When using Git from the command line, the most common authentication method is to use SSH keys. Learn how to set them up.
When using Git from the command line, the most common authentication method is to use SSH keys.
Most GUI-based clients (such as GitHub Desktop) will handle this for you, but sometimes you need a command line, so it is very useful to set up SSH keys appropriately.
Also, sometimes you need an SSH key to perform useful operations, such as extracting a repository on a remote server.
Buttons on the computer
SSH keys are stored in
You can have multiple keys in it, because SSH keys are used for things other than Git.
You can list all SSH keys by typing
ls -al ~/.ssh
If you have existing keys, you will notice that they are placed in pairs. One file and another file with a similar name are
.pubThe file contains the public key, and the other file contains the private key, and should never be shared anywhere.
You should never share the private key anywhere. If the private key is lost, a new private key/public key pair must be regenerated, because the identity verification cannot be successfully completed without the private key part.
Generate new key
You can use the following command to generate a new SSH key
ssh-keygen, Can be used on all macOS, Linux and modern Windows computers with Linux subsystem or Linux operating systemGit for Windowspackage.
This is the command you use:
ssh-keygen -t rsa -b 4096 -C "[email protected]"
In this example, the last part is filled with an email address, which is a comment. You can enter any email you want, it doesn't have to be your GitHub account, it can even be a random string. It may be useful to know who generated the key if there is any ambiguity.
The key generation program will ask you where you want to save the key. If this is the first key, it is recommended that you use
id_rsaAs a file name, but it’s best to choose a file name to remember the name of the service for which it was generated, for example
You can choose to add a password. I strongly recommend that you set a password. macOS stores the password in the keychain, so you don’t have to repeat the password every time.
Add the key to GitHub
I showed the GitHub process, but it is the same process used by each Git platform, but there are small differences.
In the GitHub settings, you will find the "SSH and GPG keys" menu:
Clicking on it will show your current settings:
As you can see here, I have defined 3 SSH keys, one is used locally on my Mac and the other is used on a remote server to get the website code.
Press "New SSH key" to add a new one:
You set the title to something meaningful, and you will remember it for more than 2 years from now on.
The key is the key you generated earlier.
You can open
.pubKey file, copy its content and paste it in this box.
You can use any CLI command (e.g.
cat id_rsa.pubThen use the mouse to copy/paste the entire key code.
Once you save that string to GitHub (or every other service, because everyone has the same concept), your Git client will have the credentials needed to communicate with the delete server, and you should be all right!
Use multiple keys
It is recommended to use a different SSH key for each service you want to use.
This makes it easy to invalidate the key on a particular service without having to decide whether to update it (because of damage/public exposure or for other reasons) and change it on all services used.