How to Add an SSH Key to GitHub: A Complete Setup Guide
Adding an SSH key to GitHub lets your computer communicate with GitHub securely — without typing your username and password every time you push, pull, or clone a repository. Once configured, the connection is authenticated automatically using cryptographic key pairs.
Here's exactly how the process works, what factors affect your setup, and where individual configurations start to diverge.
What Is an SSH Key and Why Does GitHub Use It?
SSH (Secure Shell) authentication relies on a key pair: a private key that stays on your machine and a public key that you share with GitHub. When you connect, GitHub checks whether your private key matches the public key on file — if they match, access is granted.
This is more secure than password authentication for several reasons:
- Your credentials are never transmitted over the network
- Private keys can be protected with an additional passphrase
- Keys can be revoked individually without changing your password
GitHub supports multiple SSH key algorithms, including Ed25519 (recommended for new setups) and RSA (widely compatible with older systems).
Step 1: Check for Existing SSH Keys 🔑
Before generating a new key, check whether one already exists on your system.
Open a terminal (or Git Bash on Windows) and run:
ls -al ~/.ssh Look for files named:
id_ed25519andid_ed25519.pubid_rsaandid_rsa.pub
If either pair exists, you may be able to skip generation and go straight to adding the public key to GitHub. If the .ssh directory doesn't exist or is empty, you'll need to generate a new key.
Step 2: Generate a New SSH Key
Run the following command, replacing the email with the address associated with your GitHub account:
ssh-keygen -t ed25519 -C "[email protected]" If your system doesn't support Ed25519 (some legacy environments), use RSA:
ssh-keygen -t rsa -b 4096 -C "[email protected]" When prompted:
- File location — press Enter to accept the default (
~/.ssh/id_ed25519) - Passphrase — optional but strongly recommended; adds a layer of protection if someone accesses your machine
Step 3: Add the SSH Key to the SSH Agent
The SSH agent manages your keys and handles authentication requests automatically. Start the agent and add your key:
eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_ed25519 On macOS, you can also configure the agent to store your passphrase in the system Keychain by adding the following to ~/.ssh/config:
Host github.com AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_ed25519 On Windows with Git Bash, the eval and ssh-add commands work the same way. Windows 10/11 users with OpenSSH enabled via system settings may also manage keys through PowerShell or the SSH Agent service.
Step 4: Copy Your Public Key
Your public key is the one GitHub needs. Never share your private key (the file without .pub).
Copy it to your clipboard with:
macOS:
pbcopy < ~/.ssh/id_ed25519.pub Linux:
xclip -selection clipboard < ~/.ssh/id_ed25519.pub Windows (Git Bash):
clip < ~/.ssh/id_ed25519.pub Or open the file manually and copy its contents — it starts with ssh-ed25519 or ssh-rsa.
Step 5: Add the Public Key to GitHub ⚙️
- Log in to github.com and go to Settings
- In the left sidebar, click SSH and GPG keys
- Click New SSH key
- Add a descriptive title (e.g., "Work MacBook" or "Home Linux Desktop")
- Select key type: Authentication Key (for standard access) or Signing Key (for commit verification)
- Paste your public key into the Key field
- Click Add SSH key
Step 6: Test the Connection
Verify that GitHub recognizes your key:
ssh -T [email protected] A successful response looks like:
Hi username! You've successfully authenticated, but GitHub does not provide shell access. If you see a permission denied error, double-check that the key was added correctly and that your SSH agent is running with the right key loaded.
Where Individual Setups Start to Differ
The steps above cover the standard path, but several variables affect what the process looks like in practice:
| Variable | How It Affects Setup |
|---|---|
| Operating system | macOS, Linux, and Windows each handle the SSH agent differently |
| Multiple GitHub accounts | Requires custom SSH config with named host aliases per account |
| Passphrase use | Adds security but requires agent configuration to avoid re-entering it repeatedly |
| Key algorithm | Ed25519 is preferred; RSA required on some older systems or services |
| Existing keys | Reusing a key vs. generating per-device is a personal security decision |
| Commit signing | Separate SSH signing keys can be configured for verified commits in Git 2.34+ |
Managing multiple GitHub accounts on one machine — such as a personal and work account — introduces an extra layer of configuration. Each account needs its own SSH key and a custom entry in the ~/.ssh/config file that maps a host alias to the correct key.
What "Authentication" vs. "Signing" Keys Mean
GitHub now distinguishes between two SSH key types:
- Authentication keys — used to verify your identity when connecting to GitHub via SSH
- Signing keys — used to cryptographically sign commits and tags, marking them as Verified in GitHub's interface
You can use the same key for both purposes or keep them separate. Whether that distinction matters depends on your workflow, team requirements, and how important verified commits are to your use case. 🔒
The core setup is consistent across environments — generate, add to the agent, copy the public key, upload to GitHub, and test. But how you organize keys across machines, accounts, and purposes is where your own configuration needs take over.