1

Every morning I come into work and execute a couple of git commands to bring me up to date with my team. They are as follows:

git remote update
git merge main/master

I use PowerShell as my go-to command line tool, and whenever I enter the first command (git remote update) I get a prompt asking me for my SSH key passphrase:

Enter passphrase for key '/c/Users/myUsername/.ssh/id_rsa':

Usually I would just go ahead and enter this, but I am looking to automate the process using a PowerShell script. What I've done is put my passphrase into a .txt file (not the most secure, but I can address on that once the pipeline works) and I pull it out every time I run the script. But I can't see a way to pass it to the command? Here is my code:

Set-Location C:\path\to\repo
$pass = Get-Content C:\path\to\passphrase.txt -First 1
git remote update
git merge main/master

I expected that once git remote update ran it would prompt me for the passphrase as usual before continuing, and planned to build from there, but it didn't. It just fails with a git error:

git : Permission denied, please try again.
At line:3 char:1
+ git remote update
+ ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Permission denied, please try again.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError

Permission denied, please try again.
Permission denied (publickey,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

How can I pass my passphrase $pass to the git remote update command?

Jack Parkinson
  • 681
  • 11
  • 35
  • 5
    If you end up putting your passphrase into a plain text file, why not just use an SSH key without a passphrase to begin with. Alternatively, you could use ssh-agent to access your key without the need to prompt for the key, or you could use a https URL to your repository which makes Git for Windows store your credentials in the Windows credential store (so you are also not prompted for a password). – poke Jul 21 '17 at 11:04
  • 2
    Having a key without passphrase is just as secure as having the passphrase in plaintext right next to the key. Just remove the passphrase from your key. – 1615903 Jul 21 '17 at 11:09
  • The plan is to improve security at a later date - I'll figure something out once I know that the process is doable. Security *is* a concern, but right now I'm looking to get the thing working and will build from there. – Jack Parkinson Jul 21 '17 at 11:14
  • 1
    The thing you are looking for is called [ssh-agent](https://en.wikipedia.org/wiki/Ssh-agent) and there is a [question how to use it at windows](https://stackoverflow.com/q/18404272/2303202). Though I would say once a day is pretty reasonable frequency to enter your password. – max630 Jul 21 '17 at 11:21
  • You can [add passphrase or remove it](https://serverfault.com/questions/50775/how-do-i-change-my-private-key-passphrase), so you could just remove it for now and set it back later as you set up the proper solution. – max630 Jul 21 '17 at 11:23
  • @max630 I know... it's more of a *remembering* to do it kind of a problem. If I just have the one script to run every morning I'm not going to forget a command. Also, I anticipate the number of daily commands I'm going to have to run to increase significantly in the near future, so it would be nice to have something set up which I can just add to. – Jack Parkinson Jul 21 '17 at 11:26

0 Answers0