How to Perform a 'Git Pull' Without Re-Entering My Ssh Password

How can I perform a `git pull` without re-entering my SSH password?

Have a look at this link https://help.github.com/articles/working-with-ssh-key-passphrases/

But I don’t want to enter a long passphrase every time I use the key!

Neither do I! Thankfully, there’s a nifty little tool called
ssh-agent that can save your passphrase securely so you don’t have
to re-enter it. If you’re on OSX Leopard or later your keys can be
saved in the system’s keychain to make your life even easier. Most
linux installations will automatically start ssh-agent for you when
you log in.

SSH Key - Still asking for password and passphrase

If you work with HTTPs urls, it'll always ask for your username / password. This could be solved using @Manavalan Gajapathy's comment (copying here):

See this github doc to convert remote's URL from https to ssh. To check if remote's URL is ssh or https, use git remote -v. To switch from https to ssh:

git remote set-url origin git@github.com:USERNAME/REPOSITORY.git

If you're correctly using SSH when cloning / setting remotes: make sure you have a ssh-agent to remember your password (see this answer by @Komu). That way, you'll only enter your passphrase once by terminal session.

If it is still too annoying, then simply set a ssh-key without passphrase.

How to enter command with password for git pull?

This is not exactly what you asked for, but for http(s):

• you can put the password in .netrc file (_netrc on windows). From there it would be picked up automatically. It would go to your home folder with 600 permissions.
• you could also just clone the repo with https://user:pass@domain/repo but that's not really recommended as it would show your user/pass in a lot of places...
• a new option is to use the credential helper. Note that credentials would be stored in clear text in your local config using standard credential helper. credential-helper with wincred can be also used on windows.

Usage examples for credential helper

• git config credential.helper store - stores the credentials indefinitely.
• git config credential.helper 'cache --timeout=3600'- stores for 60 minutes

For ssh-based access, you'd use ssh agent that will provide the ssh key when needed. This would require generating keys on your computer, storing the public key on the remote server and adding the private key to relevant keystore.

Gitlab: How to git pull without credentials?

I guess it would be because you are using https git remote url instead of ssh one.

Git keeps asking me for my ssh key passphrase

Once you have started the SSH agent with:

eval $(ssh-agent)

Do either:

1. To add your private key to it:

    ssh-add
   

   This will ask you your passphrase just once, and then you should be allowed to push, provided that you uploaded the public key to Github.

2. To add and save your key permanently on macOS:

    ssh-add -K  
   

   This will persist it after you close and re-open it by storing it in user's keychain.

   If you see a warning about deprecated flags, try the new variant:

    ssh-add --apple-use-keychain 
   

3. To add and save your key permanently on Ubuntu (or equivalent):

     ssh-add ~/.ssh/id_rsa
   

How to run git pull and bypass SSH passphrase prompt in user startup script?

Try Expect http://en.wikipedia.org/wiki/Expect
it will allow you to provide password to interactive ssh session

Push to GitHub without a password using ssh-key

If it is asking you for a username and password, your origin remote is pointing at the HTTPS URL rather than the SSH URL.

Change it to ssh.

For example, a GitHub project like Git will have an HTTPS URL:

https://github.com/<Username>/<Project>.git

And the SSH one:

git@github.com:<Username>/<Project>.git

You can do:

git remote set-url origin git@github.com:<Username>/<Project>.git

to change the URL.

How to make git not ask for password at pull?

There are a few options, depending on what your requirements are, in particular your security needs. For both HTTP and SSH, there is password-less, or password required access.

HTTP

==============

Password-Less

Useful for fetch only requirements, by default push is disabled. Perfect if anonymous cloning is the intention. You definitely shouldn't enable push for this type of configuration. The man page for git-http-backend contains good information, online copy at http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html. It provides an example of how to configure apache to provide this.

User/password in .netrc or url embedded

Where .netrc files are using in the form:

machine <hostname> login <username> password <password>

And embedded urls would be in the form:

http://user:pass@hostname/repo

Since git won't do auth for you, you will need to configure a webserver such as apache to perform the auth, before passing the request onto the git tools. Also keep in mind that using the embedded method is a security risk, even if you use https since it is part of the url being requested.

If you want to be able to pull non-interactive, but prevent anonymous users from accessing the git repo, this should be a reasonably lightweight solution using apache for basic auth and preferably the .netrc file to store credentials. As a small gotcha, git will enable write access once authentication is being used, so either use anonymous http for read-only, or you'll need to perform some additional configuration if you want to prevent the non-interactive user from having write access.

See:

• httpd.apache.org/docs/2.4/mod/mod_auth_basic.html for more on configuring basic auth
• www.kernel.org/pub/software/scm/git/docs/git-http-backend.html for some examples on the apache config needed.
  
  
  
  

SSH

==============

Passphrase-Less

Opens up for security issues, since anyone who can get a hold of the ssh private key can now update the remote git repo as this user. If you want to use this non-interactively, I'd recommend installing something like gitolite to make it a little easier to ensure that those with the ssh private key can only pull from the repo, and it requires a different ssh key pair to update the repo.

See github.com/sitaramc/gitolite/ for more on gitolite.

stromberg.dnsalias.org/~strombrg/ssh-keys.html - for creating password less ssh keys:
May also want to cover managing multiple ssh keys: www.kelvinwong.ca/2011/03/30/multiple-ssh-private-keys-identityfile/

Passphase protected

Can use ssh-agent to unlock on a per-session basis, only really useful for interactive fetching from git. Since you mention root and only talk about performing 'git pull', it sounds like your use case is non-interactive. This is something that might be better combined with gitolite (github.com/sitaramc/gitolite/).

Summary

==============

Using something like gitolite will abstract a lot of the configuration away for SSH type set ups, and is definitely recommended if you think you might have additional repositories or need to specify different levels of access. It's logging and auditing are also very useful.

If you just want to be able to pull via http, the git-http-backend man page should contain enough information to configure apache to do the needful.

You can always combine anonymous http(s) for clone/pull, with passphrase protected ssh access required for full access, in which case there is no need to set up gitolite, you'll just add the ssh public key to the ~/.ssh/authorized_keys file.

---

Related Topics