How to Create an SSH Key for GitHub
Connecting to GitHub securely doesn't require typing your username and password every time. SSH keys offer a faster, more secure alternative — and once set up, they work silently in the background. Here's exactly how the process works, what the steps mean, and what factors shape your experience along the way.
What Is an SSH Key and Why Does GitHub Use It?
An SSH key is a cryptographic key pair used to authenticate your identity over a secure connection. It consists of two parts:
- A private key — stored on your machine, never shared
- A public key — uploaded to GitHub, used to verify your identity
When you connect to GitHub via SSH, your machine proves it holds the private key that matches the public key on file. No password needed. This is more secure than password authentication and resistant to brute-force attacks.
GitHub supports SSH for cloning repositories, pushing commits, and pulling changes — essentially any Git operation that would otherwise require credentials.
Generating Your SSH Key: Step by Step
Step 1: Check for Existing Keys
Before creating a new key, check whether you already have one. Open your terminal (or Git Bash on Windows) and run:
ls -al ~/.ssh Look for files named id_rsa, id_ed25519, or similar. If they exist, you may be able to skip generation and move straight to adding your key to GitHub.
Step 2: Generate a New SSH Key Pair
The recommended algorithm today is Ed25519, which is faster and more secure than the older RSA format. Run:
ssh-keygen -t ed25519 -C "[email protected]" The -C flag adds a label (your email) to help identify the key. When prompted:
- File location: Press Enter to accept the default (
~/.ssh/id_ed25519), or specify a custom path if you manage multiple keys - Passphrase: Optional but strongly recommended — adds a layer of protection if your machine is compromised
If your system doesn't support Ed25519 (rare on modern systems), fall back to RSA:
ssh-keygen -t rsa -b 4096 -C "[email protected]" Step 3: Add Your Key to the SSH Agent
The SSH agent manages your keys in memory, so you don't re-enter your passphrase repeatedly. Start the agent and add your key:
eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_ed25519 On macOS, you can persist this across sessions by updating your ~/.ssh/config file:
Host github.com AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_ed25519 On Windows with Git Bash, the agent behavior depends on your setup — some users find it easier to use the Windows OpenSSH service or a tool like Pageant with PuTTY.
Step 4: Copy Your Public Key
Copy the contents of your public key file:
cat ~/.ssh/id_ed25519.pub Or use a clipboard shortcut:
- macOS:
pbcopy < ~/.ssh/id_ed25519.pub - Linux:
xclip -selection clipboard < ~/.ssh/id_ed25519.pub(requires xclip) - Windows Git Bash:
clip < ~/.ssh/id_ed25519.pub
Step 5: Add the Public Key to GitHub
- Go to GitHub → Settings → SSH and GPG keys
- Click New SSH key
- Give it a descriptive title (e.g., "Work MacBook" or "Home Linux Desktop")
- Paste your public key into the Key field
- Click Add SSH key
Step 6: Test the Connection
Verify everything is working:
ssh -T [email protected] A successful response looks like:
Hi username! You've successfully authenticated, but GitHub does not provide shell access. That message is expected — it confirms authentication works. 🔑
Key Variables That Affect Your Setup
| Factor | What Changes |
|---|---|
| Operating System | macOS has Keychain integration; Linux/Windows require different agent configurations |
| Key algorithm | Ed25519 is preferred; RSA 4096 works if needed |
| Multiple accounts | Requires custom SSH config entries per host alias |
| Passphrase use | Affects convenience vs. security tradeoff |
| Corporate/restricted networks | May block port 22; GitHub supports SSH over port 443 as a workaround |
Managing Multiple GitHub Accounts
If you maintain separate personal and work GitHub accounts, a single SSH key won't cleanly serve both. The solution is creating multiple key pairs and configuring ~/.ssh/config to route each account to its own key:
Host github-work HostName github.com User git IdentityFile ~/.ssh/id_ed25519_work Host github-personal HostName github.com User git IdentityFile ~/.ssh/id_ed25519_personal You'd then clone using the custom host alias instead of github.com directly. This pattern is straightforward but requires discipline when setting up new repositories.
SSH Over HTTPS: When Port 22 Is Blocked 🔒
Some networks block port 22, which SSH uses by default. GitHub provides a fallback: SSH connections over port 443, the same port used by HTTPS. Update your SSH config:
Host github.com Hostname ssh.github.com Port 443 User git IdentityFile ~/.ssh/id_ed25519 This works identically from Git's perspective — the change is purely at the network transport level.
What Determines the Right Setup for You
The core steps are the same for almost everyone — generate, add to agent, upload to GitHub. But the details branch out depending on several factors: how many machines you work from, whether you juggle multiple GitHub accounts, what OS and shell environment you use, and how your network handles SSH traffic.
A developer on a single personal Mac with one GitHub account has a simpler path than someone managing CI/CD pipelines, shared servers, or multiple organizational accounts. The key generation process is identical — how you structure your config files and key naming is where individual setups start to diverge.