[http] Git error messages reveal password encoded in the URL

[http] Git error messages reveal password encoded in the URL

[Ketan Padegaonkar]

Hi,

We use http to serve our git repos, in order for git to not ask me a 
username/password everytime, I've put the following in my .git/config:

[remote "origin"]
   url = https://user:pass@host/repo.git

What is discerning is that every time git encounters a problem 
connecting to the repo, I get the following error containing both my 
username and password.

error: Couldn't resolve host 'host' while accessing 
https://user:pass@host/repo.git/info/refs

I would like to suggest that the password be removed/masked from this 
error message.

-- 
Ketan
http://ketan.padegaonkar.name | http://eclipse.org/swtbot

Re: [http] Git error messages reveal password encoded in the URL

[Jakub Narebski]

Ketan Padegaonkar <ketanpadegaonkar@gmail.com> writes:

> We use http to serve our git repos, in order for git to not ask me a
> username/password everytime, 

Errr... WTF?  Can't you configure SSH (use ssh-add, perhaps together with
tool such as keychain) to use public key based authentication?

> I've put the following in my .git/config:
> 
> [remote "origin"]
>    url = https://user:pass@host/repo.git
> 
> What is discerning is that every time git encounters a problem
> connecting to the repo, I get the following error containing both my
> username and password.
> 
> error: Couldn't resolve host 'host' while accessing
> https://user:pass@host/repo.git/info/refs
> 
> I would like to suggest that the password be removed/masked from this
> error message.

Which git version do you use?  I recall vaguely that something was
done in this direction (masking passwords in URLs).

-- 
Jakub Narebski
Poland
ShadeHawk on #git

Re: [http] Git error messages reveal password encoded in the URL

[Jacob Helwig]

On Mon, Jul 19, 2010 at 14:02, Jakub Narebski <jnareb@gmail.com> wrote:
> Ketan Padegaonkar <ketanpadegaonkar@gmail.com> writes:
>
>> We use http to serve our git repos, in order for git to not ask me a
>> username/password everytime,
>
> Errr... WTF?  Can't you configure SSH (use ssh-add, perhaps together with
> tool such as keychain) to use public key based authentication?
>

I don't think SSH/ssh-agent/pubkey would actually help, given that
it's a https URL.  Unless I'm missing something here?

>> I've put the following in my .git/config:
>>
>> [remote "origin"]
>>    url = https://user:pass@host/repo.git
>>

Re: [http] Git error messages reveal password encoded in the URL

[Jakub Narebski]

Dnia poniedziałek 19. lipca 2010 23:05, Jacob Helwig napisał:
> On Mon, Jul 19, 2010 at 14:02, Jakub Narebski <jnareb@gmail.com> wrote:
>> Ketan Padegaonkar <ketanpadegaonkar@gmail.com> writes:
>>
>>> We use http to serve our git repos, in order for git to not ask me a
>>> username/password everytime,
>>
>> Errr... WTF?  Can't you configure SSH (use ssh-add, perhaps together with
>> tool such as keychain) to use public key based authentication?
>>
> 
> I don't think SSH/ssh-agent/pubkey would actually help, given that
> it's a https URL.  Unless I'm missing something here?

I was referring to 'we use http [...] _in order_ for git to not ask me
a username/password everywhere'.  I just noted that you can make git
not ask a username/password everywhere when using ssh:// URLs.

-- 
Jakub Narebski
Poland

Re: [http] Git error messages reveal password encoded in the URL

[Jacob Helwig]

On Mon, Jul 19, 2010 at 14:10, Jakub Narebski <jnareb@gmail.com> wrote:
> Dnia poniedziałek 19. lipca 2010 23:05, Jacob Helwig napisał:
>> On Mon, Jul 19, 2010 at 14:02, Jakub Narebski <jnareb@gmail.com> wrote:
>>> Ketan Padegaonkar <ketanpadegaonkar@gmail.com> writes:
>>>
>>>> We use http to serve our git repos, in order for git to not ask me a
>>>> username/password everytime,
>>>
>>> Errr... WTF?  Can't you configure SSH (use ssh-add, perhaps together with
>>> tool such as keychain) to use public key based authentication?
>>>
>>
>> I don't think SSH/ssh-agent/pubkey would actually help, given that
>> it's a https URL.  Unless I'm missing something here?
>
> I was referring to 'we use http [...] _in order_ for git to not ask me
> a username/password everywhere'.  I just noted that you can make git
> not ask a username/password everywhere when using ssh:// URLs.
>

Ah, I read it to mean "We use HTTP.  I encode the user and password in
the URL to prevent it from asking all the time", not "We use HTTP with
an encoded user and password to prevent it from asking".  If it's the
latter, then you're definitely right: Using SSH + pubkey
authentication is probably a _much_ better choice.

Re: [http] Git error messages reveal password encoded in the URL

[Ketan Padegaonkar]

On 7/19/10 2:16 PM, Jacob Helwig wrote:
> On Mon, Jul 19, 2010 at 14:10, Jakub Narebski<jnareb@gmail.com>  wrote:
>> Dnia poniedziałek 19. lipca 2010 23:05, Jacob Helwig napisał:
>>> On Mon, Jul 19, 2010 at 14:02, Jakub Narebski<jnareb@gmail.com>  wrote:
>>>> Ketan Padegaonkar<ketanpadegaonkar@gmail.com>  writes:
>>>>
>>>>> We use http to serve our git repos, in order for git to not ask me a
>>>>> username/password everytime,

Apologies. I used the wrong punctuation. It should read as:

We use https+basic auth to serve up git repos. Unfortunately SSH is not 
an option for various reasons.

In order for git to not ask me the username/password, I 'encoded' the 
username/password into the url.

I'm using git v1.7.1.1 on MacOSX Leopard. I can see the same behavior on 
master (rev 24e7a5).

-- 
Ketan
http://ketan.padegaonkar.name | http://eclipse.org/swtbot

Re: [http] Git error messages reveal password encoded in the URL

[Jakub Narebski]

Dnia wtorek 20. lipca 2010 01:25, Ketan Padegaonkar napisał:
> On 7/19/10 2:16 PM, Jacob Helwig wrote:
>> On Mon, Jul 19, 2010 at 14:10, Jakub Narebski<jnareb@gmail.com>  wrote:
>>> Dnia poniedziałek 19. lipca 2010 23:05, Jacob Helwig napisał:
>>>> On Mon, Jul 19, 2010 at 14:02, Jakub Narebski<jnareb@gmail.com>  wrote:
>>>>> Ketan Padegaonkar<ketanpadegaonkar@gmail.com>  writes:
>>>>>
>>>>>> We use http to serve our git repos, in order for git to not ask me a
>>>>>> username/password everytime,
> 
> Apologies. I used the wrong punctuation. It should read as:
> 
> We use https+basic auth to serve up git repos. Unfortunately SSH is not 
> an option for various reasons.

Is it because of firewall, or it is the issue with issuing shell 
accounts?  If the latter, you can use tools such as gitosis or gitolite
which need only one single shell account, and control access via public
key infrastructure.

> 
> In order for git to not ask me the username/password, I 'encoded' the 
> username/password into the url.

Can't you use ~/.netrc file[1] instead?  As far as I see this would not
show password info on error.  Not that the current situation should
not be fixed, but it might be worthwhile workaround for a time.

The ~/.netrc file would look like this for your example:

  machine host
  login user
  password pass

You should of course `chmod 600 ~/.netrc`

[1] This is unfortunately underdocumented: only this documentation
Documentation/howto/setup-git-server-over-http.txt mentions ~/.netrc
file.  I think that handling the $HOME/.netrc is done by the curl 
library that git uses, see libcurl-tutorial(3) manpage.

> I'm using git v1.7.1.1 on MacOSX Leopard. I can see the same behavior on 
> master (rev 24e7a5).

-- 
Jakub Narebski
Poland

Re: [http] Git error messages reveal password encoded in the URL

[Tay Ray Chuan]

Hi:

On Tue, Jul 20, 2010 at 8:41 AM, Jakub Narebski <jnareb@gmail.com> wrote:
> Dnia wtorek 20. lipca 2010 01:25, Ketan Padegaonkar napisał:
[snip]
> Can't you use ~/.netrc file[1] instead?  As far as I see this would not
> show password info on error.  Not that the current situation should
> not be fixed, but it might be worthwhile workaround for a time.
>
> The ~/.netrc file would look like this for your example:
>
>  machine host
>  login user
>  password pass
>
> You should of course `chmod 600 ~/.netrc`
>
> [1] This is unfortunately underdocumented: only this documentation
> Documentation/howto/setup-git-server-over-http.txt mentions ~/.netrc
> file.  I think that handling the $HOME/.netrc is done by the curl
> library that git uses, see libcurl-tutorial(3) manpage.

+1

This is the only way I know of to "hide" your password.

Of course, depending on your authentication scheme, your efforts for
this setup may prove worthless.

-- 
Cheers,
Ray Chuan