Geek Answers Handbook

Avoid re-entering the password for each submodule

I have a repo with three submodules. The repo and submodules are on the same server, to which I have access to ssh. Remote URLs:

ssh:// matt@theserver.com /path/to/sub1.git ssh:// matt@theserver.com /path/to/sub2.git ssh:// matt@theserver.com /path/to/sub3.git

If I perform an operation, for example git submodule update --remote , then it asks for my password 3 times.

Is there a way to update submodules but only need a password once? The same goes for changes, etc.

+5
source share
3 answers

One solution might be to add your ssh public key file to the authourized_keys the server file. After that, you will not be given a password.

This is only possible with access to the server.

This is how you do it

  • Copy the public key, which is usually present in ~/.ssh/id_rsa.pub
  • Attach the key to the ~/.ssh/authorized_keys file on your server.

After that, you can connect to the server without a password

+2
source

Credit: this answer started with rjv's answer, although it took me a few more steps to make it work beautifully. Another source of material is linked below.

Background: I am using Cygwin on Windows with a version of git built from source code. I do not use Cygwin git, although this should work the same for this. I am using Cygwin ssh . But the following method should work for unix-like systems.

Introduction

First: it is not possible to "remember" a password between git calls. ( git submodule is a script that calls git once for each submodule here).

However, you can remember the RSA key passphrases using ssh-agent . So the list of steps:

  • Create an RSA key pair for the ssh link.
  • Configure .ssh/config entry for git host
  • Configure ssh-agent to remember the passphrase - or only for the duration of the current command; or for the current shell.

Create RSA Key Pair

If you already have the key in ~/.ssh/id_rsa or else you want to use it, skip this step

  • Create a key pair using ssh-keygen . Use a strong passphrase . For this answer, suppose the files are matt_rsa and matt_rsa.pub . The default file name is id_rsa , etc. However, in this answer I will use a different name so that we can see how to specify the name. This can be useful if you want to use different keys for different hosts.

  • On server:

    • Copy matt_rsa.pub to ~/.ssh
    • Add matt_rsa.pub to ~/.ssh/authorized_keys (creating it if it doesn't exist)

  • On the client:

    • Copy matt_rsa to ~/.ssh and chmod 600 matt_rsa so nobody can read your private key.

At this point, you can verify everything by opening an SSH connection using the regular ssh command, as well as the -i ~/.ssh/matt_rsa .

Configure the entry ~ / .ssh / config

In the ~ / .ssh / config file (creating it if it does not exist), create an entry similar to this:

 Host the_git_host HostName bla.bla.com User matt Port 2222 IdentityFile ~/.ssh/matt_rsa

After completing these steps, you can connect via ssh by simply ssh the_git_host , after which it will offer your passphrase. Link to additional information

In addition, now you can change the git console to use the_git_host , and then it will catch this data from the .ssh/config file!

 $ git remote -v origin ssh:// matt@bla.bla.com :2222/path/to/repo (fetch) origin ssh:// matt@bla.bla.com :2222/path/to/repo (push) $ git remote set-url origin ssh://the_git_host/path/to/repo

At this point, you can do git remote update , and it will use the matt_rsa certificate and request your phrase.

Configure ssh-agent

ssh-agent is a daemon. To run it, you run ssh-agent -s , but this is a bit complicated. He wants to set environment variables so that other programs can communicate with him. However, instead of just installing them, it displays them on the command line. To actually run ssh-agent , you should write:

 eval $(ssh-agent)

which runs ssh-agent and sets environment variables.

To kill it later and clean up the environment, use ssh-agent -k .

Once the agent is running, you remember your passphrase with the command:

 ssh-add ~/.ssh/matt_rsa

which will request a passphrase. If you receive the error message โ€œCould not open connection with your authentication agent,โ€ see here .

Finally, it is a little annoying when you need to enter each time, so you can insert this stone in your .bashrc , which delays authentication until you git :

 ssh-auth() { # Start the SSH agent only if not running [[ -z $(ps | grep ssh-agent) ]] && echo $(ssh-agent) > /tmp/ssh-agent-data.sh # Load the environment variables for ssh-agent source /tmp/ssh-agent-data.sh > /dev/null # Authenticate [[ -z $(ssh-add -l | grep "matt_ptl3_rsa") ]] && ssh-add ~/.ssh/matt_ptl3_rsa } # When a git command is issued, authenticate git() { ssh-auth; command git " $@ " }

This will continue authentication for the rest of the current shell (or until you ssh-agent -k ). To ensure that authentication is performed only for the current command, replace the git() function with:

 gitr() { ssh-auth; command git " $@ "; ssh-agent -k >/dev/null; }

Then use gitr for commands that you know will be remote commands with multiple authentications.

So finally, we can go:

 $ gitr submodule update --remote Enter passphrase for /home/Matt/.ssh/matt_rsa: Identity added: /home/Matt/.ssh/matt_rsa (/home/Matt/.ssh/matt_ptl3_rsa) $
+2
source

A solution requiring much less headache

Another approach is to use the built-in git cache (v 1.7.10 or newer is required), so git will remember your username and password after providing it for the first time.

To enable git cache with default timeout (15 minutes), enter

 git config --global credential.helper cache

To change the default timeout type

 git config --global credential.helper 'cache --timeout=3600'
+1
source

More articles:


All Articles