Being used to working in GNU/Linux environments, using the ssh utility for remote terminal / command line access has become an indispensable tool for me. Here is how to install the OpenSSH client, generate SSH keys and use the SSH agent on Windows. As a bonus I shall also cover how to configure Git for Windows to use the SSH agent installed in Windows for caching SSH keys.

Install the OpenSSH client

The first step is to install the OpenSSH client on Windows. One way to do this is by installing it via Windows’ optional features:

1. Go to Settings -> Apps -> Optional Features
2. In the “Add an optional feature” section click on “View Features”

   

3. Search for “OpenSSH client” and click the checkbox

   

With the OpenSSH client installed, you should now have an ssh.exe executable at C:\Windows\System32\OpenSSH\ssh.exe. To confirm, we can use the where command in Windows command prompt:

C:\> where ssh
C:\Windows\System32\OpenSSH\ssh.exe

SSH Keys

Using SSH keys is a more secure way to access remote resources. In order to generate a new SSH key/identity, use the ssh-keygen command:

C:\> ssh-keygen -t ed25519 -C "email_address@example.com"

The command will prompt you to specify a passphrase for the private key. This is recommended for security, but is optional.

The -t flag specifies the algorithm used for the key. Using a modern algorithm, such as ed25519 at the time of writing, is recommended.

By default the new key will be saved to %USERPROFILE%\.ssh, for example, C:\Users\username\.ssh\id_rsa and C:\Users\username\.ssh\id_rsa.pub.

The ssh-add command can be used to cache a private key with SSH agent. For passphrase protected keys this allows you to enter your passphrase once and keep the key available while you are logged into your computer. By default the ssh-add command will cache %USERPROFILE%\.ssh\id_rsa:

C:\> ssh-add
Enter passphrase for C:\Users\morne\.ssh\id_rsa:
Identity added: C:\Users\morne\.ssh\id_rsa (C:\Users\morne\.ssh\id_rsa)

With the command successfully executed the key at %USERPROFILE%\.ssh\id_rsa can now be used without enterting the passphrase again during the current session.

Git for Windows and SSH

Git for Windows comes with its own OpenSSH installation. This can be inconvenient since the Git for Windows SSH does not share the same SSH agent (the service that caches keys from ssh-add invocations). In order to use Windows’ OpenSSH with git (and thus Windows’ SSH agent) we can tell Git for Windows which ssh.exe to use via the GIT_SSH environment variable, in a Git bash shell:

$ export GIT_SSH='C:\Windows\System32\OpenSSH\ssh.exe'

To make this the default, you can set the GIT_SSH environment variable either for your user profile or system wide via the System -> About -> Advanced syustem settings -> Environment Variables in Windows Settings:

References & Resources

• https://stackoverflow.com/questions/18683092/how-to-run-ssh-add-on-windows
• https://interworks.com/blog/2021/09/15/setting-up-ssh-agent-in-windows-for-passwordless-git-authentication/
• https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent