GitPython and SSH Keys?

Question

How can I use GitPython along with specific SSH Keys?

The documentation isn't very thorough on that subject. The only thing I've tried so far is Repo(path).

Vijay Katam · Answer 1 · 2017-02-03T00:15:41.577

14

Following worked for me on gitpython==2.1.1

import os
from git import Repo
from git import Git

git_ssh_identity_file = os.path.expanduser('~/.ssh/id_rsa')
git_ssh_cmd = 'ssh -i %s' % git_ssh_identity_file

with Git().custom_environment(GIT_SSH_COMMAND=git_ssh_cmd):
     Repo.clone_from('git@....', '/path', branch='my-branch')

edited Feb 03 '17 at 00:15

answered Dec 20 '16 at 22:57

Vijay Katam

1,251
1
9
8

What is the variable 'git' in this example? – Ben DeMott Jan 31 '17 at 21:19
You mean git@? That is the repo url, for example git@github.com:django/django.git – Vijay Katam Feb 01 '17 at 23:27
The line ``with git.custom_environment(GIT_SSH_COMMAND=git_ssh_cmd):`` ... what is **git** ? There is no variable or import that defines git in your code snippet. – Ben DeMott Feb 01 '17 at 23:35
It was a typo, should have been Git(). Fixed – Vijay Katam Feb 03 '17 at 00:17
This doesn't seem to work for me. I don't know but I think its having issue with adding the private key in the "os.path.expanduser(...)" step. Is there anyway i can verify the add is successful? – ozn Jan 24 '19 at 01:02
This doesn't work in the case of `clone_from`. Check my answer below for a working version. – Shadi Aug 09 '19 at 13:55
Source in GitPython docs. [Handling Remotes](https://gitpython.readthedocs.io/en/stable/tutorial.html#handling-remotes). At least as at GitPython==3.0.2 – lukik Oct 07 '19 at 15:14
https://github.com/gitpython-developers/GitPython/issues/339. This the GIT_SSH_COMMAND configt won't work for the clone_from() function. – 3lokh Nov 26 '19 at 09:09
@ozn `os.path.expanduser(...)` returns a filename, a string. `add` - no, GitPython just passed it as argument to git executable. – asuka Dec 07 '20 at 17:24

Byron · Accepted Answer · 2015-02-04T06:50:53.660

11

Please note that all of the following will only work in GitPython v0.3.6 or newer.

You can use the GIT_SSH environment variable to provide an executable to git which will call ssh in its place. That way, you can use any kind of ssh key whenever git tries to connect.

This works either per call using a context manager ...

ssh_executable = os.path.join(rw_dir, 'my_ssh_executable.sh')
with repo.git.custom_environment(GIT_SSH=ssh_executable):
    repo.remotes.origin.fetch()

... or more persistently using the set_environment(...) method of the Git object of your repository:

old_env = repo.git.update_environment(GIT_SSH=ssh_executable)
# If needed, restore the old environment later
repo.git.update_environment(**old_env)

As you can set any amount of environment variables, you can use some to pass information along to your ssh-script to help it pick the desired ssh key for you.

More information about the becoming of this feature (new in GitPython v0.3.6) you will find in the respective issue.

edited Feb 04 '15 at 06:50

answered Feb 03 '15 at 06:12

Byron

3,203
1
21
32

3

Have to admit that I'm struggling with this as well. I'd really rather not write a custom SSH script. Is there any way to just identify the key to use? I'm new-ish to Python and the tutorial/API just aren't quite getting me where I need to be to get this working. Thanks. – Rob Wilkerson Mar 01 '15 at 03:20
Turns out, starting with git 2.3, this is pretty much built-in. Using the new GIT_SSH_COMMAND, you can specify the ssh -i ... command now directly, rather than relying on an external script. – Byron Mar 01 '15 at 05:18
1

Thanks. The following isn't working for me. What am I missing (formatting sucks in comments, but hopefully you get the idea)? `with git_project.git.custom_environment(GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa git@bitbucket.org'): git_project.remotes.origin.push(git_project.heads.master)`. If I add the `-T` option and execute from the command line, I logged in as expected. Formatting issue in my Python code? – Rob Wilkerson Mar 01 '15 at 16:43
Note that I added the `git@bitbucket.org` after an attempt without it also failed. Desperation trial & error, I guess. :-) – Rob Wilkerson Mar 01 '15 at 16:57
Unfortunately I lack personal experience with these environment variables. Maybe it's worth adding a new question that is specific to your particular problem. – Byron Mar 02 '15 at 08:34
You also shouldn't have to supply the hostname, so try omitting the `git@bitbucket.org`. – jonny Mar 02 '15 at 19:14
2

I don't understand what to do here... where do I put the path to my ssh key? – Anentropic Mar 27 '19 at 23:09

score 5 · Answer 3 · answered Aug 09 '19 at 13:54

5

In case of a clone_from in GitPython, the answer by Vijay doesn't work. It sets the git ssh command in a new Git() instance but then instantiates a separate Repo call. What does work is using the env argument of clone_from, as I learned from here:

Repo.clone_from(url, repo_dir, env={"GIT_SSH_COMMAND": 'ssh -i /PATH/TO/KEY'})

answered Aug 09 '19 at 13:54

Shadi

7,343
3
34
58

This approach doesn't work for me. Any updates on this? – ZKDev Feb 26 '20 at 08:13
1

What did you try? – Shadi Feb 26 '20 at 11:11

score 5 · Answer 4 · answered Nov 26 '19 at 09:08

I'm on GitPython==3.0.5 and the below worked for me.

from git import Repo
from git import Git    
git_ssh_identity_file = os.path.join(os.getcwd(),'ssh_key.key')
git_ssh_cmd = 'ssh -i %s' % git_ssh_identity_file
Repo.clone_from(repo_url, os.path.join(os.getcwd(), repo_name),env=dict(GIT_SSH_COMMAND=git_ssh_cmd))

Using repo.git.custom_environment to set the GIT_SSH_COMMAND won't work for the clone_from function. Reference: https://github.com/gitpython-developers/GitPython/issues/339

score 3 · Answer 5 · answered Mar 28 '19 at 15:51

I've found this to make things a bit more like the way git works in the shell by itself.

import os
from git import Git, Repo

global_git = Git()
global_git.update_environment(
    **{ k: os.environ[k] for k in os.environ if k.startswith('SSH') }
)

It basically is copying the SSH environment variables to GitPython's "shadow" environment. It then uses the common SSH-AGENT authentication mechanisms so you don't have to worry about specifying exactly which key it is.

For a quicker alternative which carries probably a lot of cruft with it, but it works too:

import os
from git import Git

global_git = Git()
global_git.update_environment(**os.environ)

That mirrors your entire environment, more like the way a subshell works in bash.

Either way, any future call to create a repo or clone picks up the 'adjusted' environment and does the standard git authentication.

No shim scripts necessary.

score 0 · Answer 6 · answered Apr 06 '21 at 11:53

With Windows be careful where you place the quotes. Say you have

git.Repo.clone_from(bb_url, working_dir, env={"GIT_SSH_COMMAND": git_ssh_cmd})

then this works:

git_ssh_cmd = f'ssh -p 6022 -i "C:\Users\mwb\.ssh\id_rsa_mock"'

but this does not:

git_ssh_cmd = f'ssh -p 6022 -i C:\Users\mwb\.ssh\id_rsa_mock'

Reason:

https://github.com/git-lfs/git-lfs/issues/3131

https://github.com/git-lfs/git-lfs/issues/1895

GitPython and SSH Keys?

6 Answers6

Linked