Configuring Git over SSH to login once

Question

I have cloned my git repository over ssh. So, each time I communicate with the origin master by pushing or pulling, I have to reenter my password. How can I configure git so that I do not need to enter my password multiple times?

Answer 1

Had a similar problem with the GitHub because I was using HTTPS protocol. To check what protocol you're using just run

git config -l

and look at the line starting with remote.origin.url. To switch your protocol

git config remote.origin.url git@github.com:your_username/your_project.git

Answer 2

Try ssh-add, you need ssh-agent to be running and holding your private key

(Ok, responding to the updated question, you first run ssh-keygen to generate a public and private key as Jefromi explained. You put the public key on the server. You should use a passphrase, if you don't you have the equivalent of a plain-text password in your private key. But when you do, then you need as a practical matter ssh-agent as explained below.)

You want to be running ssh-agent in the background as you log in. Once you log in, the idea is to run ssh-add once and only once, in order to give the agent your passphrase, to decode your key. The agent then just sits in memory with your key unlocked and loaded, ready to use every time you ssh somewhere.

All ssh-family commands¹ will then consult the agent and automatically be able to use your private key.

On OSX (err, macOS), GNOME and KDE systems, ssh-agent is usually launched automatically for you. I will go through the details in case, like me, you also have a Cygwin or other windows environment where this most certainly is not done for you.

Start here: man ssh-agent.

There are various ways to automatically run the agent. As the man page explains, you can run it so that it is a parent of all your login session's other processes. That way, the environment variables it provides will automatically be in all your shells. When you (later) invoke ssh-add or ssh both will have access to the agent because they all have the environment variables with magic socket pathnames or whatever.

Alternatively, you can run the agent as an ordinary child, save the environment settings in a file, and source that file in every shell when it starts.

My OSX and Ubuntu systems automatically do the agent launch setup, so all I have to do is run ssh-add once. Try running ssh-add and see if it works, if so, then you just need to do that once per reboot.

My Cygwin system needed it done manually, so I did this in my .profile and I have .bashrc source .profile:

. .agent > /dev/null
ps -p $SSH_AGENT_PID | grep ssh-agent > /dev/null || {
        ssh-agent > .agent
        . .agent > /dev/null
}

The .agent file is created automatically by the script; it contains the environment variables definitions and exports. The above tries to source the .agent file, and then tries to ps(1) the agent. If it doesn't work it starts an agent and creates a new agent file. You can also just run ssh-add and if it fails start an agent.

---

^{1. And even local and remote sudo with the right pam extension.}

Answer 3

If you have cloned using HTTPS (recommended) then:-

git config --global credential.helper cache

and then

git config --global credential.helper 'cache --timeout=2592000'

• timeout=2592000 (30 Days in seconds) to enable caching for 30 days (or whatever suits you).

• Now run a simple git command that requires your username and password.

• Enter your credentials once and now caching is enabled for 30 Days.

• Try again with any git command and now you don't need any credentials.

• For more info:- Caching your GitHub password in Git

Note : You need Git 1.7.10 or newer to use the credential helper. On system restart, we might have to enter the password again.

Update #1:

If you are receiving this error git: 'credential-cache' is not a git command. See 'get --help'

then replace git config --global credential.helper 'cache --timeout=2592000'

with git config --global credential.helper 'store --file ~/.my-credentials'

Update #2:

If you keep getting the prompt of username and password and getting this issue:

Logon failed, use ctrl+c to cancel basic credential prompt.

Reinstalling the latest version of git worked for me.

Update #3:

Password authentication is temporarily disabled as part of a brownout. Please use a personal access token instead.

• Generate Github accessToken
• Unset existing credential cache git config --global --unset credential.helper
• git config --global credential.helper 'store --file ~/.my-credentials'
• Any git command that'll prompt for username & password and enter token instead of password.

Answer 4

This is about configuring ssh, not git. If you haven't already, you should use ssh-keygen (with a blank passphrase) to create a key pair. Then, you copy the public key to the remote destination with ssh-copy-id. Unless you have need of multiple keys (e.g. a more secure one with a passphrase for other purposes) or you have some really weird multiple-identity stuff going on, it's this simple:

ssh-keygen   # enter a few times to accept defaults
ssh-copy-id -i ~/.ssh/id_rsa user@host

Edit: You should really just read DigitalRoss's answer, but: if you use keys with passphrases, you'll need to use ssh-add <key-file> to add them to ssh-agent (and obviously start up an ssh-agent if your distribution doesn't already have one running for you).

Answer 5

Make sure that when you cloned the repository, you did so with the SSH URL and not the HTTPS; in the clone URL box of the repo, choose the SSH protocol before copying the URL. See image below:

Answer 6

Extending Muein's thoughts for those who prefer to edit files directly over running commands in git-bash or terminal.

Go to the .git directory of your project (project root on your local machine) and open the 'config' file. Then look for [remote "origin"] and set the url config as follows:

[remote "origin"]
    #the address part will be different depending upon the service you're using github, bitbucket, unfuddle etc.
    url = git@github.com:<username>/<projectname>.git

Answer 7

I think there are two different things here. The first one is that normal SSH authentication requires the user to put the account's password (where the account password will be authenticated against different methods, depending on the sshd configuration).

You can avoid putting that password using certificates. With certificates you still have to put a password, but this time is the password of your private key (that's independent of the account's password).

To do this you can follow the instructions pointed out by steveth45:

With Public Key Authentication.

If you want to avoid putting the certificate's password every time then you can use ssh-agent, as pointed out by DigitalRoss

The exact way you do this depends on Unix vs Windows, but essentially you need to run ssh-agent in the background when you log in, and then the first time you log in, run ssh-add to give the agent your passphrase. All ssh-family commands will then consult the agent and automatically pick up your passphrase.

Start here: man ssh-agent.

The only problem of ssh-agent is that, on *nix at least, you have to put the certificates password on every new shell. And then the certificate is "loaded" and you can use it to authenticate against an ssh server without putting any kind of password. But this is on that particular shell.

With keychain you can do the same thing as ssh-agent but "system-wide". Once you turn on your computer, you open a shell and put the password of the certificate. And then, every other shell will use that "loaded" certificate and your password will never be asked again until you restart your PC.

Gnome has a similar application, called Gnome Keyring that asks for your certificate's password the first time you use it and then it stores it securely so you won't be asked again.

Answer 8

ssh-keygen -t rsa

When asked for a passphrase ,leave it blank i.e, just press enter. as simple as that!!

Answer 9

Try this from the box you are pushing from

    ssh git@github.com

You should then get a welcome response from github and will be fine to then push.

Answer 10

If you're using github, they have a very nice tutorial that explains it more clearly (at least to me).

http://help.github.com/set-up-git-redirect/

Answer 11

I had to clone a git repo from a server that did not allow login vie ssh key but only with a user/password. I found no way to configure the Git Plugin to use a simple user/password combination so i added the the following shell command as pre-build step on a linux build machine which depends on the tool expect (apt-get install expect):

THIS IS NOT A GOOD WAY OF SOLVING THIS PROBLEM AS YOUR PASSWORD IS SHOWN AS CLEAR TEXT IN THE CONFIGURATION AND LOGS OF THE JENKINS JOB! ONLY USE IT IF THERE IS NO WAY TO CONFIGURE RSA-KEY AUTHENTIFICATION OR OTHER CONFIGURATION POSSIBILITES!

rm -rf $WORKSPACE &&
expect -c 'set timeout -1; spawn git clone USER@MYHOST:/MYPATH/MYREPO.git $WORKSPACE; expect "password:" {send "MYPASSWORD\r"}; expect eof'

Answer 12

I have being trying to avoid typing the passphrase all the time also because i am using ssh on windows. What i did was to modify my .profile file, so that i enter my passphrase one in a particular session. So this is the piece of code:

    SSH_ENV="$HOME/.ssh/environment"

    # start the ssh-agent
    function start_agent {
        echo "Initializing new SSH agent..."
        # spawn ssh-agent
        ssh-agent | sed 's/^echo/#echo/' > "$SSH_ENV"
        echo succeeded
        chmod 600 "$SSH_ENV"
        . "$SSH_ENV" > /dev/null
        ssh-add
    }

    # test for identities
    function test_identities {
        # test whether standard identities have been added to the agent already
        ssh-add -l | grep "The agent has no identities" > /dev/null
        if [ $? -eq 0 ]; then
            ssh-add
            # $SSH_AUTH_SOCK broken so we start a new proper agent
            if [ $? -eq 2 ];then
                start_agent
            fi
        fi
    }

    # check for running ssh-agent with proper $SSH_AGENT_PID
    if [ -n "$SSH_AGENT_PID" ]; then
        ps -fU$USER | grep "$SSH_AGENT_PID" | grep ssh-agent > /dev/null
        if [ $? -eq 0 ]; then
      test_identities
        fi
    # if $SSH_AGENT_PID is not properly set, we might be able to load one from
    # $SSH_ENV
    else
        if [ -f "$SSH_ENV" ]; then
      . "$SSH_ENV" > /dev/null
        fi
        ps -fU$USER | grep "$SSH_AGENT_PID" | grep ssh-agent > /dev/null
        if [ $? -eq 0 ]; then
            test_identities
        else
            start_agent
        fi
    fi

so with this i type my passphrase once in a session..

Answer 13

Add a single line AddKeysToAgent yes on the top of the .ssh/config file. Ofcourse ssh-agent must be running beforehand. If its not running ( check by prep ssh-agent ) , then simply run it eval $(ssh-agent)

Now, the key is loaded systemwide into the memory and you dont have to type in the passphrase again.

The source of the solution is https://askubuntu.com/questions/362280/enter-ssh-passphrase-once/853578#853578

Answer 14

I tried all of these suggestions and more, just so I could git clone from my AWS instance. Nothing worked. I finally cheated out of desperation: I copied the contents of id_rsa.pub on my local machine and appended it to ~/.ssh/known_hosts on my AWS instance.