Configuring Git over SSH to login once
Had a similar problem with the GitHub because I was using HTTPS protocol. To check what protocol you're using just run
git config -l
and look at the line starting with remote.origin.url
. To switch your protocol
git config remote.origin.url [email protected]:your_username/your_project.git
Try ssh-add
, you need ssh-agent
to be running and holding your private key
(Ok, responding to the updated question, you first run ssh-keygen
to generate a public and private key as Jefromi explained. You put the public key on the server. You should use a passphrase, if you don't you have the equivalent of a plain-text password in your private key. But when you do, then you need as a practical matter ssh-agent
as explained below.)
You want to be running ssh-agent
in the background as you log in. Once you log in, the idea is to run ssh-add
once and only once, in order to give the agent your passphrase, to decode your key. The agent then just sits in memory with your key unlocked and loaded, ready to use every time you ssh somewhere.
All ssh-family commands1 will then consult the agent and automatically be able to use your private key.
On OSX (err, macOS), GNOME and KDE systems, ssh-agent
is usually launched automatically for you. I will go through the details in case, like me, you also have a Cygwin or other windows environment where this most certainly is not done for you.
Start here: man ssh-agent
.
There are various ways to automatically run the agent. As the man page explains, you can run it so that it is a parent of all your login session's other processes. That way, the environment variables it provides will automatically be in all your shells. When you (later) invoke ssh-add
or ssh
both will have access to the agent because they all have the environment variables with magic socket pathnames or whatever.
Alternatively, you can run the agent as an ordinary child, save the environment settings in a file, and source that file in every shell when it starts.
My OSX and Ubuntu systems automatically do the agent launch setup, so all I have to do is run ssh-add
once. Try running ssh-add
and see if it works, if so, then you just need to do that once per reboot.
My Cygwin system needed it done manually, so I did this in my .profile
and I have .bashrc
source .profile
:
. .agent > /dev/null
ps -p $SSH_AGENT_PID | grep ssh-agent > /dev/null || {
ssh-agent > .agent
. .agent > /dev/null
}
The .agent
file is created automatically by the script; it contains the environment variables definitions and exports. The above tries to source the .agent file, and then tries to ps(1)
the agent. If it doesn't work it starts an agent and creates a new agent file. You can also just run ssh-add
and if it fails start an agent.
1. And even local and remote
sudo
with the right pam extension.If you have cloned using HTTPS (recommended) then:-
git config --global credential.helper cache
and then
git config --global credential.helper 'cache --timeout=2592000'
-
timeout=2592000 (30 Days in seconds) to enable caching for 30 days (or whatever suits you).
-
Now run a simple git command that requires your username and password.
-
Enter your credentials once and now caching is enabled for 30 Days.
-
Try again with any git command and now you don't need any credentials.
-
For more info:- Caching your GitHub password in Git
Note : You need Git 1.7.10 or newer to use the credential helper. On system restart, we might have to enter the password again.
Update #1:
If you are receiving this error git: 'credential-cache' is not a git command. See 'get --help'
then replace git config --global credential.helper 'cache --timeout=2592000'
with git config --global credential.helper 'store --file ~/.my-credentials'
Update #2:
If you keep getting the prompt of username and password and getting this issue:
Logon failed, use ctrl+c to cancel basic credential prompt.
Reinstalling the latest version of git worked for me.
Update #3:
Password authentication is temporarily disabled as part of a brownout. Please use a personal access token instead.
- Generate Github accessToken
- Unset existing credential cache
git config --global --unset credential.helper
git config --global credential.helper 'store --file ~/.my-credentials'
- Any git command that'll prompt for
username
&password
and enter token instead of password.
This is about configuring ssh, not git. If you haven't already, you should use ssh-keygen
(with a blank passphrase) to create a key pair. Then, you copy the public key to the remote destination with ssh-copy-id
. Unless you have need of multiple keys (e.g. a more secure one with a passphrase for other purposes) or you have some really weird multiple-identity stuff going on, it's this simple:
ssh-keygen # enter a few times to accept defaults
ssh-copy-id -i ~/.ssh/id_rsa user@host
Edit:
You should really just read DigitalRoss's answer, but: if you use keys with passphrases, you'll need to use ssh-add <key-file>
to add them to ssh-agent
(and obviously start up an ssh-agent
if your distribution doesn't already have one running for you).