Git .netrc file authentication issue

Asked 24/7, 2015 at 11:18 Answered 20/5 at 15:37

I am using GitHub. I created a repository and cloned it on my Ubuntu machine. I have made an entry in the .netrc file as follows:

machine https://github.com/xxx/yyy.git
login xxx
xxx

I am expecting that Git will not ask me for the username and password after this entry in the .netrc file. But Git prompts for credentials even after this.

Am I missing something?

Fake answered 24/7, 2015 at 11:18 Comment(3)

Why do you expect such things from git? – Airliner 24/7, 2015 at 11:19

git by default prompts for username and password every time your make push or pull request. To avoid this you can make an entry in .netrc file. Link – Fake 24/7, 2015 at 11:25

AFAIK the machine should just be the host name, without any protocol or path. So in your case just github.com. There is no more fine-grained login definition than on the host name possible with .netrc. – Conchiolin 29/11, 2021 at 12:40

The ~/.netrc (or %HOME%\_netrc on Windows) file isn't enough.

It is best to use that file encrypted, with gpg + netrc alone, as I did here.

Or to use a script managing the encryption.
You would need, in that second case, to:

copy the git-credential-netrc.perl file anywhere in your $PATH/%PATH%,

add:

  cd yourRepo
  git config credential.helper "netrc -d -v"

(You can remove -d and -v once it is working: those are debug flags)

use your login in the remote URL:

  git set-url origin https://[email protected]/yourLogin/yourRepo

See "Git - How to use .netrc file on Windows to save user and password" for the general principle of a credential "netrc" helper (Git 1.8.3+).

Tabina answered 24/7, 2015 at 11:37 Comment(11)

I think this is a good solution, but I have some security concerns. You are putting a username and password in a file on your computer which is readable from mostly everybody. Better choice here would be to use a SSH-Key and to put the SSH-Key in the SSH-Agend. – Airliner 24/7, 2015 at 11:57

@Airliner I know, and I agree with you! I only use gpg2 encrypted _netrc file myself: see https://mcmap.net/q/13187/-is-there-a-way-to-cache-https-credentials-for-pushing-commits. Same credential helper, but with gpg encryption. – Tabina 24/7, 2015 at 11:59

Looks like git-credential-netrc.perl itself logs the password in plain text to the console... so there's no use in encrypting .netrc / _netrc, I guess. – Conchiolin 29/11, 2021 at 11:23

@Conchiolin Interesting! I have looked ar github.com/git/git/blob/master/contrib/credential/netrc/…, and did not see a log(password) in there. But these days (2021, 6 years later), I would use GCM-core anyway, rather than netrc, encrypted or not: github.com/GitCredentialManager/git-credential-manager (recently renamed GCM: github.com/GitCredentialManager/git-credential-manager/pull/542) – Tabina 29/11, 2021 at 11:33

Looks like the user and password are logged because I used -v in git config credential.helper "netrc -d -v". I should have omitted that. – Conchiolin 29/11, 2021 at 11:53

@Conchiolin OK, that makes more sense now. netrc with a verbose option is kind of dangerous indeed. – Tabina 29/11, 2021 at 11:55

BTW, I was pretty sure that at some point in time (and also via the SO link you provide) Git was able to use an unencrypted .netrc file out of the box, without the need to install git-credential-netrc.perl. Am I really mistaken here? – Conchiolin 29/11, 2021 at 12:0

So, Git uses git-remote-https in case of HTTPS,. which in turn is implemented via libcurl, which in turn is configured with CURL_NETRC_OPTIONAL, so I'd expect (unencrypted) .netrc support to work out of the box. – Conchiolin 29/11, 2021 at 12:37

@Conchiolin Sure. You can see me using netrc out of the box in a credential.helper back in 2013: https://mcmap.net/q/13187/-is-there-a-way-to-cache-https-credentials-for-pushing-commits. – Tabina 29/11, 2021 at 13:9

Thanks for confirming. I was confused as your answer says that just having a .netrc file isn't enough. – Conchiolin 29/11, 2021 at 13:54

@Conchiolin OK. I have edited the answer to make that clearer. – Tabina 29/11, 2021 at 14:15

as @sschuberth mentioned removing the protocol http:// or https:// worked for me

Minimalist answered 7/7, 2022 at 7:0 Comment(1)

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. – Hepta 7/7, 2022 at 9:40

I was having the same issue when it was asking for a username and password constantly after my token expired, so what I had to do was write new .netrc file from scratch with the new token and overwrite the old one. after that, it worked just fine and this was on Ubuntu 22.04.3 LTS

Pucida answered 10/1 at 15:46 Comment(0)

I am a person who has spent about a week solving this problem. If you have everything installed correctly:

all environment variables will be set,
you won't have anything superfluous in git config

but the problem remains, perhaps my method will help you. The _netrc file must be ASCII encoded. You can download notepad and convert it to ANSI. The problem is that many editors (even standard Windows ones) use a completely different format according to the standard.

Partiality answered 20/5 at 15:37 Comment(0)

Recommended topics

Hot tags