How can I perform a `git pull` without re-entering my SSH password?
Have a look at this link https://help.github.com/articles/working-with-ssh-key-passphrases/
But I don’t want to enter a long passphrase every time I use the key!
Neither do I! Thankfully, there’s a nifty little tool called
ssh-agent
that can save your passphrase securely so you don’t have
to re-enter it. If you’re on OSX Leopard or later your keys can be
saved in the system’s keychain to make your life even easier. Most
linux installations will automatically start ssh-agent for you when
you log in.
SSH Key - Still asking for password and passphrase
If you work with HTTPs
urls, it'll always ask for your username / password. This could be solved using @Manavalan Gajapathy's comment (copying here):
See this github doc to convert remote's URL from https to ssh. To check if remote's URL is ssh or https, use git remote -v
. To switch from https to ssh:
git remote set-url origin git@github.com:USERNAME/REPOSITORY.git
If you're correctly using SSH
when cloning / setting remotes: make sure you have a ssh-agent to remember your password (see this answer by @Komu). That way, you'll only enter your passphrase once by terminal session.
If it is still too annoying, then simply set a ssh-key without passphrase.
How to enter command with password for git pull?
This is not exactly what you asked for, but for http(s):
- you can put the password in .netrc file (_netrc on windows). From there it would be picked up automatically. It would go to your home folder with 600 permissions.
- you could also just clone the repo with
https://user:pass@domain/repo
but that's not really recommended as it would show your user/pass in a lot of places... - a new option is to use the credential helper. Note that credentials would be stored in clear text in your local config using standard credential helper. credential-helper with wincred can be also used on windows.
Usage examples for credential helper
git config credential.helper store
- stores the credentials indefinitely.git config credential.helper 'cache --timeout=3600'
- stores for 60 minutes
For ssh-based access, you'd use ssh agent that will provide the ssh key when needed. This would require generating keys on your computer, storing the public key on the remote server and adding the private key to relevant keystore.
Gitlab: How to git pull without credentials?
I guess it would be because you are using https git remote url instead of ssh one.
Git keeps asking me for my ssh key passphrase
Once you have started the SSH agent with:
eval $(ssh-agent)
Do either:
To add your private key to it:
ssh-add
This will ask you your passphrase just once, and then you should be allowed to push, provided that you uploaded the public key to Github.
To add and save your key permanently on macOS:
ssh-add -K
This will persist it after you close and re-open it by storing it in user's keychain.
If you see a warning about
deprecated
flags, try the new variant:ssh-add --apple-use-keychain
To add and save your key permanently on Ubuntu (or equivalent):
ssh-add ~/.ssh/id_rsa
How to run git pull and bypass SSH passphrase prompt in user startup script?
Try Expect http://en.wikipedia.org/wiki/Expect
it will allow you to provide password to interactive ssh session
Push to GitHub without a password using ssh-key
If it is asking you for a username and password, your origin remote is pointing at the HTTPS URL rather than the SSH URL.
Change it to ssh.
For example, a GitHub project like Git will have an HTTPS URL:
https://github.com/<Username>/<Project>.git
And the SSH one:
git@github.com:<Username>/<Project>.git
You can do:
git remote set-url origin git@github.com:<Username>/<Project>.git
to change the URL.
How to make git not ask for password at pull?
There are a few options, depending on what your requirements are, in particular your security needs. For both HTTP and SSH, there is password-less, or password required access.
HTTP
==============
Password-Less
Useful for fetch only requirements, by default push is disabled. Perfect if anonymous cloning is the intention. You definitely shouldn't enable push for this type of configuration. The man page for git-http-backend contains good information, online copy at http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html. It provides an example of how to configure apache to provide this.
User/password in .netrc or url embedded
Where .netrc files are using in the form:
machine <hostname> login <username> password <password>
And embedded urls would be in the form:
http://user:pass@hostname/repo
Since git won't do auth for you, you will need to configure a webserver such as apache to perform the auth, before passing the request onto the git tools. Also keep in mind that using the embedded method is a security risk, even if you use https since it is part of the url being requested.
If you want to be able to pull non-interactive, but prevent anonymous users from accessing the git repo, this should be a reasonably lightweight solution using apache for basic auth and preferably the .netrc file to store credentials. As a small gotcha, git will enable write access once authentication is being used, so either use anonymous http for read-only, or you'll need to perform some additional configuration if you want to prevent the non-interactive user from having write access.
See:
- httpd.apache.org/docs/2.4/mod/mod_auth_basic.html for more on configuring basic auth
- www.kernel.org/pub/software/scm/git/docs/git-http-backend.html for some examples on the apache config needed.
SSH
==============
Passphrase-Less
Opens up for security issues, since anyone who can get a hold of the ssh private key can now update the remote git repo as this user. If you want to use this non-interactively, I'd recommend installing something like gitolite to make it a little easier to ensure that those with the ssh private key can only pull from the repo, and it requires a different ssh key pair to update the repo.
See github.com/sitaramc/gitolite/ for more on gitolite.
stromberg.dnsalias.org/~strombrg/ssh-keys.html - for creating password less ssh keys:
May also want to cover managing multiple ssh keys: www.kelvinwong.ca/2011/03/30/multiple-ssh-private-keys-identityfile/
Passphase protected
Can use ssh-agent to unlock on a per-session basis, only really useful for interactive fetching from git. Since you mention root and only talk about performing 'git pull', it sounds like your use case is non-interactive. This is something that might be better combined with gitolite (github.com/sitaramc/gitolite/).
Summary
==============
Using something like gitolite will abstract a lot of the configuration away for SSH type set ups, and is definitely recommended if you think you might have additional repositories or need to specify different levels of access. It's logging and auditing are also very useful.
If you just want to be able to pull via http, the git-http-backend man page should contain enough information to configure apache to do the needful.
You can always combine anonymous http(s) for clone/pull, with passphrase protected ssh access required for full access, in which case there is no need to set up gitolite, you'll just add the ssh public key to the ~/.ssh/authorized_keys file.
Related Topics
How to Copy All PDF Files from a Directory and Its Subdirectories to One Location
How to Setup the Passwords-Less Authentication Between Two Different Accounts
How to Pipe or Redirect the Output of Curl -V
Linux: How to Know the Module That Exports a Device Node
Installed Clang++3.6 on Ubuntu, Can't Select as Alternative
How to Decrease the Size of Generated Binaries
Setting Up Permissions for Wordpress on Amazon Ec2 (Amazon Linux)
Installing Openssh on the Alpine Docker Container
What Is the Fastest Way to Find All the File with the Same Inode
Securing a Linux Webserver for Public Access
Escape Single Quotes in Shell Script
Multiple Ip Addresses on Google Cloud Compute
Using a Remote Host's Usb Port as Local Usb (Linux and Windows)
How to Calculate System Memory Usage from /Proc/Meminfo (Like Htop)
How to Get "Requests Per Second" for Apache in Linux
Why Does Perf Stat Show "Stalled-Cycles-Backend" as <Not Supported>
Lsb_Release: Command Not Found in Latest Ubuntu Docker Container