SSH keys on Windows 10

Enable the SSH server in Windows

You need to add the optional feature ‘OpenSSH Server’ in Windows 10 first by going to Settings -> search for Add an optional feature -> search again for OpenSSH Client and choose to install.

Install OpenSSH

Configure SSH service to automatically start

By default Windows won’t start the ssh-agent. You can tell Windows to start the service automatically in the future by running the following command in PowerShell (as Administrator).

Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service

But right now, manually start the service by running


Generate the key

Open PowerShell and follow these commands to generate SSH key on your machine.


Keep the default location for where to save the key. This should be C:\Users\<username>/.ssh/id_rsa.

Generate a complex password and store in safe place, ideally a password manager. Enter this password when prompted. When complete you’ll be shown the key fingerprint and the key's randomart image.

Add key to the SSH Agent

We need to add the key to our ssh-agent so we don’t have to type the key each time we use it.

The agent will recognise that a new key is present and will ask for the passphrase.

Start ssh-agent

Once entered you’ll see the confirmation message Identity added.

I still needed to manually add the key to the ssh-agent. To do so navigate to the .ssh folder where we stored our keys earlier C:\Users\<username>/.ssh/ and run the following with the correct key name.

ssh-add .\<private-key>

This will prompt you to enter the passphrase in and once again you should see the Identity added confirmation.

Add key

Access your public key

Now we have our key we can add it to systems such as GitHub or Bitbucket. To do so follow the instructions for that particular service. We’ll need to retrieve the public key from our machine to do so.

Navigate to the .ssh folder and find the file <private-key>.pub. Open this in a text editor. The contents of this file is what you need to copy and paste into the relevant service you’re wanted to add the key to.

Testing the keys

In this example lets assume we’ve added our key to Bitbucket. We can test that the key is correctly set up by running the following command.

ssh -T

If all is well then we should see the logged in as message without needing to enter the passphrase

Using with Git

By now we have our key correctly stored in the SSH agent and we’re allowed to connect to the Bitbucket servers using SSH. However we might still be prompted to enter our passphrase whenever we try to perform a git command that talks to the remote.

The ssh -T command uses the Windows 10 agent so all appears to be correct, but it won’t behave the same in Git. This is due to the fact Git is using it’s own ssh agent, not the Windows 10 agent that we’ve added our keys to.

We need to tell Git to use the Windows SSH agent instead of it’s own. We do this by updating the git config.

git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe

Now when we use Git, we won’t be prompted for our passphrase, even after a restart.


Richard Ballard

Richard Ballard

Read more posts by this author.

Read More