Git SSH authentication fails on Windows

Every time I tried to clone or pull from a remote Git repository over SSH on Windows, I got hit with this:

PS C:\Development\Forgejo> git clone ssh://git@forgejo.blazilla.de/patrick/Dotfiles.git Dotfiles
Cloning into 'Dotfiles'...
git@forgejo.blazilla.de: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

The obvious suspects were all clear: The SSH key was registered in both Codeberg and my self-hosted Forgejo instance. The key was loaded in the SSH agent, confirmed via:

ssh-add -L

A direct SSH test to both hosts succeeded without issues:

PS C:\Development\Forgejo> ssh -T git@codeberg.org
Hi there, patrickterlisten! You've successfully authenticated with the key named
(verschlüsselt), but Forgejo does not provide shell access.
If this is unexpected, please log in with password and setup Forgejo under another user.

PS C:\Development\Forgejo> ssh -T git@forgejo.blazilla.de
Hi there, patrick! You've successfully authenticated with the key named
2026+patrick@blazilla.de, but Forgejo does not provide shell access.
If this is unexpected, please log in with password and setup Forgejo under another user.

So authentication itself worked fine. On Linux and macOS, git clone and git pull over SSH worked without any issues with the exact same setup.

Cause

Git for Windows ships with its own embedded SSH client. By default, it uses that bundled binary instead of the system’s OpenSSH installation. The embedded SSH client does not talk to the Windows OpenSSH authentication agent (ssh-agent running as a Windows service), so it cannot pick up keys loaded there — even though ssh -T (which uses the system SSH binary) works perfectly fine.

Fix

Tell Git to use the Windows OpenSSH binary instead of its own embedded one:

git config --global core.sshCommand "'C:\Windows\System32\OpenSSH\ssh.exe'"

After that, git clone and git pull worked immediately without any further changes.