← Blog

SSH Just Works in Yaw

No more "Permission denied (publickey)" on your first git push of the day.

Every developer who uses SSH keys for GitHub has hit this wall: you open a terminal, run git push, and get Permission denied (publickey). The ssh-agent isn't running, or it's running but has no keys loaded. You run eval $(ssh-agent -s) and ssh-add, then try again. Every time.

Yaw fixes this. When you open a terminal in Yaw, the ssh-agent starts automatically, your default keys are loaded, and the agent persists across every tab and pane. Git push just works.

The Most Common Use Case: GitHub

The overwhelming reason developers need SSH keys in a terminal is GitHub. If you use SSH URLs for your repositories (the git@github.com:... format), every git push, git pull, and git clone requires SSH authentication.

Most terminals leave this setup to you. You either configure your shell profile to start an agent, or you run ssh-add manually each session. Yaw handles it for you:

  1. On your first prompt, Yaw checks if an ssh-agent is running
  2. If not, it starts one and saves the agent info to ~/.ssh/yaw-agent.env
  3. It runs ssh-add to load your default keys (id_rsa, id_ed25519, etc.)
  4. New tabs and panes share the same agent — no duplicate agents, no lost keys

If your key has a passphrase, you'll be prompted once. After that, every tab in Yaw uses the same agent.

Using a Non-Default Key Name

If your SSH key has a custom name (like ~/.ssh/work_github instead of ~/.ssh/id_ed25519), add an entry to your SSH config:

Host github.com IdentityFile ~/.ssh/work_github IdentitiesOnly yes

Save this to ~/.ssh/config. SSH reads this file automatically — no agent needed for that specific key. This is standard SSH practice and works in every terminal, not just Yaw.

SSH to Servers

The second use case for SSH keys is connecting to remote servers. Yaw's built-in Connection Manager stores your SSH connections and lets you connect with one click — and the agent is already running with your keys loaded.

That said, if you're connecting to your own infrastructure, consider Tailscale SSH. It replaces traditional SSH keys entirely — no key management, no agent, no authorized_keys files. You authenticate through your identity provider, and Tailscale handles the rest. It's the simplest path if your servers are on a Tailscale network. And if you use Claude Code or another MCP client, tailscale-mcp lets you manage devices, ACLs, and DNS on your tailnet directly from your AI assistant.

Opting Out

If you manage your own ssh-agent (for example, through 1Password SSH Agent or GPG agent forwarding), set this environment variable to disable Yaw's agent:

export YAW_NO_SSH_AGENT=1

Published by Yaw Labs.

Try yaw

Free to use, no account required.

Install →

Related Articles

We write about terminal workflows and developer tools. Subscribe to Token Limit News.