Avoiding password prompts for git when no ssh public/private keys set for remote repository

Question

Customer gave me access to some of their git repositories. However, along with the account name I was given a ssh password which seems to imply the rather unconventional expectation to not have public/private key authentication option available. It is taxing to have to dig out and copy-paste the password to the prompt whenever I access the remote git server. Is there a way to store the password in the configuration so I do not need to do this?

The help for git clone lists different URL formats for ssh, but does not specify how to add password to this. I added a remote with the URL format of ssh:${username}:${password}@${hostname} but it interpreted ${username}:${password} as the username.

Answer 1

The best option is to educate the customer about ssh key-based authentication.

That said, if you have to use a password:

Rather than writing an expect script, you can use sshpass to automatically enter the ssh password. There are a number of ways to provide the password to sshpass; for example, you can set the SSHPASS environment variable, in which case your command line would look like:

sshpass -e git clone ...
sshpass -e git push ...

Etc.

You write a wrapper script to avoid having to type out the sshpass command line every time. For example, put the following in sgit somewhere in your $PATH:

#!/bin/sh

exec sshpass -e git "$@"

Now, assuming that you have set SSHPASS, you can run:

sgit clone ...
sgit push ...

If you didn't want to store the password in an environment variable, you could instead store it in your local keyring (assuming you're using Gnome) using secret-tool. In this case, the wrapper script might look something like:

#!/bin/sh

exec sshpass -d4 git "$@" 4< <(secret-tool lookup git customer)

This assumes you've previously stored the password using secret-tool store --label "Some descriptive label" git customer.