发表新帖
发表新帖

How do I avoid the specification of the username and password at every git push?

前端 未结
关注
18 1779
我在风中等你
我在风中等你 2020-11-28 00:02

I git push my work to a remote Git repository.

Every push will prompt me to input username and password. I would

18条回答
  • 悲&欢浪女
    悲&欢浪女 (楼主)
    2020-11-28 00:39

    If your PC is secure or you don't care about password security, this can be achieved very simply. Assuming that the remote repository is on GitHub and origin is your local name for the remote repository, use this command

    git remote set-url --push origin https://:@github.com/

    The --push flag ensures this changes the URL of the repository for the git push command only. (The question asked in the original post is about git push command only. Requiring a username+password only for push operations is the normal setup for public repositories on GitHub . Note that private repositories on GitHub would also require a username+password for pull and fetch operations, so for a private repository you would not want to use the --push flag ...)

    WARNING: This is inherently unsecure because:

    1. your ISP, or anyone logging your network accesses, can easily see the password in plain text in the URL;

    2. anyone who gains access to your PC can view your password using git remote show origin.

    That's why using an SSH key is the accepted answer.

    Even an SSH key is not totally secure. Anyone who gains access to your PC can still, for example, make pushes which wreck your repository or - worse - push commits making subtle changes to your code. (All pushed commits are obviously highly visible on GitHub. But if someone wanted to change your code surreptitiously, they could --amend a previous commit without changing the commit message, and then force push it. That would be stealthy and quite hard to notice in practice.)

    But revealing your password is worse. If an attacker gains knowledge of your username+password, they can do things like lock you out of your own account, delete your account, permanently delete the repository, etc.

    Alternatively - for simplicity and security - you can supply only your username in the URL, so that you will have to type your password every time you git push but you will not have to give your username each time. (I quite like this approach, having to type the password gives me a pause to think each time I git push, so I cannot git push by accident.)

    git remote set-url --push origin https://@github.com/

    0 讨论(0)
 看不清?
提交回复
热议问题