If you’re still cloning repos with HTTPS and typing your password — or using a personal access token — this guide is for you.
SSH keys are faster, more secure, and once set up, completely invisible. You just run git push and it works.
Step 1: Generate an SSH Key
The command is the same on all platforms (macOS, Linux, WSL on Windows):
ssh-keygen -t ed25519 -C "[email protected]"Use the same email you use for GitHub. When prompted:
- File location: Press Enter to accept the default (
~/.ssh/id_ed25519) - Passphrase: Enter a passphrase (recommended) or press Enter for none
This creates two files:
~/.ssh/id_ed25519— your private key (never share this)~/.ssh/id_ed25519.pub— your public key (what you give to GitHub)
Note: If you’re on a very old system that doesn’t support Ed25519, use RSA instead:
ssh-keygen -t rsa -b 4096 -C "[email protected]"
Step 2: Add the Key to ssh-agent
The ssh-agent holds your key in memory so you don’t have to type your passphrase every time.
macOS
eval "$(ssh-agent -s)"
ssh-add --apple-use-keychain ~/.ssh/id_ed25519The --apple-use-keychain flag saves the passphrase to macOS Keychain automatically.
Also add this to ~/.ssh/config (create the file if it doesn’t exist):
Host github.com
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519Ubuntu / Linux
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519To make this persist across sessions, add to your ~/.bashrc or ~/.zshrc:
# Start ssh-agent if not running
if [ -z "$SSH_AUTH_SOCK" ]; then
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
fiWindows (native — Git Bash or PowerShell)
# Enable and start the ssh-agent service
Get-Service -Name ssh-agent | Set-Service -StartupType Automatic
Start-Service ssh-agent
# Add your key
ssh-add $env:USERPROFILE\.ssh\id_ed25519Windows (WSL — Ubuntu inside Windows)
WSL behaves like Ubuntu. Use the Linux instructions above.
Step 3: Copy Your Public Key
You need to give GitHub your public key (the .pub file):
macOS
pbcopy < ~/.ssh/id_ed25519.pubUbuntu / Linux
# Install xclip if not available
sudo apt install xclip
xclip -selection clipboard < ~/.ssh/id_ed25519.pub
# or just print and copy manually:
cat ~/.ssh/id_ed25519.pubWindows (Git Bash)
clip < ~/.ssh/id_ed25519.pubWindows (PowerShell)
Get-Content $env:USERPROFILE\.ssh\id_ed25519.pub | Set-ClipboardStep 4: Add the Key to GitHub
- Go to github.com and log in
- Click your avatar → Settings
- In the left sidebar: SSH and GPG keys
- Click New SSH key
- Give it a title (e.g., “MacBook Pro” or “Work Ubuntu”)
- Paste your public key
- Click Add SSH key
Step 5: Test the Connection
ssh -T [email protected]You should see:
Hi username! You've successfully authenticated, but GitHub does not provide shell access.If it says Permission denied, see the troubleshooting section below.
Step 6: Clone with SSH (not HTTPS)
Now use SSH URLs when cloning:
# SSH (use this now)
git clone [email protected]:username/repo.git
# HTTPS (old way — requires password/token)
git clone https://github.com/username/repo.gitFor repos you already cloned with HTTPS, switch them:
cd myrepo
git remote set-url origin [email protected]:username/repo.git
# Verify
git remote -v
# origin [email protected]:username/repo.git (fetch)
# origin [email protected]:username/repo.git (push)Multiple GitHub Accounts (Work + Personal)
If you use two GitHub accounts on the same machine, you need separate keys and an SSH config to route them correctly.
Generate a second key
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519_workAdd the work key to your work GitHub account (same Step 3–4 as above).
Configure ~/.ssh/config
# Personal GitHub
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519
# Work GitHub
Host github-work
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_workUse the alias when cloning work repos
# Instead of: git clone [email protected]:company/repo.git
git clone git@github-work:company/repo.gitGit sees github-work and uses your work key. GitHub sees your work account. It routes correctly.
Troubleshooting
”Permission denied (publickey)”
# Debug the connection
ssh -vT [email protected]Look for:
- “Offering public key” — which key is being tried
- “Server accepts key” — connection succeeded
- “Permission denied” — key not on GitHub, or wrong key being offered
Common fixes:
# Make sure the key is loaded
ssh-add -l
# If not listed, add it
ssh-add ~/.ssh/id_ed25519
# Make sure permissions are correct
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
chmod 644 ~/.ssh/config“Too many authentication failures”
Your agent is trying too many keys. Add this to ~/.ssh/config:
Host github.com
IdentitiesOnly yes
IdentityFile ~/.ssh/id_ed25519“ssh-add: Could not open a connection to your authentication agent”
The agent isn’t running:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519On Windows — “WARNING: UNPROTECTED PRIVATE KEY FILE!”
# Fix permissions in PowerShell
icacls $env:USERPROFILE\.ssh\id_ed25519 /inheritance:r
icacls $env:USERPROFILE\.ssh\id_ed25519 /grant:r "$env:USERNAME:R"Summary
# The whole setup in one place:
ssh-keygen -t ed25519 -C "[email protected]"
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
cat ~/.ssh/id_ed25519.pub # copy this → GitHub Settings → SSH Keys
ssh -T [email protected] # test itOnce SSH is set up, you’ll never touch a personal access token again.
Don’t have Git installed yet? Start here: How to Install Git on Ubuntu, macOS and Windows.
Related Reading.
How to Install Git on Ubuntu, macOS and Windows
Install Git on any operating system — apt, Homebrew, or the official installer — plus first-time configuration, SSH setup, and verifying your install.
How to Install VS Code on Ubuntu, macOS and Windows
Install Visual Studio Code on any OS using apt, Snap, Homebrew, or winget — with the essential extensions every developer should add first.
How to Install Docker on Ubuntu, macOS and Windows
Install Docker Desktop or Docker Engine step-by-step on Ubuntu, macOS, and Windows — including post-install setup, running your first container, and Docker Compose.