GitHub SSH Keys Authentication
What is SSH and Why Use It?
SSH (Secure Shell) is a network protocol that allows secure communication between two computers. When using SSH with GitHub, a cryptographic key pair is set up — a private key that stays on the local machine and a public key that is shared with GitHub. This allows pushing and pulling code without typing a username and password every single time.
Real-life analogy: Think of SSH keys like a padlock and a key. The public key is like a padlock — it can be given to anyone (GitHub). The private key is like the key that opens that padlock — it should never be shared with anyone. When connecting to GitHub, the private key proves identity without needing a password.
HTTPS vs SSH — Which to Use?
| Feature | HTTPS | SSH |
|---|---|---|
| Authentication | Username + Personal Access Token each time | Automatic using stored key pair |
| Ease of setup | Simpler (no key generation needed) | One-time setup, much easier afterward |
| Daily use | Requires credential manager or repeated input | No password needed after setup |
| Security | Token-based, must be protected | Key-based, considered very secure |
| Recommended for | Quick setup, occasional use | Daily development work |
Step-by-Step: Setting Up SSH for GitHub
Step 1 — Check for Existing SSH Keys
Before generating a new key, check if one already exists:
ls ~/.sshIf files like id_rsa, id_ed25519, or similar exist, an SSH key is already present. Skip to Step 3.
Step 2 — Generate a New SSH Key
The recommended key type today is Ed25519 (more secure and faster than the older RSA):
ssh-keygen -t ed25519 -C "your-email@example.com"Replace the email with the GitHub email address. Git prompts for the following:
Enter file in which to save the key (/home/user/.ssh/id_ed25519): [Press Enter]
Enter passphrase (empty for no passphrase): [Enter a secure passphrase or press Enter for none]
Enter same passphrase again: [Repeat or press Enter]
Two files are created:
~/.ssh/id_ed25519— The private key (never share this)~/.ssh/id_ed25519.pub— The public key (share this with GitHub)
On systems that do not support Ed25519, use RSA with 4096 bits:
ssh-keygen -t rsa -b 4096 -C "your-email@example.com"Step 3 — Start the SSH Agent
The SSH agent manages keys in memory so the passphrase does not need to be re-entered each session:
On Linux/macOS:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
On Windows (Git Bash):
eval $(ssh-agent -s)
ssh-add ~/.ssh/id_ed25519
Step 4 — Copy the Public Key
The public key needs to be copied and added to GitHub. Display the public key:
cat ~/.ssh/id_ed25519.pubOutput example:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbCdEfGhIjKlMnOpQrStUvWxYz your-email@example.comCopy the entire output. On Linux, a clipboard copy tool can be used:
# On Linux with xclip
xclip -selection clipboard < ~/.ssh/id_ed25519.pub
# On macOS
pbcopy < ~/.ssh/id_ed25519.pub
Step 5 — Add the Public Key to GitHub
- Log in to github.com
- Click the profile picture (top-right) → Settings
- In the left sidebar, click "SSH and GPG keys"
- Click "New SSH key"
- Enter a descriptive title (e.g., "Home Laptop" or "Work PC")
- Paste the public key into the "Key" field
- Click "Add SSH key"
- Confirm the GitHub password if prompted
Step 6 — Test the SSH Connection
ssh -T git@github.comIf the connection is successful:
Hi ravikumar! You've successfully authenticated, but GitHub does not provide shell access.Using SSH URLs Instead of HTTPS
After SSH is set up, use SSH URLs for repositories instead of HTTPS URLs.
Clone Using SSH
git clone git@github.com:username/repository.gitChange an Existing Remote from HTTPS to SSH
# Check current remote
git remote -v
# origin https://github.com/username/repository.git (fetch)
# Change to SSH
git remote set-url origin git@github.com:username/repository.git
# Verify
git remote -v
# origin git@github.com:username/repository.git (fetch)
Managing Multiple SSH Keys
If different SSH keys are needed for different GitHub accounts (e.g., personal and work), a configuration file can direct which key to use:
# Create or edit ~/.ssh/config
nano ~/.ssh/config
Add the following:
# Personal GitHub account
Host github-personal
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_personal
# Work GitHub account
Host github-work
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_work
Then use the custom host alias when cloning:
git clone git@github-personal:personaluser/repo.git
git clone git@github-work:workorg/repo.git
Removing an SSH Key from GitHub
- Go to GitHub → Settings → SSH and GPG keys
- Find the key to remove
- Click "Delete"
Summary
SSH keys provide a secure, passwordless way to authenticate with GitHub. The process is: generate a key pair with ssh-keygen, add the private key to the SSH agent, and upload the public key to GitHub. After setup, use SSH URLs (git@github.com:user/repo.git) for all operations. SSH is the recommended authentication method for regular Git users.