Git Always Prompts for Passphrase - macos

I've followed the following guide to setup SSH keys on Mac OS 10.7.4.
https://help.github.com/articles/generating-ssh-keys
But for some reason it continually prompts me for my passphrase. It doesn't prompt me if I don't specify a passphrase, but that isn't desired. Is there a way to cache my passphrase so that I won't be prompted for every pull/push?

You have to add your key file in the ssh-add
ssh-add ~/.ssh/you_key_rsa
After that, it's not will ask any more.

You might need to edit the .git/config file in your git repo and change the url value to use something like user#host:path-to-git-repo.git

The SSH password is used to authenticate users connecting to GIT repositories.
If you're working localy, git shouldn't ask for passwords, obly when doing remote operation, such as clone, push, pull,etc.
If the password annoys you, you can just input a blank password when creating the SSH key, password is not mandatory, however I advise you to use password for extra protection.

I am using Windows 10, and I have found two ways to eliminate the passphrase prompting.
Make sure the ssh agent is started and you have added your key
$ eval "$(ssh-agent -s)"
$ ssh-add ~/.ssh/id_rsa
The second command will prompt you for your passphrase, and then you will not be prompted for any other git commands run in this session.
You will need to run these commands again for every new bash session
Remove the passphrase from you key file:
$ ssh-keygen -p -f ~/.ssh/id_rsa
When prompted, just strike enter key for the new passphrase.
Option 2 will permanently remove the passphrase for all git commands. Of course it also makes you key file "unsecured"
Note: If you are using git desktop GUI ( Version 1.04+) Option 2 is required for the GUI to work.

Related

How to clone repository using SSH in EC2 userdata? [duplicate]

I am trying to connect to a remote Git repository that resides on my web server and clone it to my machine.
I am using the following format for my command:
git clone ssh://username#domain.example/repository.git
This has worked fine for most of my team members. Usually after running this command Git will prompt for the user's password, and then run the cloning. However, when running on one of my machines I get the following error:
Host key verification failed.
fatal: Could not read from remote
repository.
We are not using SSH keys to connect to this repository, so I'm not sure why Git is checking for one on this particular machine.
As I answered previously in Cloning git repo causes error - Host key verification failed. fatal: The remote end hung up unexpectedly, add GitHub to the list of known hosts:
ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
You are connecting via the SSH protocol, as indicated by the ssh:// prefix on your clone URL. Using SSH, every host has a key. Clients remember the host key associated with a particular address and refuse to connect if a host key appears to change. This prevents man in the middle attacks.
The host key for domain.example has changed. If this does not seem fishy to you, remove the old key from your local cache by editing ${HOME}/.ssh/known_hosts to remove the line for domain.example or letting an SSH utility do it for you with
ssh-keygen -R domain.example
From here, record the updated key either by doing it yourself with
ssh-keyscan -t rsa domain.example >> ~/.ssh/known_hosts
or, equivalently, let ssh do it for you next time you connect with git fetch, git pull, or git push (or even a plain ol’ ssh domain.example) by answering yes when prompted
The authenticity of host 'domain.example (a.b.c.d)' can't be established.
RSA key fingerprint is XX:XX:...:XX.
Are you sure you want to continue connecting (yes/no)?
The reason for this prompt is domain.example is no longer in your known_hosts after deleting it and presumably not in the system’s /etc/ssh/ssh_known_hosts, so ssh has no way to know whether the host on the other end of the connection is really domain.example. (If the wrong key is in /etc, someone with administrative privileges will have to update the system-wide file.)
I strongly encourage you to consider having users authenticate with keys as well. That way, ssh-agent can store key material for convenience (rather than everyone having to enter her password for each connection to the server), and passwords do not go over the network.
I had the similar issue, but, using SSH keys. From Tupy's answer, above, I figured out that the issue is with known_hosts file not being present or github.com not being present in the list of known hosts. Here are the steps I followed to resolve it -
mkdir -p ~/.ssh
ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
ssh-keygen -t rsa -C "user.email"
open the public key with this command $ cat ~/.ssh/id_rsa.pub and copy it.
Add the id_rsa.pub key to SSH keys list on your GitHub profile.
This is happening because github is not currently in your known hosts.
You should be prompted to add github to your known hosts. If this hasn't happened, you can run ssh -T git#github.com to receive the prompt again.
For me, I just had to type "yes" at the prompt which asks "Are you sure you want to continue connecting (yes/no)?" rather than just pressing Enter.
If you are in office intranet (otherwise dangerous) which is always protected by firewalls simply have the following lines in your ~/.ssh/config.
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
When asked:
Are you sure you want to continue connecting (yes/no)?
Type yes as the response
That is how I solved my issue. But if you try to just hit the enter button, it won't work!
I got the same problem on a newly installed system, but this was a udev problem. There was no /dev/tty node, so I had to do:
mknod -m 666 /dev/tty c 5 0
What worked for me was to first add my SSH key of the new computer, I followed these instructions from GitLab - add SSH key. Note that since I'm on Win10, I had to do all these commands in Git Bash on Windows (it didn't work in regular DOS cmd Shell).
Then again in Git Bash, I had to do a git clone of the repo that I had problems with, and in my case I had to clone it to a different name since I already had it locally and didn't want to lose my commits. For example
git clone ssh://git#gitServerUrl/myRepo.git myRepo2
Then I got the prompt to add it to known hosts list, the question might be this one:
Are you sure you want to continue connecting (yes/no)?
I typed "yes" and it finally worked, you should typically get a message similar to this:
Warning: Permanently added '[your repo link]' (ECDSA) to the list of known hosts.
Note: if you are on Windows, make sure that you use Git Bash for all the commands, this did not work in regular cmd shell or powershell, I really had to do this in Git Bash.
Lastly I deleted the second clone repo (myRepo2 in the example) and went back to my first repo and I could finally do all the Git stuff like normal in my favorite editor VSCode.
When the remote server wants to connect to the private repo, it would authenticate via ssh.
Create the private-public key pair with ssh-keygen or if you already have the public-private key. copy&paste the public key in the Settings of the private repo.
YourPrivateRepo -> Settings -> Deploy Keys -> Add deploy key -> Paste the public key.
Now the remote server would be able to connect to the private repo.
NOTE: The deploy keys has access only for reading the repo. Need to explicitly allow write access.
If you are using git for Windows.
Open the git GUI.
Open the local git repository in git GUI.
Add the remote or push if the remote already exists.
Answer "yes" to the question about whether you want to continue.
The GUI client adds the key for you to ~/.ssh/known_hosts. This is easier to remember if you don't do it often and also avoids the need to use the git command line (the standard Windows command lines don't have the ssh-keyscan executable.
The solutions mentioned here are great, the only missing point is, what if your public and private key file names are different than the default ones?
Create a file called "config" under ~/.ssh and add the following contents
Host github.com
IdentityFile ~/.ssh/github_id_rsa
Replace github_id_rsa with your private key file.
I was facing the same error inside DockerFile during build time while the image was public. I did little modification in Dockerfile.
RUN git clone https://github.com/kacole2/express-node-mongo-skeleton.git /www/nodejs
This would be because using the git#github.com:... syntax ends up > using SSH to clone, and inside the container, your private key is not > available. You'll want to use RUN git clone > https://github.com/edenhill/librdkafka.git instead.
Check permissions on the known_hosts file as well - both the user's (~/.ssh/known_hosts) and the global one (/etc/ssh/ssh_known_hosts).
In my case the old host was in /etc/ssh/ssh_known_hosts. When I removed it as root with sudo ssh-keygen -f /etc/ssh/ssh_known_hosts -R THE_HOST it changed permissions on that file to 0600, so SSHing to THE_HOST as root worked, but for any other user it failed with "Host key verification failed". The fix was:
sudo chmod 644 /etc/ssh/ssh_known_hosts
One small addition to Tupy's answer, you may need to add the port number for your repository host:
ssh-keyscan -p 8888 -t rsa domain.example >> ~/.ssh/known_hosts
If you have another machine that does have remote access you can find the port number by viewing ~/.ssh/known_hosts:
[user]$ less ~/.ssh/known_hosts
[domain.example]:8888,[000.00.000.000]:8888 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCi...
Its means your remote host key was changed (May be host password change),
Your terminal suggested to execute this command as root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]
You have to remove that host name from hosts list on your pc/server. Copy that suggested command and execute as a root user.
$ sudo su // Login as a root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net] // Terminal suggested command execute here
Host [www.website.net]:4231 found: line 16 type ECDSA
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
$ exit // Exist from root user
Try Again, Hope this works.
You kan use https instead of ssh for git clone or git pull or git push
ex:
git clone https://github.com/user/repo.git
Reason seems to be that the public key of the remote host is not stored or different from the stored one. (Be aware of security issues, see Greg Bacon's answer for details.)
I was used to git clone prompting me in this case:
The authenticity of host 'host.net (10.0.0.42)' can't be established.
ECDSA key fingerprint is 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00.
Are you sure you want to continue connecting (yes/no)?
Not sure, why this error is thrown instead. Could be the configuration of your shell or the git SSH command.
Anyhow, you can get the same prompt by running ssh user#host.net.
A other alternative worked for me, instead of cloning the SSH link
git#gitlab.company.net:upendra/mycode.git
there is a option to select http link
http://gitlab.company.net:8888/upendra/mycode.git
So I used http link to clone for Visual studio and it worked for me
If you are not using a Windows Session to update the code, and you use PortableGit, you need to set the HOMEPATH environment variable before running the git command.
This example fits better for other use case, but I think it is a good of proof-of-concept for this post.
$env:HOMEPATH="\Users\Administrator";C:\path\to\PortableGit\bin\git.exe -C C:\path\to\repository.git pull'
Pushing to Git returning Error Code 403 fatal: HTTP request failed
Check if there is Billing issue.
Google Cloud stops uploading files to https://source.cloud.google.com/
I got this problem went away after Payment issue was fixed.
But did not change the Keys.
Thanks
Dashboard > Manage Jenkins > Configure Global Security > Git Host Key Verification Configuration.
Then in Host Key Verification Strategy select Accept first connection.
You can use your "git url" in 'https" URL format in the Jenkinsfile or wherever you want.
git url: 'https://github.com/jglick/simple-maven-project-with-tests.git'
Alternatively, if you're using MSYS2 terminals (on Windows*) and a passphrase, it might be that the terminal does not prompt the 'Enter passphrase' properly, thus denying access to SSH.
If you're on Windows, you can instead use the Git Bash or Powershell to get the prompt and properly connect. (I'm currently looking for a solution for MSYS.)
*Not sure if relevant.
Problem:
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Solution: I've checked all the settings and also checked the key settings in GitHub. Finally, I changed the Git URL from "git#github.com:palvsv/travelo-moon.git" to "https://github.com/palvsv/travelo-moon.git" in .config file "yourprojectdirectory/.git/config" and it works.
for me, I just rename the "known_hosts" file to "known_hosts.del" for backup. and then rerun git clone xxx and type "yes". I will create new "known_hosts"
Just type 'yes' and press enter this should work
When the terminal shows:
Are you sure you want to continue connecting (yes/no)?
DO NOT I repeat DO NOT directly pressed Enter.
You MUST TYPE yes first in the terminal, then press Enter.
I had the similar issue, unfortunately I used the GitExtensions HMI and forgot that I wrote a passphrase.
With HMI.... forget it ! Do not enter passphrase when you generate your key !
I got this message when I tried to git clone a repo that was not mine. The fix was to fork and then clone.

Git clone / pull continually freezing at "Store key in cache?"

I'm attempting to clone a repo from my BitBucket account to my Windows 10 laptop (running GitBash). I've completed all of the steps necessary to connect (set up my SSH key, verified by successfully SSHing git#bitbucket.org, etc). However, whenever I attempt to clone a repo, the prompt continually hangs up after confirming that I want to cache Bitbucket's key.
User#Laptop MINGW64 /C/Repos
$ git clone git#bitbucket.org:mygbid/test.git
Cloning into 'test'...
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n) y
No files are cloned, and the result is an empty repo. Trying to initiate a git pull origin master from this repo also asks to cache the key, then hangs with no feedback. Despite not asking for the key to be cached when I do a test SSH, git operations always ask for the key every time before failing.
With no error messages to work with, I'm really at a loss as to what is wrong. I've tried multiple repos, including very small ones, with no success at all.
I had this problem when cloning a repo on Windows 10 too.
I got around it by using the Putty GUI to SSH to the server in question (in your case: bitbucket.org) then clicked 'Yes' when the prompt asks if you want to save the server key to the cache. Running the clone command again then worked for me!
Open Putty
Type in the Host Name (like bitbucket.org)
Click Open
Click yes in the popup to cache the host key
Close Putty
I managed to get it working by running plink directly, after pageant is running use the plink command directly - plink.exe -agent -v git#github.com then after this git works without hanging.
To do this from powershell open a powershell window and paste in the following:
echo y | & 'C:\Program Files (x86)\GitExtensions\PuTTY\plink.exe' -ssh git#github.com
echo y | & 'C:\Program Files (x86)\GitExtensions\PuTTY\plink.exe' -ssh git#gist.github.com
echo y | & 'C:\Program Files (x86)\GitExtensions\PuTTY\plink.exe' -ssh git#bitbucket.org
or with PuTTY standalone version:
echo y | & 'C:\Program Files (x86)\PuTTY\plink.exe' -ssh git#github.com
echo y | & 'C:\Program Files (x86)\PuTTY\plink.exe' -ssh git#gist.github.com
echo y | & 'C:\Program Files (x86)\PuTTY\plink.exe' -ssh git#bitbucket.org
Also worth knowing is that putty stores known hosts under a registry key:
HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys
To shortcut the above you could put the following in a .reg file and run it:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\SshHostKeys]
"rsa2#22:github.com"="0x23,0xab603b8511a67679bdb540db3bd2034b004ae936d06be3d760f08fcbaadb4eb4edc3b3c791c70aae9a74c95869e4774421c2abea92e554305f38b5fd414b3208e574c337e320936518462c7652c98b31e16e7da6523bd200742a6444d83fcd5e1732d03673c7b7811555487b55f0c4494f3829ece60f94255a95cb9af537d7fc8c7fe49ef318474ef2920992052265b0a06ea66d4a167fd9f3a48a1a4a307ec1eaaa5149a969a6ac5d56a5ef627e517d81fb644f5b745c4f478ecd082a9492f744aad326f76c8c4dc9100bc6ab79461d2657cb6f06dec92e6b64a6562ff0e32084ea06ce0ea9d35a583bfb00bad38c9d19703c549892e5aa78dc95e250514069"
"rsa2#22:gist.github.com"="0x23,0xab603b8511a67679bdb540db3bd2034b004ae936d06be3d760f08fcbaadb4eb4edc3b3c791c70aae9a74c95869e4774421c2abea92e554305f38b5fd414b3208e574c337e320936518462c7652c98b31e16e7da6523bd200742a6444d83fcd5e1732d03673c7b7811555487b55f0c4494f3829ece60f94255a95cb9af537d7fc8c7fe49ef318474ef2920992052265b0a06ea66d4a167fd9f3a48a1a4a307ec1eaaa5149a969a6ac5d56a5ef627e517d81fb644f5b745c4f478ecd082a9492f744aad326f76c8c4dc9100bc6ab79461d2657cb6f06dec92e6b64a6562ff0e32084ea06ce0ea9d35a583bfb00bad38c9d19703c549892e5aa78dc95e250514069"
"rsa2#22:bitbucket.org"="0x23,0xb9b88df3578371a7eb80c78bcda14fb30da436f11ca932a5fd5a8b6adfcc681df7a59cb4cb7ac966d9eac11daa38ebdbc0a6582a210ed4ee95a8d101c4abc925e942ab47535d64f9a5b3b68035c2ea1e900d709a1e8ea938718f532f9805a190446b92bac3040126225ae9d8374bc2008f106979d631734c7453f78c70091f4783b288869cb3c1941a784cd9baad823be27333833dc1f488a45b85952be75cf0a64965662302e3915378dcd5cfcd3ec903d804a29dff2fdf19df5deba4534b09e4dea6e44f152e339b3c43be98ddadfc56533192e216a3d673f00b4aa9cc9e7870acd8b6adb7e0feb77f2292fc2dede94819def3eb1e785541a06ab31ccf725f"
putty-hosts.reg gist
To workaround this problem I configured GitBash to use plink with -batch option. The option disables all prompts - the plink will terminate without hanging and won't add any key fingerprint to cache.
To add -batch parameter to plink command executed by GitBash you can set a git config option:
git config --global core.sshCommand "plink -batch"
Or set GIT_SSH_COMMAND environment variable.
The output when you cloning a repo from unknown host will be similar to this:
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
Connection abandoned.
fatal: Could not read from remote repository.
After this message you can add a key to cache with command:
echo y | plink git#bitbucket.org
REMARK: Please check if plink is in your PATH. Alternatively use UNIX-like path in the GitBash config option, e.g.:
/c/Program\ Files/PuTTY/plink.exe -batch
Even after performing the workaround mentioned in other answers, you may encounter an error like:
FATAL ERROR: Disconnected: No supported authentication methods available (server sent: publickey)
To solve both problems at once, change git bash to use SSH instead of PuTTY by adding the following to your ~/.profile file (C:\Users\<Username>\.profile). If you don't already have this file, then create a new file with this line.
GIT_SSH="/usr/bin/ssh.exe"
Then open a new git bash window and try your git clone or git pull again.
Note that this may require you to create an SSH key if you don't already have one. To do this, follow the instructions on the Bitbucket site.
See this SO question for related info.
In your git bash shell, check for existence of GIT_SSH:
echo $GIT<tab><tab>
If it exists and is set to putty, execute:
unset GIT_SSH
You'll probably want to put this into one of the git bash startup scripts.
This is NOT a universal solution. It worked in our particular case.
It sounds a bit silly, but after trying all of the above, I decided to reinstall Git Bash with default options and it worked.
If you use KiTTY (instead of PuTTY), it has -auto-store-sshkey argument.
So, you can set GIT_SSH_COMMAND (or git config --global core.sshCommand) to something like c:/KiTTY/klink.exe -auto-store-sshkey.
The output still contains information about new key and the question, but it doesn't wait for the answer:
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's ssh-ed25519 key fingerprint is:
ssh-ed25519 255 2e:65:6a:c8:cf:bf:b2:8b:9a:bd:6d:9f:11:5c:12:16
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n)
Autostore key is on
Default SSH port to connect to is 7999

GitHub still asking for login even after ssh key exchange

my machine setup is as follows:
windows 7, Git for windows,Git Bash, openSSH 1.6 installed via cygwin.
I followed the instructions on https://help.github.com/articles/generating-ssh-keys
But I still have to login in everytime I push something.
I guess my setup is messed up... any help is very much appreciated.
To be able to use key-based authentication (instead of HTTP basic-auth), you have to use the SSH-Protocol. On Github, the URLs look like this:
git#github.com:username/repository.git
Once you use key authentication, you can use the common SSH tools to manage the connections. One of these tools is the SSH agent which will decrypt your private key once after loading and keep it in main memory while it is running. This allows new SSH sessions to use this key without having to bother you with a password-question.
You can add a private key to the current SSH agent session by running
ssh-add /path/to/key
If you want to remove the passphrase and it annoys you then enter:
ssh-keygen -p
enter the old passphrase and when asks for the new one, just leave it empty.
I now got it working kinda...
At first I uninstalled the ssh package from cygwin since git for windows ships with ssh.
like Holger said I had to add the key to the ssh-agent but from the git bash I was not able to add it. It worked like this:
eval 'ssh-agen.exe'
ssh-add ~/.ssh/id_rsa
After this I was able to push without entering a passphrase.
The only problem got left is that I have to add the key after every system reboot...
ANy ideas how to fix this?
These instructions are for Windows 7 and above.
Create a filename named .bashrc in your home directory (so full file path is C:\Users\XYZ\.bashrc where XYZ is your windows user name
In the file add these two lines. Note: change location of private key file if not at ~/.ssh/id_rsa
eval `ssh-agent`
ssh-add ~/.ssh/id_rsa
Open Git Bash application and you should be prompted with asking for your key's password

Mac Terminal Keeps Asking for Password When Using PPK with SSH

I am attempting to connect to an Amazon EC2 Server via Mac Terminal. I have a PPK file that does not have a password attached to it, but when I try to connect I get a popup box that says "Enter the password for the SSH Private Key."
So we tried creating a PPK that has a password - but it does not accept the password, it still rejects the connection.
I have a Windows user who is able to connect using the same PPK on Putty.
Has anyone experienced this issue?
The mac is looking for a .pem key. The ppk is generated specifically for putty. If you don't have the original ppk key.
Download puttygen.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Then go to conversions -> export OpenSSH key. Save the output as a .pem file and try using that with the mac.
If this doesn't work can you post the command you're running from mac. Its possible you've got some extra parameter or something.
Maybe your problem is with permissions for your key. I know in linux its required to change the permissions.
Taken from the website http://om4.com.au/ssh-rsa-key-pairs-passphrases-leopard/
Clear the contents of your ~/.ssh directory and set the directory permissions to 700 (directories need to be "executable")
$ rm ~/.ssh/*
$ chmod 700 ~/.ssh
Generate your rsa key pair (there are variations for this, but this is the version I used):
$ ssh-keygen -t rsa
Set the permissions for all files in ~/.ssh to 600
$ chmod 600 ~/.ssh
Copy your id_rsa.pub key to your server’s .ssh/authorized_keys file
Add your passphrase to your keychain using this command:
$ ssh-add -K
(you will see Enter passphrase for [your system]/.ssh/id_rsa: )
The error Enter your password for the SSH key x can result from using a key of the wrong format (such as a ppk key) in ssh or sftp. This is because it is interpreted as an encrypted ssh key and so prompts for the passphrase, when actually there is no passphrase.
In OS X I was able to simulate this error by simply typing the following into the command line:
sftp -o IdentityFile=randomtextfile mysftpserver.com
The solution is to convert the file using puttygen as suggested by bwight.
In addition to the other answers, the issue might come from the fact you haven't specified which user you want to connect as.
For example ssh -i francky.pem 208.52.170.43 will ask you for your password on Mac, whereas ssh -i francky.pem root#208.52.170.43 shouldn't. Note that on Linux you don't specify the user.
I was running into the exact same problem in MAC, I found a quite simple way of getting rid of it.
Instead of using ssh -i IP address, use the following>
ssh user#IP
Hope you already found the answer after this long time :)
In my case, the problem was the file's break type. Try this:
1.- Open the .pem file with TextWrangler
2.- At Bottom of app, verify if the Break Type is "Windows(CRLF)".
This issue had me pulling my hair out for 20 min or so. Realized that I was able to connect successfully from another terminal window. In my case I just had to close out the current terminal window and use another or new window. Very strange, but may help you out.

How to prevent that the password to decrypt the private key has to be entered every time when using Git Bash on Windows?

I've an automatic building service which download from a git private repository.
The problem is that when it tries to clone repository it need to provide the password, because it is not remembered; so because there is no human interaction, it waits forever the password.
How can I force it to remember from id_rsa.pub?
For Windows users, just a note that this is how I set up the Git Bash environment to log me in once when I start it up. I edit my ~/.bashrc file:
eval `ssh-agent`
ssh-add
So when I start Git Bash, it looks like:
Welcome to Git (version 1.7.8-preview20111206)
(etc)
Agent pid 3376
Enter passphrase for /c/Users/starmonkey/.ssh/id_dsa:
Identity added: /c/Users/starmonkey/.ssh/id_dsa (/c/Users/starmonkey/.ssh/id_dsa)
And now I can ssh to other servers without logging in every time.
This answer explains how to get the GitHub username and password to be stored permanently, not the SSH key passphrase.
In Windows, just run
$ git config --global credential.helper wincred
This means that the next time you push, you'll enter your username and password as usual, but they'll be saved in Windows credentials. You won't have to enter them again, after that.
As in, Push to GitHub without entering username and password every time (Git Bash on Windows).
I prefer not to have to type my SSH passphrase when opening new terminals; unfortunately starmonkey's solution requires the password to be typed in for every session. Instead, I have this in my .bash_profile file:
# Note: ~/.ssh/environment should not be used, as it
# already has a different purpose in SSH.
env=~/.ssh/agent.env
# Note: Don't bother checking SSH_AGENT_PID. It's not used
# by SSH itself, and it might even be incorrect
# (for example, when using agent-forwarding over SSH).
agent_is_running() {
if [ "$SSH_AUTH_SOCK" ]; then
# ssh-add returns:
# 0 = agent running, has keys
# 1 = agent running, no keys
# 2 = agent not running
ssh-add -l >/dev/null 2>&1 || [ $? -eq 1 ]
else
false
fi
}
agent_has_keys() {
ssh-add -l >/dev/null 2>&1
}
agent_load_env() {
. "$env" >/dev/null
}
agent_start() {
(umask 077; ssh-agent >"$env")
. "$env" >/dev/null
}
if ! agent_is_running; then
agent_load_env
fi
# If your keys are not stored in ~/.ssh/id_rsa or ~/.ssh/id_dsa, you'll need
# to paste the proper path after ssh-add
if ! agent_is_running; then
agent_start
ssh-add
elif ! agent_has_keys; then
ssh-add
fi
unset env
This will remember my passphrase for new terminal sessions as well; I only have to type it in once when I open my first terminal after booting.
I'd like to credit where I got this; it's a modification of somebody else's work, but I can't remember where it came from. Thanks anonymous author!
Update 2019-07-01: I don't think all this is necessary. I now consistently have this working by ensuring my .bash_profile file runs the ssh-agent:
eval $(ssh-agent)
Then I set up an ssh configuration file like this:
touch ~/.ssh/config
chmod 600 ~/.ssh/config
echo 'AddKeysToAgent yes' >> ~/.ssh/config
If I understand the question correctly, you're already using an authorized SSH key in the build service, but you want to avoid having to type the passphrase for every clone?
I can think of two ways of doing this:
If your build service is being started interactively: Before you start the build service, start ssh-agent with a sufficiently long timeout (-t option). Then use ssh-add (msysGit should have those) to add all the private keys you need before you start your build service. You'd still have to type out all the passphrases, but only once per service launch.
If you want to avoid having to type the passphrases out at all, you can always remove the passphrases from the SSH keys, as described in https://serverfault.com/questions/50775/how-do-i-change-my-private-key-passphrase, by setting an empty new passphrase. This should do away with the password prompt entirely, but it is even less secure than the previous option.
When I tried to push my code, I got the below error:
$ git push origin dev
remote: Too many invalid password attempts. Try logging in through the website with your password.
fatal: unable to access 'https://naushadqamar-1#bitbucket.org/xxxx/xxxx-api.git/': The requested URL returned error: 403
After a few hours of research, I found I need to use the below command:
$ git config --global credential.helper cache
After executing the above command, I got the prompt for entering my GitHub username and password. After providing the correct credentials, I am able to push my code.
The right solution is:
Run the Windows default terminal - cmd and get the directory of your master profile
echo %USERPROFILE%
Run Git Bash in the directory above and create the .bashrc file with the command
echo "" > .bashrc
Open the .bashrc file with your favourite text editor and paste code from GitHub Help into that file:
env=~/.ssh/agent.env
...
COPY WHOLE CODE FROM URL - I can't add it to Stack Overflow because it breaks layout... OMG!
Restart Git Bash and it asks you for your password (only first time) and done. No password bothering again.
You need to create the authorized_keys file under the .ssh folder of the user under which you are going to connect to the repository server. For example, assuming you use username buildservice on repo.server you can run:
cd ~buidservice
mkdir ./ssh
cat id_rsa.pub >> .ssh/authorized_keys
Then you have to check the following things:
That corresponding id_rsa private key is presented in builservice#build.server:~/.shh/id_rsa.
That fingerprint of repo.server is stored in the buildservice#build.server:~/.ssh/known_hosts file. Typically that will be done after the first attempt of ssh to connect to the repo.server.

Resources