There are a few options, depending on what your requirements are, in particular your security needs. For both HTTP and SSH, there is password-less, or password required access.

有几个选项，具体取决于您的要求，尤其是您的安全需求。对于 HTTP 和 SSH，都有无密码或需要密码的访问。

HTTP

HTTP

==============

==============

Password-Less

无密码

Useful for fetch only requirements, by default push is disabled. Perfect if anonymous cloning is the intention. You definitely shouldn't enable push for this type of configuration. The man page for git-http-backend contains good information, online copy at http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html. It provides an example of how to configure apache to provide this.

对于仅获取要求很有用，默认情况下禁用推送。如果匿名克隆是目的，那就完美了。你绝对不应该为这种类型的配置启用推送。git-http-backend 的手册页包含很好的信息，在http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html在线复制。它提供了如何配置 apache 以提供此功能的示例。

User/password in .netrc or url embedded

.netrc 中的用户/密码或嵌入的 url

Where .netrc files are using in the form:

其中 .netrc 文件以以下形式使用：

machine <hostname> login <username> password <password>

And embedded urls would be in the form:

嵌入的 url 将采用以下形式：

http://user:pass@hostname/repo

Since git won't do auth for you, you will need to configure a webserver such as apache to perform the auth, before passing the request onto the git tools. Also keep in mind that using the embedded method is a security risk, even if you use https since it is part of the url being requested.

由于 git 不会为您执行身份验证，因此在将请求传递到 git 工具之前，您需要配置一个网络服务器（例如 apache）来执行身份验证。还要记住，使用嵌入式方法存在安全风险，即使您使用 https，因为它是被请求的 url 的一部分。

If you want to be able to pull non-interactive, but prevent anonymous users from accessing the git repo, this should be a reasonably lightweight solution using apache for basic auth and preferably the .netrc file to store credentials. As a small gotcha, git will enable write access once authentication is being used, so either use anonymous http for read-only, or you'll need to perform some additional configuration if you want to prevent the non-interactive user from having write access.

如果您希望能够拉非交互式，但阻止匿名用户访问 git 存储库，这应该是一个合理的轻量级解决方案，使用 apache 进行基本身份验证，最好使用 .netrc 文件来存储凭据。作为一个小问题，一旦使用身份验证，git 将启用写访问权限，因此要么使用匿名 http 进行只读，要么如果您想阻止非交互式用户具有写访问权限，则需要执行一些额外的配置.

See:

看：

• httpd.apache.org/docs/2.4/mod/mod_auth_basic.html for more on configuring basic auth
• www.kernel.org/pub/software/scm/git/docs/git-http-backend.html for some examples on the apache config needed.
  
  
  

• httpd.apache.org/docs/2.4/mod/mod_auth_basic.html 有关配置基本身份验证的更多信息
• www.kernel.org/pub/software/scm/git/docs/git-http-backend.html 有关所需 apache 配置的一些示例。
  
  
  

SSH

SSH

==============

==============

Passphrase-Less

无密码

Opens up for security issues, since anyone who can get a hold of the ssh private key can now update the remote git repo as this user. If you want to use this non-interactively, I'd recommend installing something like gitolite to make it a little easier to ensure that those with the ssh private key can only pull from the repo, and it requires a different ssh key pair to update the repo.

为安全问题打开了大门，因为任何可以获得 ssh 私钥的人现在都可以以此用户身份更新远程 git 存储库。如果你想以非交互方式使用它，我建议安装类似 gitolite 的东西，以确保那些拥有 ssh 私钥的人只能从 repo 中提取，并且需要不同的 ssh 密钥对来更新回购。

See github.com/sitaramc/gitolite/ for more on gitolite.

有关 gitolite 的更多信息，请参见 github.com/sitaramc/gitolite/。

stromberg.dnsalias.org/~strombrg/ssh-keys.html - for creating password less ssh keys: May also want to cover managing multiple ssh keys: www.kelvinwong.ca/2011/03/30/multiple-ssh-private-keys-identityfile/

stromberg.dnsalias.org/~strombrg/ssh-keys.html - 用于创建无密码 ssh 密钥：可能还想涵盖管理多个 ssh 密钥：www.kelvinwong.ca/2011/03/30/multiple-ssh-private-密钥身份文件/

Passphase protected

密码保护

Can use ssh-agent to unlock on a per-session basis, only really useful for interactive fetching from git. Since you mention root and only talk about performing 'git pull', it sounds like your use case is non-interactive. This is something that might be better combined with gitolite (github.com/sitaramc/gitolite/).

可以使用 ssh-agent 在每个会话的基础上解锁，只对从 git 交互式获取真正有用。由于您提到 root 并且只谈论执行“git pull”，因此听起来您的用例是非交互式的。这可能与 gitolite (github.com/sitaramc/gitolite/) 结合得更好。

Summary

概括

==============

==============

Using something like gitolite will abstract a lot of the configuration away for SSH type set ups, and is definitely recommended if you think you might have additional repositories or need to specify different levels of access. It's logging and auditing are also very useful.

使用像 gitolite 这样的东西会为 SSH 类型设置抽象出很多配置，如果你认为你可能有额外的存储库或需要指定不同的访问级别，绝对推荐使用。它的日志记录和审计也非常有用。

If you just want to be able to pull via http, the git-http-backend man page should contain enough information to configure apache to do the needful.

如果您只想通过 http 拉取数据，git-http-backend 手册页应该包含足够的信息来配置 apache 来完成所需的工作。

You can always combine anonymous http(s) for clone/pull, with passphrase protected ssh access required for full access, in which case there is no need to set up gitolite, you'll just add the ssh public key to the ~/.ssh/authorized_keys file.

您始终可以将匿名 http(s) 与克隆/拉取，以及完全访问所需的受密码保护的 ssh 访问结合起来，在这种情况下，无需设置 gitolite，您只需将 ssh 公钥添加到 ~/. ssh/authorized_keys 文件。

See the answer to this question. You should use the SSH access instead of HTTPS/GIT and authenticate via your SSH public key. This should also work locally.

请参阅此问题的答案。您应该使用 SSH 访问而不是 HTTPS/GIT 并通过您的 SSH 公钥进行身份验证。这也应该在本地工作。

If you're using ssh access, you should have ssh agent running, add your key there and register your public ssh key on the repo end. Your ssh key would then be used automatically. This is the preferred way.

如果您使用 ssh 访问，您应该运行 ssh 代理，在那里添加您的密钥并在 repo 端注册您的公共 ssh 密钥。然后将自动使用您的 ssh 密钥。这是首选方式。

If you're using https access, you one would either

如果你使用 https 访问，你要么

• use a .netrc file that contains the credentials or
• provide user/pass in the target url in the form https://user:[email protected]/repo

• 使用包含凭据的 .netrc 文件或
• 以https://user:[email protected]/repo的形式在目标 URL 中提供用户/密码

With any of these three ways, it shouldn't ask for a password.

使用这三种方式中的任何一种，它都不应该要求输入密码。