Avoid re-entering password for each submodule

I have a repo with 3 submodules. The repo and submodules are all on the same server, which I have ssh access to. The remote URLs are:


If I do an operation such as git submodule update --remote then it prompts for my password 3 times.

Is there any way to update the submodules but only require password once? Same goes for committing changes etc.

  • Git hook to reject a push containing a submodule update?
  • How should git submodules be set up for laravel 4 composer packages?
  • Pushing git repo (with submodules) to google app engine
  • Hosting a subset of boost used in project on github
  • git submodules defined by Carthage not being fetched
  • Remove all local changes recursively
  • How do I remove a submodule?
  • Why is git submodule update not automatic on git checkout?
  • 3 Solutions collect form web for “Avoid re-entering password for each submodule”

    One solution might be adding your machine ssh public key to authourized_keys file of the server. After that, you will not be asked for password.

    This is possible only if you have server access.

    This is how you do it

    • Copy your public key, usually present at ~/.ssh/id_rsa.pub
    • Append the key to ~/.ssh/authorized_keys file in your server.

    After that, you can connect to the server without a password

    Credit: this answer began with rjv’s answer although I required several more steps to get it working nicely. Other source material is linked below.

    Background: I’m using Cygwin in Windows, with a version of git built from source. I’m not using the Cygwin git although this should work the same for that. I am using Cygwin’s ssh. But the following method should work for unix-like systems also.


    Firstly: it’s not possible to “remember” the password inbetween invocations of git. (The git submodule is a script which invokes git once for each submodule here).

    However, it is possible to remember RSA key passphrases by using ssh-agent. So the list of steps here is:

    1. Create a RSA key pair for the ssh link.
    2. Set up a .ssh/config entry for the git host
    3. Set up ssh-agent to remember the passphrase — either just for the duration of the current command; or for the duration of the current shell.

    Create RSA key pair

    If you already have a key in ~/.ssh/id_rsa or otherwise that you wish to use, skip this step

    • Create a key pair with ssh-keygen. Use a strong passphrase. For this answer let’s assume the files are matt_rsa and matt_rsa.pub. The default filename is id_rsa etc., however in this answer I will use a different name so that we can see how to specify the name. This could be useful if you wish to use different keys for different hosts.

    • On the server:

      • Copy matt_rsa.pub into ~/.ssh
      • Append matt_rsa.pub to ~/.ssh/authorized_keys (creating it if it didn’t exist)
    • On the client:

      • Copy matt_rsa to ~/.ssh and chmod 600 matt_rsa so that nobody else can read your private key.

    At this point you could test things by opening an SSH connection using your usual ssh command, plus the option -i ~/.ssh/matt_rsa.

    Set up a ~/.ssh/config entry

    In the ~/.ssh/config file (creating it if it didn’t exist), create an entry like this:

    Host the_git_host
        HostName bla.bla.com
        User matt
        Port 2222
        IdentityFile ~/.ssh/matt_rsa

    After doing these steps, you should be able to connect via ssh simply by issuing the command ssh the_git_host after which it will prompt for your passphrase.Link to more detail

    Further, you will now be able to change your git remote to use the_git_host and then it will fish those details out of the .ssh/config file!

    $ git remote -v
    origin  ssh://matt@bla.bla.com:2222/path/to/repo (fetch)
    origin  ssh://matt@bla.bla.com:2222/path/to/repo (push)
    $ git remote set-url origin ssh://the_git_host/path/to/repo

    At this point you will be able to do git remote update and it will use the matt_rsa certificate, and prompt for your passphrase.

    Set up ssh-agent

    ssh-agent is a daemon. To start it you run ssh-agent -s, but that is a bit tricksy. It wants to set environment variables so that other programs can communicate with it. However, instead of just setting them, it outputs them on the commandline. So to actually run ssh-agent you must write:

    eval $(ssh-agent)

    which both launches ssh-agent and sets the environment variables.

    To kill it later and clear the environment, use ssh-agent -k.

    Once the agent is running then you remember your passphrase via the command:

    ssh-add ~/.ssh/matt_rsa

    which will prompt for the passphrase. If you get the error “Could not open a connection to your authentication agent”, see here.

    Finally, this is a bit annoying to have to type every time, so you can insert this gem into your .bashrc which will delay authentication until you issue a git command:

    ssh-auth() {
        # Start the SSH agent only if not running
        [[ -z $(ps | grep ssh-agent) ]] && echo $(ssh-agent) > /tmp/ssh-agent-data.sh
        # Load the environment variables for ssh-agent
        source /tmp/ssh-agent-data.sh > /dev/null
        # Authenticate
        [[ -z $(ssh-add -l | grep "matt_ptl3_rsa") ]] && ssh-add ~/.ssh/matt_ptl3_rsa
    # When a git command is issued, authenticate
    git() { ssh-auth; command git "$@" }

    This will persist the authentication for the rest of the current shell (or until you ssh-agent -k). To have the authentication only occur for the current command, replace the git() function with:

    gitr() { ssh-auth; command git "$@"; ssh-agent -k >/dev/null; }

    Then use gitr for commands you know will be remote multi-authentication commands.

    So, at long last, we can go:

    $ gitr submodule update --remote
    Enter passphrase for /home/Matt/.ssh/matt_rsa:
    Identity added: /home/Matt/.ssh/matt_rsa (/home/Matt/.ssh/matt_ptl3_rsa)

    Solution that requires much less headache

    Another approach is to use built-in git cache (v. 1.7.10 or newer required) so git will remember your login and password after you provide it first time.

    To enable git cache with default timeout (15 min) you type

    git config --global credential.helper cache

    To change default timeout type

    git config --global credential.helper 'cache --timeout=3600'
    Git Baby is a git and github fan, let's start git clone.