I have cloned my git repository over ssh. So, each time I communicate with the origin master by pushing or pulling, I have to reenter my passphrase. How can I configure git so that I do not need to enter my passphrase multiple times?
Update: I should have said "password" instead of "passphrase".
This is about configuring ssh, not git. If you haven't already, you should use ssh-keygen (with a blank passphrase) to create a key pair. Then, you copy the public key to the remote destination with ssh-copy-id. Unless you have need of multiple keys (e.g. a more secure one with a passphrase for other purposes) or you have some really weird multiple-identity stuff going on, it's this simple:
ssh-keygen # enter a few times to accept defaults
ssh-copy-id -i ~/.ssh/id_rsa user@host
Edit:
You should really just read DigitalRoss's answer, but: if you use keys with passphrases, you'll need to use ssh-add <key-file> to add them to ssh-agent (and obviously start up an ssh-agent if your distribution doesn't already have one running for you).
ssh-add, you need ssh-agent to be running and holding your private key(Ok, responding to the updated question, you first run ssh-keygen to generate a public and private key as Jefromi explained.. You put the public key on the server. You should use a passphrase, if you don't you have the equivalent of a plain-text password in your private key. But if you do, then you need as a practical matter ssh-agent as explained below.)
You need to be running ssh-agent in the background when you log in, and then the first time you log in, run ssh-add to give the agent your passphrase. All ssh-family commands will then consult the agent and automatically be able to use your private key.
On GNOME and KDE systems, ssh-agent is probably already launched automatically for you. I will go through the details in case, like me, you also have a Cygwin or other windows environment where this most certainly is not done for you.
Start here: man ssh-agent.
There are a multitude of ways to automatically run the agent. As the man page explains, you can either run it so that it is a parent of all the other processes and arrange for the environment variables it provides (for interprocess contact) to automatically be in all child environments, or you can run the agent as an ordinary child, save the enviroment settings in a file, and source that file in every shell when they start.
My Ubuntu install automatically did the agent launch setup, so all I had to do was run ssh-add once every time I reboot. Try running ssh-agent and see if it works, if so, then you just need to do that once per reboot.
My Cygwin system needed it done manually, so I did this in my .profile and I have .bashrc source .profile:
. .agent > /dev/null
ps -p $SSH_AGENT_PID | grep ssh-agent > /dev/null || {
ssh-agent > .agent
. .agent > /dev/null
}
The .agent file is created automatically by the script; it contains the environment variables definitions and exports. The above tries to source the .agent file, and then tries to ps(1) the agent. If it doesn't work it starts an agent and creates a new agent file. You can also just run ssh-add and if it fails start an agent.
Hello,
I think there are two different things here. The first one is that normal SSH authentication requires the user to put the account's password (where the account password will be authenticated against different methods, depending on the sshd configuration).
You can avoid putting that password using certificates. With certificates you still have to put a password, but this time is the password of your private key (that's independent of the account's password).
To do this you can follow the instructions pointed out by steveth45:
If you want to avoid putting the certificate's password every time then you can use ssh-agent, as pointed out by DigitalRoss
The exact way you do this depends on Unix vs Windows, but essentially you need to run ssh-agent in the background when you log in, and then the first time you log in, run ssh-add to give the agent your passphrase. All ssh-family commands will then consult the agent and automatically pick up your passphrase.
Start here: man ssh-agent.
The only problem of ssh-agent is that, on *nix at least, you have to put the certificates password on every new shell. And then the certificate is "loaded" and you can use it to authenticate against an ssh server without putting any kind of password. But this is on that particular shell.
With keychain you can do the same thing as ssh-agent but "system-wide". Once you turn on your computer, you open a shell and put the password of the certificate. And then, every other shell will use that "loaded" certificate and your password will never be asked again until you restart your PC.
Gnome has a similar application, called Gnome Keyring that asks for your certificate's password the first time you use it and then it stores it securely so you won't be asked again.