11

I am using GitHub. I created a repository and cloned it on my Ubuntu machine. I have made an entry in the .netrc file as follows: 

machine https://github.com/xxx/yyy.git
login xxx
xxx

I am expecting that Git will not ask me for the username and password after this entry in the .netrc file. But Git prompts for credentials even after this.

Am I missing something?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Arul Selvam
  • 125
  • 1
  • 1
  • 9
  • Why do you expect such things from git? – ckruczek Jul 24 '15 at 11:19
  • 1
    git by default prompts for username and password every time your make push or pull request. To avoid this you can make an entry in .netrc file. [Link](https://gist.github.com/technoweenie/1072829) – Arul Selvam Jul 24 '15 at 11:25
  • 3
    AFAIK the `machine` should just be the host name, without any protocol or path. So in your case just `github.com`. There is no more fine-grained login definition than on the host name possible with `.netrc`. – sschuberth Nov 29 '21 at 12:40

2 Answers2

12

The ~/.netrc (or %HOME%\_netrc on Windows) file isn't enough.

It is best to use that file encrypted, with gpg + netrc alone, as I did here.

Or to use a script managing the encryption.
You would need, in that second case, to:

  • copy the git-credential-netrc.perl file anywhere in your $PATH/%PATH%,

  • add:

      cd yourRepo
  git config credential.helper "netrc -d -v"

(You can remove -d and -v once it is working: those are debug flags)

  • use your login in the remote URL:

      git set-url origin https://yourLogin@github.com/yourLogin/yourRepo

See "Git - How to use .netrc file on Windows to save user and password" for the general principle of a credential "netrc" helper (Git 1.8.3+).

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I think this is a good solution, but I have some security concerns. You are putting a username and password in a file on your computer which is readable from mostly everybody. Better choice here would be to use a SSH-Key and to put the SSH-Key in the SSH-Agend. – ckruczek Jul 24 '15 at 11:57
  • 2
    @ckruczek I know, and I agree with you! I only use *gpg2 encrypted* _netrc file myself: see http://stackoverflow.com/a/18362082/6309. Same credential helper, but with gpg encryption. – VonC Jul 24 '15 at 11:59
  • Looks like `git-credential-netrc.perl` itself logs the password in plain text to the console... so there's no use in encrypting `.netrc` / `_netrc`, I guess. – sschuberth Nov 29 '21 at 11:23
  • @sschuberth Interesting! I have looked ar https://github.com/git/git/blob/master/contrib/credential/netrc/git-credential-netrc.perl, and did not see a log(password) in there. But these days (2021, 6 years later), I would use GCM-core anyway, rather than netrc, encrypted or not: https://github.com/GitCredentialManager/git-credential-manager (recently renamed GCM: https://github.com/GitCredentialManager/git-credential-manager/pull/542) – VonC Nov 29 '21 at 11:33
  • Looks like the user and password are logged because I used `-v` in `git config credential.helper "netrc -d -v"`. I should have omitted that. – sschuberth Nov 29 '21 at 11:53
  • @sschuberth OK, that makes more sense now. `netrc` with a verbose option is kind of dangerous indeed. – VonC Nov 29 '21 at 11:55
  • BTW, I was pretty sure that at some point in time (and also via the SO link you provide) Git was able to use an *unencrypted* `.netrc` file out of the box, without the need to install `git-credential-netrc.perl`. Am I really mistaken here? – sschuberth Nov 29 '21 at 12:00
  • So, Git uses `git-remote-https` in case of HTTPS,. which in turn is implemented via *libcurl*, which in turn [is configured with `CURL_NETRC_OPTIONAL`](https://github.com/git/git/blob/9d530dc0024503ab4218fe6c4395b8a0aa245478/http.c#L788), so I'd expect (unencrypted) `.netrc` support to work out of the box. – sschuberth Nov 29 '21 at 12:37
  • @sschuberth Sure. You can see me using `netrc` out of the box in a `credential.helper` back in 2013: https://stackoverflow.com/a/18362082/6309. – VonC Nov 29 '21 at 13:09
  • Thanks for confirming. I was confused as your answer says that just having a `.netrc` file isn't enough. – sschuberth Nov 29 '21 at 13:54
  • @sschuberth OK. I have edited the answer to make that clearer. – VonC Nov 29 '21 at 14:15
2

as @sschuberth mentioned removing the protocol http:// or https:// worked for me

MadhuraB
  • 31
  • 3
  • 1
    Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jul 07 '22 at 09:40