Git Pull without typing private key password

I'm going to setup a cronjob for git pull changes on my test webserver. But my private key has开发者_StackOverflow社区 a password, How could i pass it as argument?

git pull something mypassword

I'm willing to use it on a cronjob and I don't want to leave private key without password.

Thanks

You don't want to leave the private key without a password but you have no problems with storing the password in the cron job description? That seems a bit odd.

You might be able to do it with ssh-agent (not sure, but search for it), but quite frankly I find it a bit silly.

No problem. keychain is what you need. You should be able to find it in your distro. There is a guide for Gentoo Linux.

What you need is read-only access. To do this via SSH:

1. Create a user at the remote server which has read-only access to the repository path.
2. Log in with this user via SSH and verify that you're able to read files (less /path/to/repo/.git/config) but not write (touch /path/to/repo/.git/config should fail).
3. Create an SSH key without a password in a path readable by cron.
4. Enable passwordless login with ssh-copy-id -i /path/to/passwordless/id.pub cron-user@server.example.com
5. Add eval $(ssh-agent); ssh-add /path/to/passwordless/id; at the beginning of the script listed in crontab.

That should do it.

You could make an expect script to provide the password when needed. Something like this:

#!/usr/bin/expect --

set password ssh-key-password

spawn git pull
expect "Enter passphrase*:" {send "$password\r"}

You may need to include

expect eof

at the end of the script