Is there a way to skip password typing when using https:// on GitHub?

 

I recently switched to synchronising my repositories to https:// on GitHub (due to firewall issues), and it asks for a password every time. It used to be that I had an SSH certificate, and it was enough. Is there a way to bypass the password in my case (using http/https)?

With Git version 1.7.9 and later

Since Git 1.7.9 (released in late January 2012), there is a neat mechanism in Git to avoid having to type your password all the time for HTTP / HTTPS, called credential helpers. (Thanks to dazonic for pointing out this new feature in the comments below.)

With Git 1.7.9 or later, you can just use one of the following credential helpers: 

git config --global credential.helper cache

... which tells Git to keep your password cached in memory for (by default) 15 minutes. You can set a longer timeout with: 

git config --global credential.helper "cache --timeout=3600"

(That example was suggested in the GitHub help page for Linux.) You can also store your credentials permanently if so desired, see the other answers below.

GitHub's help also suggests that if you're on Mac OS X and used Homebrew to install Git, you can use the native Mac OS X keystore with: 

git config --global credential.helper osxkeychain

For Windows, there is a helper called Git Credential Manager for Windows or wincred in msysgit. 

git config --global credential.helper wincred # obsolete

With Git for Windows 2.7.3+ (March 2016): 

git config --global credential.helper manager

For Linux, you can use gnome-keyring (or other keyring implementation such as KWallet).

With Git versions before 1.7.9

With versions of Git before 1.7.9, this more secure option is not available, and you'll need to change the URL that your origin remote uses to include the password in this fashion: 

https://you:password@github.com/you/example.git

... in other words with :password after the username and before the @ .

You can set a new URL for your origin remote with: 

git config remote.origin.url https://you:password@github.com/you/example.git

Make sure that you use https and you should be aware that if you do this, your GitHub password will be stored in plaintext in your .git directory, which is obviously undesirable.

With any Git version (well, since version 0.99)

An alternative approach is to put your username and password in your ~/.netrc file, although, as with keeping the password in the remote URL, this means that your password will be stored on the disk in plain text and is thus less secure and not recommended. However, if you want to take this approach, add the following line to your ~/.netrc : 

machine <hostname> login <username> password <password>

... replacing <hostname> with the server's hostname, and <username> and <password> with your username and password. Also remember to set restrictive file system permissions on that file: 

chmod 600 ~/.netrc

Note that on Windows, this file should be called _netrc , and you may need to define the %HOME% environment variable - for more details see:

  • Git - How to use .netrc file on windows to save user and password

    • You can also have Git store your credentials permanently using the following: 

    git config credential.helper store

    Note: While this is convenient, Git will store your credentials in clear text in a local file (.git-credentials) under your project directory (see below for the "home" directory). If you don't like this, delete this file and switch to using the cache option.

    If you want Git to resume to asking you for credentials every time it needs to connect to the remote repository, you can run this command: 

    git config --unset credential.helper

    To store the passwords in .git-credentials in your %HOME% directory as opposed to the project directory: use the --global flag 

    git config --global credential.helper store

    TLDR; Use an encrypted netrc file with Git 1.8.3+ .

    Saving a password for a Git repository HTTPS URL is possible with a ~/.netrc (Unix) or %HOME%/_netrc (note the _ ) on Windows.

    But : That file would store your password in plain text.

    Solution : Encrypt that file with GPG (GNU Privacy Guard), and make Git decrypt it each time it needs a password (for push / pull / fetch / clone operation).

    Step-by-Step instructions for Windows

    With Windows:

    (Git has a gpg.exe in its distribution, but using a full GPG installation includes a gpg-agent.exe , which will memorize your passphrase associated to your GPG key.)

  • Install gpg4Win Lite , the minimum gnupg command-line interface (take the most recent gpg4win-vanilla-2.XY-betaZZ.exe ), and complete your PATH with the GPG installation directory: 

    set PATH=%PATH%:C:pathtogpg
copy C:pathtogpggpg2.exe C:pathtogpggpg.exe

    • (Note the ' copy ' command: Git will need a Bash script to execute the command ' gpg '. Since gpg4win-vanilla-2 comes with gpg2.exe , you need to duplicate it.)

  • Create or import a GPG key, and trust it: 

    gpgp --import aKey
# or
gpg --gen-key

    • (Make sure to put a passphrase to that key.)

  • Trust that key

  • Install the credential helper script in a directory within your %PATH% : 

    cd c:afodlerinyourpath
curl -o c:prgsbingit-credential-netrc https://raw.githubusercontent.com/git/git/master/contrib/credential/netrc/git-credential-netrc

    • (Yes, this is a Bash script, but it will work on Windows since it will be called by Git.)

  • Make a _netrc file in clear text 

    machine a_server.corp.com
login a_login
password a_password
protocol https

machine a_server2.corp.com
login a_login2
password a_password2
protocol https

    • (Don't forget the ' protocol ' part: ' http ' or ' https ' depending on the URL you will use.)

  • Encrypt that file: 

    gpg -e -r a_recipient _netrc

    • (You now can delete the _netrc file, keeping only the _netrc.gpg encrypted one.)

  • Use that encrypted file: 

    git config --local credential.helper "netrc -f C:/path/to/_netrc.gpg -v"

    • (Note the ' / ': C:pathto... wouldn't work at all.) (You can use at first -v -d to see what is going on.)

    From now on, any Git command using an HTTP(S) URL which requires authentication will decrypt that _netrc.gpg file and use the login/password associated to the server you are contacting. The first time, GPG will ask you for the passphrase of your GPG key, to decrypt the file. The other times, the gpg-agent launched automatically by the first GPG call will provide that passphrase for you.

    That way, you can memorize several URLs/logins/passwords in one file, and have it stored on your disk encrypted.
    I find it more convenient than a "cache" helper", where you need to remember and type (once per session) a different password for each of your remote services, for said password to be cached in memory.

    链接地址: http://www.djcxy.com/p/3760.html

    上一篇: 具有摘要式身份验证的Glassfish JDBC领域

    下一篇: 在GitHub上使用https://时,有没有办法跳过密码输入?