英文:
HTTP authentication fails when password is into URL, but succeeded using interactive password prompt - why?
问题
我正在尝试通过CI管道使用访问令牌作为密码从HTTP访问git(不使用SSH是不行的)。如果将凭据嵌入URL中,它不起作用:
$ git clone http://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://git.host/my/repo.git/'
但如果在交互模式下输入凭据 - 它可以正常工作:
$ git clone http://git.host/my/repo.git
Cloning into 'repo'...
Username for 'https://git.host:443': username
Password for 'https://username@git.host:443': pass-_word123
Cloning into 'repo'...
remote: Enumerating objects: 72, done.
remote: Counting objects: 100% (72/72), done.
remote: Compressing objects: 100% (53/53), done.
remote: Total 72 (delta 21), reused 60 (delta 17), pack-reused 0
Receiving objects: 100% (72/72), 7.90 KiB | 7.90 MiB/s, done.
Resolving deltas: 100% (21/21), done.
为什么会这样?如何修复这个问题?
我的密码只包含拉丁字符、数字和符号 "-" 和 "_",如上面的示例所示,所以这不是特殊字符相关的问题。
英文:
I'm trying to access git via HTTP from CI pipeline using access token as a password (using SSH is not an option). If build credentials into URL, it doesn't work:
$ git clone http://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://git.host/my/repo.git/'
But if enter credentials in interactive mode - it works fine:
$ git clone http://git.host/my/repo.git
Cloning into 'repo'...
Username for 'https://git.host:443': username
Password for 'https://username@git.host:443': pass-_word123
Cloning into 'repo'...
remote: Enumerating objects: 72, done.
remote: Counting objects: 100% (72/72), done.
remote: Compressing objects: 100% (53/53), done.
remote: Total 72 (delta 21), reused 60 (delta 17), pack-reused 0
Receiving objects: 100% (72/72), 7.90 KiB | 7.90 MiB/s, done.
Resolving deltas: 100% (21/21), done.
Why is it so? And how to fix that?
My password consists only of Latin characters, numbers and symbols "-" and "_" as shown in example above, so it is not special characters-related problem.
答案1
得分: 0
问题在于我试图从 http://git.host/...
进行 git 克隆,但服务器 git.host
只通过 HTTPS 响应请求,而不是 HTTP。
如果通过浏览器(或 curl)请求 http://git.host/my/repo.git
,我可以看到服务器返回 HTTP 301 Moved Permanently
响应,然后浏览器(或 curl)会发出第二个请求到 httpS://git.host/...
- 但如果使用 CLI 中的 git
客户端与该服务器交互,由于某些未知的原因,它无法正确地跟随 HTTP 301 响应。
这个问题正如问题描述的那样表现出来:只有在交互模式下才能成功地将凭据传递给服务器,而不能在它们被集成到请求 URL 中时传递。
解决这个问题的方法非常简单:在 git clone
CLI 命令中使用 httpS://git.host/...
而不是 http://git.host/...
,这样它会正确地使用通过命令行传递到 URL 中的凭据:
使用 HTTP 请求 - 这不起作用:
$ git clone http://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://git.host/my/repo.git/'
使用 HTTPS 请求 - 这很好用:
$ git clone httpS://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: Enumerating objects: 370, done.
remote: Counting objects: 100% (99/99), done.
remote: Compressing objects: 100% (62/62), done.
remote: Total 370 (delta 28), reused 87 (delta 23), pack-reused 271
Receiving objects: 100% (370/370), 46.43 KiB | 779.00 KiB/s, done.
Resolving deltas: 100% (94/94), done.
英文:
The problem is that I'm trying to git clone from http://git.host/...
, but server git.host
is set up to answer only via HTTPS, not HTTP.
If request http://git.host/my/repo.git
from browser (or curl), I can see HTTP 301 Moved Permanently
response from the server, and then browser (or curl) do second request to httpS://git.host/...
- but if deal with this server from CLI git
client, it cannot properly follow HTTP 301 response for some unknown reasons.
This problem manifests exactly in the way described in the question: credentials could be successfully passed to the server only in interactive mode, but not when they are integrated into request URL.
Solution to this problem is quite simple: use httpS://git.host/...
instead of http://git.host/...
in git clone
CLI command, so it properly uses the credentials passed through command-line into URL:
### Request with HTTP - this does not works:
$ git clone http://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://git.host/my/repo.git/'
### Request with HTTPS - this works fine:
$ git clone httpS://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: Enumerating objects: 370, done.
remote: Counting objects: 100% (99/99), done.
remote: Compressing objects: 100% (62/62), done.
remote: Total 370 (delta 28), reused 87 (delta 23), pack-reused 271
Receiving objects: 100% (370/370), 46.43 KiB | 779.00 KiB/s, done.
Resolving deltas: 100% (94/94), done.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论