diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b553db4..fc7576cc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 - Keep commit message when pre-commit hook fails ([#1035](https://github.com/extrawurst/gitui/issues/1035))
+- honor `pushurl` when checking whether we need username and password for pushing ([#953](https://github.com/extrawurst/gitui/issues/953))
 
 ## [0.19] - 2021-12-08 - Bare Repo Support
 
diff --git a/asyncgit/src/sync/cred.rs b/asyncgit/src/sync/cred.rs
index 73161e13..da5cb10f 100644
--- a/asyncgit/src/sync/cred.rs
+++ b/asyncgit/src/sync/cred.rs
@@ -32,9 +32,11 @@ impl BasicAuthCredential {
 /// know if username and password are needed for this url
 pub fn need_username_password(repo_path: &RepoPath) -> Result<bool> {
 	let repo = repo(repo_path)?;
-	let url = repo
-		.find_remote(&get_default_remote_in_repo(&repo)?)?
-		.url()
+	let remote =
+		repo.find_remote(&get_default_remote_in_repo(&repo)?)?;
+	let url = remote
+		.pushurl()
+		.or_else(|| remote.url())
 		.ok_or(Error::UnknownRemote)?
 		.to_owned();
 	let is_http = url.starts_with("http");
@@ -188,6 +190,25 @@ mod tests {
 		assert_eq!(need_username_password(repo_path).unwrap(), false);
 	}
 
+	#[test]
+	#[serial]
+	fn test_dont_need_username_password_if_pushurl_ssh() {
+		let (_td, repo) = repo_init().unwrap();
+		let root = repo.path().parent().unwrap();
+		let repo_path: &RepoPath =
+			&root.as_os_str().to_str().unwrap().into();
+
+		repo.remote(DEFAULT_REMOTE_NAME, "http://user@github.com")
+			.unwrap();
+		repo.remote_set_pushurl(
+			DEFAULT_REMOTE_NAME,
+			Some("git@github.com:user/repo"),
+		)
+		.unwrap();
+
+		assert_eq!(need_username_password(repo_path).unwrap(), false);
+	}
+
 	#[test]
 	#[serial]
 	#[should_panic]