在 Windows 上使用 Git，在 HTTP 代理后面，无需在磁盘上存储代理密码 [英] Using Git on Windows, behind an HTTP proxy, without storing proxy password on disk

问题描述

我在 Windows 上使用 Git，在公司网络上使用基本身份验证的 HTTP 代理.出站 SSH 不起作用，所以我必须通过代理使用 HTTPS.

I'm using Git on Windows, on a corporate network where I'm behind an HTTP proxy with Basic authentication. Outbound SSH doesn't work, so I have to use HTTPS through the proxy.

我知道如何使用 git config http.proxy 将设置配置为 http://[username]:[password]@[proxy]:[port].

I'm aware of how to use git config http.proxy to configure the settings as http://[username]:[password]@[proxy]:[port].

然而，特别是因为这是一台共享机器，我宁愿不将我的密码存储在我的 .gitconfig 中.此外，使用 git config 命令更改我的 .gitconfig 会将我的密码留在我的 bash 历史记录中，因此即使我记得清除我的 .gitconfig在会话结束时，我几乎肯定也会忘记清除我的历史记录.

However, particularly as this is a shared machine, I'd rather not store my password in my .gitconfig. Additionally, changing my .gitconfig using the git config command leaves my password in my bash history, so even if I remember to clear my .gitconfig at the end of the session, I'll almost certainly forget to clear my history as well.

我尝试在没有密码的情况下设置 http.proxy，徒劳地希望我在尝试推/拉时会收到询问我密码的提示，但我只得到需要 407 代理身份验证.我在网上找到的所有信息似乎都忽略了将密​​码以明文形式保存在 .gitconfig 中的问题，或者处理 NTLM 代理.

I've tried setting http.proxy without a password, in the vain hope that I'd get a prompt asking me for my password when I try to push/pull, but I only get a 407 Proxy Authentication Required. All the information I've found online seems to either ignore the issues with having the password saved in plaintext in .gitconfig, or deals with NTLM proxies.

我很高兴每次需要连接时都输入我的代理详细信息 - 目前我能看到的最佳解决方案是编写一个包装脚本，该脚本将提示输入我的密码，并在调用时将其设置为环境变量 <代码>git 正确.这是一个不错的解决方案，并且为脚本中的单个调用设置环境变量是否有任何安全隐患?最好，是否有任何内置设置或现有工具可以用于此目的?

I'm quite happy to type my proxy details every time I need to connect - the best solution I can see at the moment is writing a wrapper script that will prompt for my password and set that as an environment variable when calling git proper. Is this a decent solution, and are there any security implications to setting an environment variable for a single call in a script? Preferably, are there any built-in settings or existing tools that I can use for this?

推荐答案

除了使用 git 设置，您还可以使用环境变量(您可以仅为会话设置)，如 这个答案:

Instead of using git setting, you can also use environment variable (that you can set just for your session), as described in this answer:

set http_proxy=http://username:password@proxydomain:port
set https_proxy=http://username:password@proxydomain:port
set no_proxy=localhost,.my.company 

因此您的包装器脚本可以根据需要为您当前的会话设置环境变量，而不是修改 .gitconfig(并将密码保留为纯文本).

So your wrapper script could, instead of modifying the .gitconfig (and leaving your password in plain text) set environment variables on demand, just for your current session.

作为 由

As noted by Welgriv, this is unsafe since environmental variables can be accessed by any program in user mode.

这些天(2020 年，5 年后)，我更喜欢:

These days (2020, 5+ years later), I prefer:

set http_proxy=http://127.0.0.1:3128
set https_proxy=http://127.0.0.1:3128

127.0.0.1:3128 是 genotrance/px，一个小型 HTTP 代理服务器，它将通过 NTLM 代理自动进行身份验证.
无需设置密码甚至用户.

With 127.0.0.1:3128 being the default URL for a genotrance/px, a small HTTP proxy server, which will automatically authenticate through an NTLM proxy.
No password or even user to set.

这篇关于在 Windows 上使用 Git，在 HTTP 代理后面，无需在磁盘上存储代理密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！