I'm going to setup a cronjob for git pull changes on my test webserver. But my private key has a password, How could i pass it as argument?
我将在我的测试webserver上为git pull更改设置一个cronjob。但是我的私钥有一个密码,我怎么能把它作为参数传递呢?
git pull something mypassword
I'm willing to use it on a cronjob and I don't want to leave private key without password.
我愿意在cronjob上使用它,而且我不想留下没有密码的私钥。
Thanks
谢谢
4 个解决方案
#1
2
You don't want to leave the private key without a password but you have no problems with storing the password in the cron job description? That seems a bit odd.
您不希望在没有密码的情况下保留私钥,但在cron job description中存储密码没有问题吗?这似乎有点奇怪。
You might be able to do it with ssh-agent (not sure, but search for it), but quite frankly I find it a bit silly.
您可能可以使用ssh-agent(不确定,但是搜索它)来实现它,但坦白地说,我觉得这有点傻。
#2
1
No problem. keychain is what you need. You should be able to find it in your distro. There is a guide for Gentoo Linux.
没有问题。钥匙链是你所需要的。你应该能在你的发行版中找到它。有一个关于Gentoo Linux的指南。
#3
0
What you need is read-only access. To do this via SSH:
您需要的是只读访问。通过SSH实现这一点:
- Create a user at the remote server which has read-only access to the repository path.
- 在远程服务器上创建一个对存储库路径具有只读访问权限的用户。
-
Log in with this user via SSH and verify that you're able to read files (
less /path/to/repo/.git/config) but not write (touch /path/to/repo/.git/configshould fail). - 通过SSH登录此用户,并验证您能够读取文件(少/路径/到/repo/.git/config),但不能写入文件(触摸/路径/到/repo/。git /配置失败)。
- Create an SSH key without a password in a path readable by
cron. - 在cron可读的路径中创建一个没有密码的SSH密钥。
- Enable passwordless login with
ssh-copy-id -i /path/to/passwordless/id.pub cron-user@server.example.com - 使用ssh-copy-id -i /path/to/password /id启用无密码登录。酒吧cron-user@server.example.com
- Add
eval $(ssh-agent); ssh-add /path/to/passwordless/id;at the beginning of the script listed incrontab. - 增加美元eval(ssh-agent);ssh-add /道路/ /无密码/ id;在crontab中列出的脚本的开头。
That should do it.
应该做的。
#4
0
You could make an expect script to provide the password when needed. Something like this:
您可以使用expect脚本在需要时提供密码。是这样的:
#!/usr/bin/expect --
set password ssh-key-password
spawn git pull
expect "Enter passphrase*:" {send "$password\r"}
#1
2
You don't want to leave the private key without a password but you have no problems with storing the password in the cron job description? That seems a bit odd.
您不希望在没有密码的情况下保留私钥,但在cron job description中存储密码没有问题吗?这似乎有点奇怪。
You might be able to do it with ssh-agent (not sure, but search for it), but quite frankly I find it a bit silly.
您可能可以使用ssh-agent(不确定,但是搜索它)来实现它,但坦白地说,我觉得这有点傻。
#2
1
No problem. keychain is what you need. You should be able to find it in your distro. There is a guide for Gentoo Linux.
没有问题。钥匙链是你所需要的。你应该能在你的发行版中找到它。有一个关于Gentoo Linux的指南。
#3
0
What you need is read-only access. To do this via SSH:
您需要的是只读访问。通过SSH实现这一点:
- Create a user at the remote server which has read-only access to the repository path.
- 在远程服务器上创建一个对存储库路径具有只读访问权限的用户。
-
Log in with this user via SSH and verify that you're able to read files (
less /path/to/repo/.git/config) but not write (touch /path/to/repo/.git/configshould fail). - 通过SSH登录此用户,并验证您能够读取文件(少/路径/到/repo/.git/config),但不能写入文件(触摸/路径/到/repo/。git /配置失败)。
- Create an SSH key without a password in a path readable by
cron. - 在cron可读的路径中创建一个没有密码的SSH密钥。
- Enable passwordless login with
ssh-copy-id -i /path/to/passwordless/id.pub cron-user@server.example.com - 使用ssh-copy-id -i /path/to/password /id启用无密码登录。酒吧cron-user@server.example.com
- Add
eval $(ssh-agent); ssh-add /path/to/passwordless/id;at the beginning of the script listed incrontab. - 增加美元eval(ssh-agent);ssh-add /道路/ /无密码/ id;在crontab中列出的脚本的开头。
That should do it.
应该做的。
#4
0
You could make an expect script to provide the password when needed. Something like this:
您可以使用expect脚本在需要时提供密码。是这样的:
#!/usr/bin/expect --
set password ssh-key-password
spawn git pull
expect "Enter passphrase*:" {send "$password\r"}