I would like to enter the name and password for git and the password for github from a python/shell script
But :
echo mypasswd | hg push
As :
echo myname mypasswd | git push origin master
Does not work
You can use:
git pull https://[user]:[passwd]github.com/[account]/[repo].git [branch]
Or add it as a remote:
git remote add origin https://[user]:[passwd]#github.com/[account]/[repo].git
If you want to keep the name origin for the new remote, you should delete the old one first by using git remote remove origin
Generally, when you want to provide answers to interactive commands you'll do it with something like this:
myCommand <<EOF
some answer
some other answer
EOF
But I'm afraid you can't use this kind of redirection / piping to provide passwords to your commands. As #Fidel pointed it out, you should check the expect command for that.
Also, you should authenticate on your SCM using rsa keys ;)
For Mercurial, you should take a look at how you can store HTTPS credentials. There are several options: you can store the password in a config file, you can use the keyring extension or you can hard-code it into the URL:
hg pull https://username:password#host/repo
Only put the password into the URL if you're on a trusted machine — other people logged into the machine will be able to see the password while your hg pull is running.
Related
I have a git repository on an internal server and now want to have a scheduled task that automatically pulls changes to my local version. Found the GitPython package, which seems to be exactly what I need, but can't get it to work due to the password protection of the repo.
I have already cloned the repo to my local path (git clone git#LOCAL_IP:/repo/MY_GIT.git .) and will get prompted for the password every time I execute git pull from the command line (fair enough). According to How can I call 'git pull' from within Python?, I then tried exactly this
import git
g = git.cmd.Git(MY_LOCAL_PATH)
g.pull()
and (of course) get an error:
...
git.exc.GitCommandError: Cmd('git') failed due to: exit code(1)
cmdline: git pull
stderr: 'Permission denied, please try again.
Permission denied, please try again.
...
Unfortunately, from the many answers around the web dealing with PythoGit, I found none that tells me how I can set the password (I know that you should never ever hardcode passwords, but still...).
You can save credentials within git so that every git client can access them and won't ask the user. See How can I save username and password in Git? for details on how to do that.
I am trying to use Gitpython in python on my virtual machine but struggle due to sudo and denied permissions etc. So instead I wanted to try a different approach. When I write sudo git pull it first asks me for the password, then for the git username, and then for the git password, what I want to do now i prefill those in some kind of os.system within python. This is what I have accomplished so far:
os.system("echo <password> | sudo -S git pull")
This solves the first problem with the sudo password. But how can I prefill answers for the questions the command line will return?
how can I prefill answers for the questions the command line will return?
By avoiding having to prefill anything.
Meaning, as root, you should be able to do a git pull without having to enter the username/password.
If you can do that as root, in a command line, you will then be able to make it work in a Python os.system("echo <password> | sudo -S git pull") call.
For that:
1/ First set the username in the remote URL itself
cd /path/to/repo
git remote -v
https://aserver/auser/arepo
git remote set-url origin https://username#aserver/auser/arepo
2/ Use a credential helper (done as root) in order for Git itself to look for the password (instead of you having to try and feed it to the command line).
Once that is working as root, repeat the same git pull in your Python program (running as root)
In Python, using GitPython, I need to git push to a HTTPS remote repository on BitBucket.
After running the repo.git.push() command, it will return -as expected-:
bash: /dev/tty: No such device or address
error: failed to execute prompt script (exit code 1)
fatal: could not read Password for 'https://username#bitbucket.org': Invalid argument'
But Python will give me no change to enter the password like in the console.
How can I "attach" the password to the git push command or how can simulate a console password entry in Python?
It is important to note that unfortunately using SSH is not an alternative (the script should not requiere any further action to user that receives it and that wants to git push). I'm looking to "attach" the password into the command or to "simulate" a text entry on it.
What you are attempting to is skirt past security.
You need to create a pair of ssh keys.
Then, log-on to your bitbucket account's website and upload your public key.
Store your keys in your ~/.ssh directory.
When you have your keys setup you will not be prompted for a password anymore.
Here is more information about working with SSH keys: https://help.github.com/articles/generating-an-ssh-key/
I'm tired of doing this.
ssh me#somehost.com
input my password
sudo su - someuser
input my password
cd /some/working/directory
<run some commands>
Is there anyway to automate this? Do I need a special shell? or a shell emulator? can I programmatically drive the shell up to certain point then run manual commands on it?
Bonus points of it's programmed in python for extra hacking goodness
edit: All the answers below focus on the "full automation" part of the question: Where the hard part is what I highlighted above. Here is another example to see if I can capture the essence.
ssh me#somehost.com
<get a shell because keys are setup>
sudo su - user_that_deploys_the_app
<input password, because we don't want to give passwordless sudo to developers>
cd env; source bin/activate
cd /path/where/ur/app/is/staging
<edit some files, restart the server, edit some more, check the logs, etc.>
exit the term
For the ssh/authentication piece, you can setup passwordless authentication by using keys. Then you can simply use ssh and a bash script to execute a series of commands in an automated fashion.
You could use Python here, but if you are executing a series of shell commands, it's probably a better idea to use a shell script, as that's precisely what they do.
Alternately, look into Fabric for your automation needs. It's Python-based, and your "recipes" are written in Python.
I'm not quite sure what you're asking, but what you're probably asking about is getting SSH working in password-less mode using public keys. The general idea is you generate an SSH keypair:
ssh-keygen -t rsa
which gives you id_rsa and id_rsa.pub. You append the contents of id_rsa.pub to the ~/.ssh/authorized_keys file of your target user, and SSH from that point on will not ask for credentials. In your example, this will work out to:
Only once
# On your source machine
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub
# Copy this to clip board
# On somehost.com
su - someuser
# edit ~/.ssh/authorized_keys and paste what you had copied from previous step
From now on, you can now just run
ssh someuser#somehost.com "sh -c 'cd /some/dir; command.sh'"
and not be prompted for credentials.
fabric is a fine choice, as others have pointed out. there is also pexpect which might be more what you're looking for.
You can play with autoexpect. It creates expect script (script language intended to handle interaction with user). Run
autoexpect ssh me#somehost.com
followed by rest of commands. Script script.exp will be created.
Please note, that exact results of input and output will be recorded by the script. If output may differ from execution to execution, you'll need to modify a bit generated script.
As Daniel pointed out you need to have a secure way of doing ssh and sudo on the boxes. Those items are universal to dealing with linux/unix boxes. Once you've tackled that you can use fabric. It's a python based tool to do automation.
You can set stuff up in your ~/.ssh/config
For example:
Host somehost
User test
See ssh_config(5) for more info.
Next, you can generate a SSH key using ssh-keygen(1), run ssh-agent(1), and use that for authentication.
If you want to run a command on a remote machine, you can just use something like:
$ ssh somehost "sh myscript.sh ${myparameter}".
I hope this at least points you in the right direction :)
If you need sudo access, then there are obvious potential security issues though ... You can use ChrootDirectory on a per user basis inside a Match block though. See sshd_config(5) for info.
try module paramiko. This can meet your requirement.
I want execute a command which needs sudo in local machine. So as the documentation suggests, I used the local command, but its asking me to enter the password. How can I avoid this? Is there some place where I can save my local machine password?
local('sudo /etc/init.d/tomcat6 start',capture=True)
If you do not plan to share the fabfile you can use:
echo "password\n" | sudo -S /etc/init.d/tomcat6 start
according to the sudo man page:
The -S (stdin) option causes sudo to read the password from
the standard input instead of the terminal device. The
password must be followed by a newline character.
Check the visudo command, which will allow you to edit the /etc/sudoers file, in which you can define users, commands and password-requirements on a machine (e.g. user mlzboy does not need to enter password in order to execute /etc/init.d/tomcat6). Don't forget this can create a security problem.
Sudoers manual
If you want to use sudo but on the loopback ip:
from fabric.api import sudo,env
env.hosts =['127.0.0.1']
sudo('aptitude search fabric')
No need to edit sudoers, given you have an ssh server running locally.