I have an Ant build that will sometimes execute a ‘git push’ within a directory on my server. I can do this fine interactively because it asks for the passphrase for my key, but this becomes problematic if you set up a cron job to run the build unattended.
Are there options for me beyond not using a passphrase? I’ve heard of using ssh-agent, but I’ve also heard for unattended processes that route won’t work. Does anyone have any recommendations for this, and perhaps an example of how to implement it?
I saw that someone suggested to run the cron as a daemon here:
Accessing SSH key from bash script running via a cron job — but I’m not sure how I could do that or put in my passphrase without compromising it by putting it in plain text, etc.
Any help greatly appreciated.
First, set yourself up for password-less login.
Use
ssh-keygento generate a public/private key pair with no password. Append the public key to ~/.ssh/authorized_keys on the server.Then run
ssh -i /path/to/private_key serverto confirm that the password-less login is working.Finally, configure git to use that
ssh -i ...command.As @mah suggests, you might want to create a specific
gitaccount on the server. You add the public key to ~git/.ssh/authorized_keys to enable the password-less login.authorized_keys also has options to restrict what commands the incoming connection can run. If you are interested in those features, read the SSH documentation.
And of course, you want to keep the private key file readable only by you.