bbot icon indicating copy to clipboard operation
bbot copied to clipboard

Module install fails due to git password prompt.

Open ObscenityIB opened this issue 3 months ago • 2 comments

Saw the bsides talk and decided to try this one out!

Describe the bug I have a global git configuration that forces all clones/pulls/pushes etc to use SSH instead of HTTP(S). This causes bbot to fail some module installs that it pulls from git repos, as it doesn't prompt for the password.

Expected behavior bbot interactively asks for the git ssh password, similar to how it asks for elevation when starting the module installs

BBOT Command bbot -t intranet.local -p kitchen-sink --allow-deadly -v --retry-deps -d

OS, BBOT Installation Method + Version OS: Arch Linux Installation method: venv + pip BBOT version: v2.1.2.5223rc

BBOT Config Default

Logs relevant bbot log:

        "res": {
            "cmd": "/usr/bin/git ls-remote https://github.com/blechschmidt/massdns.git -h refs/heads/master",
            "rc": 128,
            "stdout": "",
            "stderr": "[email protected]: Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n",
            "msg": "[email protected]: Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.",
...
[ERRR] Failed to install dependencies for 2 modules: dnsbrute,dnsbrute_mutations (--force to run module anyway)

.gitconfig layout

[user]
	name = ObscenityIB
	email = ***
	signingkey = ***
[includeIf "gitdir:~/DEV/gitea/"]
    path = ~/DEV/gitea/.gitconfig
[includeIf "gitdir:~/DEV/opengist/"]
    path = ~/DEV/opengist/.gitconfig
# Enforce SSH
[url "ssh://[email protected]/"]
  insteadOf = https://github.com/
[url "ssh://[email protected]/"]
  insteadOf = https://gitlab.com/
[url "ssh://[email protected]/"]
  insteadOf = https://bitbucket.org/
[url "ssh://[email protected]:222/"]
  insteadOf = http://intranet.local:3000/
[url "ssh://[email protected]:2222/"]
  insteadOf = http://intranet.local:6157/
[commit]
	gpgsign = true

Yes, I could totally just, not do this, but I'm definitely not the only one out there that enforces ssh for git, so a fix in place would benefit others as well.

That fix could be as simple as using a different, possibly empty, .gitconfig in bbot's environment, preventing it from getting stuck by the users preferences.

ObscenityIB avatar Nov 14 '24 12:11 ObscenityIB