — no longer possible. SSH keys solve this elegantly: a cryptographic key pair proves your identity automatically. Set it up once and you'll never be prompted for credentials again.

⏱️ 15 min read 🎯 Beginner 📅 Updated 2026

Why SSH?

FeatureSSHHTTPS with token
Password required each push No (key-based auth) No (token cached by credential manager)
Security Very high (cryptographic key pair) High (token-based)
Setup complexity 5–10 minutes, once Token generation + credential manager setup
URL format git@github.com:user/repo.git https://github.com/user/repo.git
Multiple accounts Easy via SSH config file Complex with credential manager
ℹ️
GitHub no longer accepts passwords

Since August 2021, GitHub requires token-based or SSH authentication for all Git operations. If you try to push over HTTPS with your GitHub password, you'll get a "Support for password authentication was removed" error. The two supported options are Personal Access Tokens (HTTPS) or SSH keys. SSH is generally simpler for daily Git use.

Generating an SSH Key

Use ed25519 — it's more secure and produces shorter keys than the older rsa algorithm. Replace the email with your GitHub email address.

Shell 
# Generate an ed25519 SSH key (recommended)
ssh-keygen -t ed25519 -C "your@email.com"

# Prompts:
# Enter file in which to save the key (~/.ssh/id_ed25519): [press Enter for default]
# Enter passphrase: [optional but recommended for security; press Enter to skip]
# Enter same passphrase again: [repeat passphrase]

# Output confirms two files were created:
# Your identification has been saved in /home/you/.ssh/id_ed25519
# Your public key has been saved in /home/you/.ssh/id_ed25519.pub
ℹ️
Private key vs public key

id_ed25519 is your private key — keep it secret, never share it, never commit it. id_ed25519.pub is your public key — this is what you give to GitHub. The math behind public-key cryptography guarantees that only someone who holds the matching private key can produce the authentication signature.

View your public key

Shell 
# Print your public key to the terminal (copy this entire output)
cat ~/.ssh/id_ed25519.pub
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOp your@email.com
Ad – 336×280

Adding Your Key to GitHub

  1. Go to github.com → Settings → SSH and GPG keys
  2. Click New SSH key
  3. Title: give it a descriptive name (e.g., "Work MacBook 2026")
  4. Key type: Authentication Key
  5. Key: paste the entire content of id_ed25519.pub
  6. Click Add SSH key, confirm with your GitHub password
Shell 
# Start the SSH agent (if not already running)
eval "$(ssh-agent -s)"
# Agent pid 12345

# Add your private key to the agent
# (so you only enter the passphrase once per session, if you set one)
ssh-add ~/.ssh/id_ed25519

Testing the Connection

Shell 
ssh -T git@github.com

# Expected output (success):
# Hi your-username! You've successfully authenticated,
# but GitHub does not provide shell access.

# If you see a fingerprint verification prompt, type "yes" to continue.
# It only appears once and adds github.com to your known_hosts file.

Using SSH URLs

Shell 
# Clone using SSH URL (note the git@ format — no https://)
git clone git@github.com:username/repo.git

# Change an existing remote from HTTPS to SSH
git remote set-url origin git@github.com:username/repo.git

# Verify the change
git remote -v
# origin  git@github.com:username/repo.git (fetch)
# origin  git@github.com:username/repo.git (push)

Multiple GitHub Accounts

If you have two GitHub accounts (personal + work), you need separate SSH keys and an SSH config file to route each to the correct key.

Step 1: Generate two separate keys

Shell 
# Personal account key
ssh-keygen -t ed25519 -C "personal@email.com" -f ~/.ssh/id_ed25519_personal

# Work account key
ssh-keygen -t ed25519 -C "work@company.com" -f ~/.ssh/id_ed25519_work

Step 2: Add both public keys to their respective GitHub accounts

Go to each GitHub account's Settings → SSH keys and add the corresponding .pub file content.

Step 3: Create an SSH config file

text 
# ~/.ssh/config

# Personal GitHub account
Host github-personal
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_personal

# Work GitHub account
Host github-work
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_work

Step 4: Use the custom host alias in repo URLs

Shell 
# Clone personal repo using the "github-personal" host alias
git clone git@github-personal:personal-username/my-project.git

# Clone work repo using the "github-work" alias
git clone git@github-work:company-org/work-project.git

# Update existing remote for a repo to use the right identity
git remote set-url origin git@github-work:company-org/work-project.git

# Test each connection
ssh -T git@github-personal   # → "Hi personal-username!"
ssh -T git@github-work       # → "Hi work-username!"

SSH vs HTTPS Summary

Recommendation: use SSH for daily development

SSH is the preferred choice for developers who push to GitHub regularly. Set it up once, add your key to GitHub, and every subsequent push/pull/fetch happens silently without any prompts. HTTPS with a Personal Access Token is also fine, especially in environments where SSH port 22 is blocked (some corporate networks). Many developers use SSH at home and HTTPS in restricted corporate environments.

📋 Summary

  • SSH keys eliminate password prompts for every push. GitHub requires token or SSH auth — plain passwords no longer work.
  • Generate with ssh-keygen -t ed25519 -C "your@email.com". Prefer ed25519 over rsa.
  • View public key: cat ~/.ssh/id_ed25519.pub — paste this into GitHub Settings → SSH keys.
  • Test: ssh -T git@github.com → "Hi username! You've successfully authenticated."
  • SSH URL format: git@github.com:username/repo.git (vs HTTPS: https://github.com/...).
  • Switch existing remote: git remote set-url origin git@github.com:username/repo.git.
  • Multiple GitHub accounts: use ~/.ssh/config with custom Host aliases, one per account.
🔀 Remotes Overview 🔀 Push, Pull & Fetch 🔀 GitHub PR Workflow 🔀 Stashing Changes

FAQ

Should I use a passphrase for my SSH key? +

Yes, if security is important — which it always is. A passphrase encrypts your private key file, so even if someone gets the file, they can't use it without the passphrase. The convenience cost is minimal: add your key to ssh-agent once per session (ssh-add ~/.ssh/id_ed25519) and you won't be prompted for the passphrase again until you restart. On macOS, Keychain remembers it across reboots automatically.

My ssh -T git@github.com returns "Permission denied (publickey)". What's wrong? +

Several possible causes: (1) The public key wasn't added to GitHub — double-check Settings → SSH keys. (2) The private key isn't loaded — run ssh-add ~/.ssh/id_ed25519. (3) You have multiple keys and SSH is trying the wrong one — create a ~/.ssh/config file specifying IdentityFile ~/.ssh/id_ed25519 for github.com. (4) Permissions issue — private key must be mode 600: chmod 600 ~/.ssh/id_ed25519.

Can I use the same SSH key on multiple computers? +

Technically yes, but best practice is to generate a separate key for each device. This way, if one device is lost or compromised, you can revoke just that key from GitHub without affecting your other machines. GitHub allows you to add multiple SSH keys to a single account — one per device is the recommended approach.

What's the difference between ed25519 and RSA keys? +

Ed25519 uses elliptic-curve cryptography and is modern (2011), faster, more secure, and produces much shorter key strings (~68 characters vs ~800 characters for RSA-4096). RSA is the older standard (1977) but is widely supported everywhere. GitHub supports both. Unless you're working with very old systems that don't support ed25519, always use ed25519 for new keys.

Ad – 728×90