Re: How do you save passwords for Git/GitHub?
>> On Thu, 21 Jul 2011 12:06:11 -0500,
>> Jason Hsu <jhsu802701@jasonhsu.com> said:
J> I have a script that uses "git clone" multiple times to download all of
J> the repositories I need for my project Swift Linux. However, I'm asked
J> for my password EVERY TIME the script tries to download a repository. Is
J> there a way to save my password (temporarily) so that I don't have to
J> enter it 20 times?
Do you have TCL and expect installed? If so, expect and autoexpect can
be used to automate just about any interactive process. Here's an example
using a long, random key for your SSH passphrase:
you% cat makekey
#!/bin/ksh
#<makekey: generate nice long passphrase, create SSH keyfiles.
export PATH=/bin:/sbin:/usr/bin
case "$#" in
1) name=$1 ;;
*) echo "need a key filename"; exit 1 ;;
esac
dir="$HOME/.ssh"
test -d "$dir" || { echo "no .ssh directory"; exit 2; }
# Make 64-character password.
set X `dd if=/dev/urandom count=1 2> /dev/null | md5sum`
phrase="$2"
sleep 1
set X `dd if=/dev/urandom count=1 2> /dev/null | md5sum`
phrase="${2}${phrase}"
echo $phrase
# Use it to generate SSH keys.
ssh-keygen -t dsa -b 1024 -f $dir/${name}_dsa -N "$phrase"
ssh-keygen -t rsa -b 1024 -f $dir/${name}_rsa -N "$phrase"
exit 0
you% makekey github
27262a68bd1f633d1702c599f4cd78ad93be2fa7a40a554c15af86a929339df9
Generating public/private dsa key pair.
Your identification has been saved in /home/jhsu/.ssh/github_dsa.
Your public key has been saved in /home/jhsu/.ssh/github_dsa.pub.
The key fingerprint is:
a5:a2:21:82:29:3a:08:d1:bb:e4:38:57:4a:88:cb:bc jhsu@your.host
Generating public/private rsa key pair.
Your identification has been saved in /home/jhsu/.ssh/github_rsa.
Your public key has been saved in /home/jhsu/.ssh/github_rsa.pub.
The key fingerprint is:
ec:ee:45:bd:73:91:47:24:e4:c6:df:a4:17:b6:ea:fd jhsu@your.host
you% ls -lF /home/jhsu/.ssh/github*
-rw------- 1 jhsu jhsu 736 Jul 21 15:17 /home/jhsu/.ssh/github_dsa
-rw-r--r-- 1 jhsu jhsu 621 Jul 21 15:17 /home/jhsu/.ssh/github_dsa.pub
-rw------- 1 jhsu jhsu 951 Jul 21 15:17 /home/jhsu/.ssh/github_rsa
-rw-r--r-- 1 jhsu jhsu 241 Jul 21 15:17 /home/jhsu/.ssh/github_rsa.pub
You've got a nice, long key with plenty of entropy. Here's an expect
script that logs you into a host using that key, after you put the public
keys on that host:
1 #!/usr/local/bin/expect -f
2 # SSH connect to some host with userid "jhsu".
3
4 set timeout -1
5 set stty_init -echo
6 spawn ssh -i /home/jhsu/.ssh/github_dsa -c arcfour example.github.org
7 match_max 100000
8 expect -exact "Enter passphrase for key '/home/jhsu/.ssh/github_dsa':"
9 send -- "27262a68bd1f633d1702c59...\r"
10 expect "\r"
11 stty echo
12 interact
"Expect" sends strings on your behalf and takes different actions depending
on the responses. Running this script will handle starting the connection
and sending your key; if the login is successful, you should get a shell
prompt, or whatever you're used to seeing when you connect.
line 4: disable any automatic timeouts
line 5: disable echoing so the passphrase doesn't show up
line 6: start the SSH connection to the remote host
line 7: don't try to match more than this many characters
line 8: look for an exact host response of "Enter passphrase..."
line 9: then send the key followed by a return
line 10: look for a return (or some string indicating successful login)
line 11: enable echoing
line 12: let expect know that you'll handle any further interaction
Protect this expect script the same way you do your private SSH keys,
for exactly the same reason.
If the interaction here doesn't match what you normally see, use the
autoexpect program to watch over your shoulder while you do a session by
hand, and it will write a script for you.
--
Karl Vogel I don't speak for the USAF or my company
The last thing I want to do is hurt you, but it's still on my list.
Reply to: