I know how to provide a username and password to an HTTPS request like this:
git clone https://username:password@remote
But I'd like to know how to provide a username and password to the remote like this:
git clone [email protected]
I've tried like this:
git clone username:password@[email protected]
git clone git@username:[email protected]
git clone [email protected]@username:password
But they haven't worked.
This question is related to
git
This is an excellent Stack Overflow question, and the answers have been very instructive, such that I was able to resolve an annoying problem I ran into recently.
The organization that I work for uses Atlassian's BitBucket
product (not Github), essentially their version of GitHub so that repositories can be secured completely on premise. I was running into a similar problem as @coordinate, in that my password was required for a new repository I checked out. My credentials had been saved globally for all BitBucket
projects, so I'm not sure what prompted the loss of credentials.
In short, I was able to enter the following GIT command (supplying only my username), which then prompted Git's Credential Manager to prompt me for the password, which I was then able to save.
git clone https://[email protected]/git/[organization]/[team]/[repository.git]
NOTE: the bracketed directory sub-paths simply refer to internal references, and will vary for you!
If you're using http/https
and you're looking to FULLY AUTOMATE the process without requiring any user input or any user prompt at all (for example: inside a CI/CD pipeline), you may use the following approach leveraging git credential.helper
GIT_CREDS_PATH="/my/random/path/to/a/git/creds/file"
# Or you may choose to not specify GIT_CREDS_PATH at all.
# See https://git-scm.com/docs/git-credential-store#FILES for the defaults used
git config --global credential.helper "store --file ${GIT_CREDS_PATH}"
echo "https://alice:${ALICE_GITHUB_PASSWORD}@github.com" > ${GIT_CREDS_PATH}
where you may choose to set the ALICE_GITHUB_PASSWORD
environment variable from a previous shell command or from your pipeline config etc.
Remember that "store" based git-credential-helper stores passwords & values in plain-text. So make sure your token/password has very limited permissions.
Now simply use https://[email protected]/my_repo.git wherever your automated system needs to fetch the repo - it will use the credentials for alice
in github.com
as store by git-credential-helper.
The user@host:path/to/repo
format tells Git to use ssh to log in to host
with username user
. From git help clone
:
An alternative scp-like syntax may also be used with the ssh protocol:
[user@]host.xz:path/to/repo.git/
The part before the @
is the username, and the authentication method (password, public key, etc.) is determined by ssh, not Git. Git has no way to pass a password to ssh, because ssh might not even use a password depending on the configuration of the remote server.
ssh-agent
to avoid typing passwords all the timeIf you don't want to type your ssh password all the time, the typical solution is to generate a public/private key pair, put the public key in your ~/.ssh/authorized_keys
file on the remote server, and load your private key into ssh-agent
. Also see Configuring Git over SSH to login once, GitHub's help page on ssh key passphrases, gitolite's ssh documentation, and Heroku's ssh keys documentation.
If you have multiple accounts at a place like GitHub or Heroku, you'll have multiple ssh keys (at least one per account). To pick which account you want to log in as, you have to tell ssh which private key to use.
For example, suppose you had two GitHub accounts: foo
and bar
. Your ssh key for foo
is ~/.ssh/foo_github_id
and your ssh key for bar
is ~/.ssh/bar_github_id
. You want to access [email protected]:foo/foo.git
with your foo
account and [email protected]:bar/bar.git
with your bar
account. You would add the following to your ~/.ssh/config
:
Host gh-foo
Hostname github.com
User git
IdentityFile ~/.ssh/foo_github_id
Host gh-bar
Hostname github.com
User git
IdentityFile ~/.ssh/bar_github_id
You would then clone the two repositories as follows:
git clone gh-foo:foo/foo.git # logs in with account foo
git clone gh-bar:bar/bar.git # logs in with account bar
Some services provide HTTP access as an alternative to ssh:
GitHub:
https://username:[email protected]/username/repository.git
Gitorious:
https://username:[email protected]/project/repository.git
Heroku: See this support article.
WARNING: Adding your password to the clone URL will cause Git to store your plaintext password in .git/config
. To securely store your password when using HTTP, use a credential helper. For example:
git config --global credential.helper cache
git config --global credential.https://github.com.username foo
git clone https://github.com/foo/repository.git
The above will cause Git to ask for your password once every 15 minutes (by default). See git help credentials
for details.
git config --global core.askpass
Run this first before cloning the same way, should be fixed!
I prefer to use GIT_ASKPASS environment for providing HTTPS credentials to git.
Provided that login and password are exported in USR
and PSW
variables, the following script does not leave traces of password in history and disk + it is not vulnerable to special characters in the password:
GIT_ASKPASS=$(mktemp) && chmod a+rx $GIT_ASKPASS && export GIT_ASKPASS
cat > $GIT_ASKPASS <<'EOF'
#!/bin/sh
exec echo "$PSW"
EOF
git clone https://${USR}@example.com/repo.git
Note single quotes around heredoc marker 'EOF'
which means that temporary script holds literally $PSW
characters, not the password
In the comments of @Bassetassen's answer, @plosco mentioned that you can use git clone https://<token>@github.com/username/repository.git
to clone from GitHub at the very least. I thought I would expand on how to do that, in case anyone comes across this answer like I did while trying to automate some cloning.
GitHub has a very handy guide on how to do this, but it doesn't cover what to do if you want to include it all in one line for automation purposes. It warns that adding the token to the clone URL will store it in plaintext in .git/config
. This is obviously a security risk for almost every use case, but since I plan on deleting the repo and revoking the token when I'm done, I don't care.
GitHub has a whole guide here on how to get a token, but here's the TL;DR.
Same as the command @plosco gave, git clone https://<token>@github.com/<username>/<repository>.git
, just replace <token>
, <username>
and <repository>
with whatever your info is.
If you want to clone it to a specific folder, just insert the folder address at the end like so: git clone https://<token>@github.com/<username>/<repository.git> <folder>
, where <folder>
is, you guessed it, the folder to clone it to! You can of course use .
, ..
, ~
, etc. here like you can elsewhere.
Not all of this may be necessary, depending on how sensitive what you're doing is.
rm -rf <folder>
.git remote remove origin
or just remove the token by running git remote set-url origin https://github.com/<username>/<repository.git>
.Note that I'm no pro, so the above may not be secure in the sense that no trace would be left for any sort of forensic work.
Follow this arguments to replace with ur special cases if they are creating an issue:
! # $ & ' ( ) * + , / : ; = ? @ [ ]
%21 %23 %24 %26 %27 %28 %29 %2A %2B %2C %2F %3A %3B %3D %3F %40 %5B %5D
So for example-
actual URL: https://usern@me:p@ssword@git/reponame.git
Solution URL to use: https://usern%40me:p%40ssword@git/reponame.git
Though there are many answers, myself facing the repeated issue when username or password has special characters in it.
URL encode your username and password for git, then use it as part of URL itself (when there is no security concern).
Say, URL encoded value of username
'user+1' is user%2B1
and URL encoded value of password
'Welcome@1234' is Welcome%401234
Then your GIT Clone URL would look like,
git clone https://user%2B1:Welcome%401234@actual-git-url-for-the-repo
works perfectly, whereas,git clone https://user+1:Welcome@1234@actual-git-url-for-the-repo gives you 403 errors
Hope this helps.
Just in case, want to URL encode online: https://www.urlencoder.org/
Source: Stackoverflow.com