If an attacker gains knowledge of your username+password, they can do things like lock you out of your own account, delete your account, permanently delete the repository, etc.Īlternatively - for simplicity and security - you can supply only your username in the URL, so that you will have to type your password every time you git push but you will not have to give your username each time. That would be stealthy and quite hard to notice in practice.)īut revealing your password is worse. But if someone wanted to change your code surreptitiously, they could -amend a previous commit without changing the commit message, and then force push it. (All pushed commits are obviously highly visible on GitHub. Anyone who gains access to your PC can still, for example, make pushes which wreck your repository or - worse - push commits making subtle changes to your code. That's why using an SSH key is the accepted answer.Įven an SSH key is not totally secure. See the password in plain text in the URL Īnyone who gains access to your PC can view your password using git remote show origin. Your ISP, or anyone logging your network accesses, can easily WARNING: This is inherently unsecure because: Note that private repositories on GitHub would also require a username+password for pull and fetch operations, so for a private repository you would not want to use the -push flag. Requiring a username+password only for push operations is the normal setup for public repositories on GitHub. (The question asked in the original post is about git push command only. Assuming that the remote repository is on GitHub and origin is your local name for the remote repository, use this command git remote set-url -push origin -push flag ensures this changes the URL of the repository for the git push command only. If your PC is secure or you don't care about password security, this can be achieved very simply. If you’re using Windows, you can install a helper called “Git Credential Manager for Windows.” This is similar to the “osxkeychain” helper described above, but uses the Windows Credential Store to control sensitive information.You'll need to store the credentials in the Keychain using the Keychain app as well. Running the following on the command line will enable this feature: git config -global credential.helper osxkeychain. This method stores the credentials on disk, and they never expire, but they’re encrypted with the same system that stores HTTPS certificates and Safari auto-fills. If you’re using a Mac, Git comes with an “osxkeychain” mode, which caches credentials in the secure keychain that’s attached to your system account.Secure Saving Indefinitely (OS X and Windows) To set a different timeout, use -timeout (here 5 minutes) git config credential.helper 'cache -timeout=300' Use the git-credential-cache which by default stores the password for 15 minutes. If this is not an acceptable security tradeoff, try git-credential-cache, or find a helper that integrates with secure storage provided by your operating system. Using this helper will store your passwords unencrypted on disk, protected only by filesystem permissions. Which stores your password unencrypted in the file system: You can use the git-credential-store via git config credential.helper store You can change the URL with: git remote set-url origin This section incorporates the answer from Eric P To see your repo URL, run: git remote show origin If you have done the steps above and are still getting the password prompt, make sure your repo URL is in the form opposed to Scp ~/.ssh/id_rsa.pub Set your remote URL to a form that supports SSH 1 If your remote repository is administered by your, you can use this command for example: If your repository is administered by somebody else, give the administrator your id_rsa.pub. Copy the contents of your ~/.ssh/id_rsa.pub into the field labeled 'Key'. If it is a GitHub repository and you have administrative privileges, go to settings and click 'add SSH key'. This step varies, depending on how your remote is set up. Associate the SSH key with the remote repository Here is a walkthrough on putty gen for the above steps 2. (Only works if the commit program is capable of using certificates/private & public ssh keys) Ssh-keygen -t rsa #Press enter for all values Open terminal to create ssh keys: cd ~ #Your home directory
0 Comments
Leave a Reply. |