6

How do I provide passphrase with git fetch/pull in bash script. I really need to do it in a bash script, without using ssh-add or something like that. is it possible?

Hugo y
  • 1,263
  • 9
  • 19
GALIAF95
  • 479
  • 1
  • 7
  • 21
  • Well, it is my belief that git supports HTTP Basic Auth. So if you're happy with it (wouldn't recommend), just authenticate over HTTPS with a URL of the form `https://username:password@hostname/path/to/foo.git`. – 4ae1e1 Dec 08 '15 at 12:04
  • You can also use an empty passphrase to avoid the passphrase prompt - again not recommended as insecure. – choroba Dec 08 '15 at 12:05
  • I think the best way to store key passphrase is using memory. Why don't you want to use ssh agent? – Kadir Dec 08 '15 at 12:07
  • Not sure whether I understood your question correctly. Is it that the access to your repo is done via ssh, but you don't want to enter the password every time? In this case, you could set the environment variable [SSH_ASKPASS](http://paperlined.org/apps/ssh/SSH_ASKPASS.html) to a shell script which writes the password to standard out - provided that you don't mind the security risk which comes with this. – user1934428 Dec 08 '15 at 12:15
  • 1
    If you don't mind to expose your password in this way, there are better [alternatives to SSH_ASKPASS](https://git-scm.com/docs/gitcredentials). – user1934428 Dec 08 '15 at 12:49
  • I mean ssh-key passphrase when I try to fetch repository or pull it. It's not a password for repository. Is there way to give it to git pull/fetch when it asking for passphrase in bash script? – GALIAF95 Dec 08 '15 at 18:17
  • @4ae1e1 Very late comment, but basic auth only works if the password is on the server side. If someone is using a passphrase on an SSH key they use with a remote repo, the passphrase is requited on the client side. That passphrase opens the local client key to be sent to the remote server for authentication. – Giacomo1968 Dec 15 '20 at 14:29

1 Answers1

6

I tryed ssh-agent and solution with SSH_ASKPASS but nothing worked, then I found a solution using http://expect.sourceforge.net/

Example(executed in shell):

pass="passwod"
/usr/bin/expect <<EOD
spawn git fetch origin $BRANCH
expect "Enter passphrase for key '/home/$USERNAME/.ssh/id_rsa': "
send "$pass\r"
expect eof
EOD
GALIAF95
  • 479
  • 1
  • 7
  • 21
  • 1
    This worked lovely for me. My use case is executing a git pull in an enterprise CI setup that is not very flexible, so I need to provide the key passphrase in the CI interface/script. – sofly Jan 09 '18 at 21:07