Running ssh-add from git bash using Windows 10's OpenSSH

Question

I've setup OpenSSH following the 2019 Update of this question including setting GIT_SSH=C:\Windows\System32\OpenSSH\ssh.exe. Which works great, except when using when using git from git bash I get following error:

$ git pull
CreateProcessW failed error:193
ssh_askpass: posix_spawn: Unknown error
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

If I use ssh-add from git bash I get a different error:

$ ssh-add
Could not open a connection to your authentication agent.

Which, seems to be because ssh-add is using /usr/bin/ssh-add rather than the ssh-add in C:\Windows\System32\OpenSSH\, to correct this I tried using the full path:

$ /c/Windows/System32/OpenSSH/ssh-add.exe
CreateProcessW failed error:193
ssh_askpass: posix_spawn: Unknown error

Which gives me the same error as before.

How can I use Window's OpenSSH commands from git bash?

Answer 1

I ran into the same problem and found out that git bash prepends /usr/bin to PATH.

My really hacky solution was to just prepend the Path to OpenSSHs ssh-add to the path in my .bashrc:

PATH="/c/Windows/System32/OpenSSH:${PATH}"

Answer 2

I know that this topic is somewhat old, but I stumbled across this problem just recently and found a solution.

Regarding to the OpenSSH documentation, askpass ist used to display the password gui. And OpenSSH is only trying to use this "askpass command" if the environment variable SSH_ASKPASS is set! So the easiest solution to get rid of this problem, is to simply unset this env var.

unset SSH_ASKPASS

Just put this in your .bash_profile and/or your .bashrc and reopen the shell to see the effect. You can even execute it in the open shell to test it first, but its obviously not permanent then.

Answer 3

Adding the following snippet from the github docs to .bashrc in the gitbash shell did the trick for me:

env=~/.ssh/agent.env

agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }

agent_start () {
    (umask 077; ssh-agent >| "$env")
    . "$env" >| /dev/null ; }

agent_load_env

# agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2=agent not running
agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)

if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
    agent_start
    ssh-add
elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
    ssh-add
fi

unset env

Read the full instructions on the github docs

Answer 4

For me with those below steps on win11, when I add ssh private key with password, and reboot my pc, then launch the gitbash again, I do NOT need to input password again, so it is works fine for me! Hope it works for you too!

The significant step here is to set the ssh private key with appropriate permission, my OS is Win11 21H2, git version is git version 2.40.0.windows.1, the following steps works well for me. You can refer to it.

First of all, set the correct ssh private key with appropriate permission,

1. select the file(ssh private key), right click, select file properties
2. click securty tab, click the advanced button, in the pop up windows, then
3. you may see many users has ssh private key access ability, then
4. click disable inheritance button, in pop up window select first one, it will clean up the inheritanced from properties from the drive(like E:\\
5. add or add user, then select add body or add object in pop up, in put you pc UserName, click the right button checking name, the result will change to something like PcName\UserName, then click OK button to confirm
6. delete all other users, just left the user name just add, which is PcName\UserName, then click OK button

Set up correct Windows OpenSSH for GitBash command, the windows openssh for windows 11 is located at C:\Windows\System32\OpenSSH\(if not, search it)

1. edit ~/..profile with the following line

   export PATH="/C/Windows/System32/OpenSSH/":$PATH

2. Launch GitBash, then to make sure in GitBash you can get the windows system ssh commands: run the following command to check which ssh, the output of command should shows up with(or something like that)

   /c/Windows/System32/OpenSSH/ssh.exe

Then the next is quite simple, just do the normal thing:

• ssh-add -l To see if ssh-agent is start or not, if not do it
• ssh-add path/to/you/ssh/private/key the key oper upper steps
• ssh-add -l do check again
• ssh -T git@github.com

The following is the shell script i use, it works both for windows and linux. You can reference to it. Copy and set the SSH private key file path to yours, then save it to a file, like ~/.ssh/EnableGitHubSSH.sh, then add a line of code source ~/.ssh/EnableGitHubSSH.sh to ~/.profile, then done! Try luanch GitBash or terminal to do github SSH login checking!

is_windows=$(uname -s | grep '[MINGW|MSYS_NT|CYGWIN_NT]')
if [ -n "${is_windows}" ]; then
  # 将系统 OpenSSH 查找路径提前
  # 删除 $HOME/bin (Git为啥会有这个设置？)
  # Windows 系统 PATH 修正，使用系统默认 OpenSSH, 不用每次重启后都输入密码
  # NOTE: 使用系统默 OpenSSH 时, 密码加密保存在系统中，SSH 的配置目录在 C 盘用户目录下
  XPATH=$(echo $PATH | sed "s#/c/Windows/System32/OpenSSH:##g" | sed "s#$HOME/bin:##g");
  export PATH="/c/Windows/System32/OpenSSH":$XPATH;
  unset XPATH;
fi

# 自动生成的文件，缓存Agent运行状态
tmpfile=~/.ssh/_SSHAgentEnvInfo.sh

# SSH私钥(GitHub免密登录认证)
sec_key=~/.ssh/YOUR-SSH-PRIVATE-KEY-ONE

test -f "$tmpfile" && source "$tmpfile" >| /dev/null

# agent_run_state:
# 0 = agent running with key
# 1 = agent running without key
# 2 = agent not running
agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)

# 添加 Git 免密登录 GitHub 使用的 SSH 私钥
if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
  if [ -z "${is_windows}" ]; then
    # Linux 需要运行的命令
    (umask 077; ssh-agent -s >| "$tmpfile")
    source "$tmpfile" >| /dev/null
  else
    # Win 11 手动配置 OpenSSH 开机启动
    # SSH_AUTH_SOCK 随便设置一个值，防止每次启动 GitBash 都加载私钥(需要输入密码)
    echo "SSH_AUTH_SOCK=OK;" > "$tmpfile"
  fi
  ssh-add "$sec_key" 2>/dev/null
elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
  ssh-add "$sec_key" 2>/dev/null
fi

unset tmpfile sec_key is_windows