Google Says: Put Your Password Plainly in a File: Linux .netrc

By Xah Lee. Date:

Google Code tells its users to put password in a plain file. Here's a screenshot:

google Linux dot netrc screen capture 2012-08-15-2
Google Code's recommendation of using “.netrc”. From

Here's a text quote:

Add the following to your .netrc.
machine login password [generated password]

That's storing passwords in the plain. Amazingly, git uses .netrc, in the year of our load 2012.

This especially dangerous today with {dropbox, google drive, …} etc cloud storage. All your server passwords are consolidated in a single file in the plain.

Where are the unix faakheads who incessantly bitch about the security slack of Microsoft?

What is .netrc?

“.netrc” began as a way to store passwords so that ftp access can be automated in a script, without user having to type password.

Here's a excerpt from man netrc:

netrc(5) - Linux man page


netrc, .netrc - user configuration for ftp


This file contains configuration and autologin information for the
File Transfer Protocol client ftp(1).

The .netrc file contains login and initialization information used by
the auto-login process. It resides in the user's home directory. The
following tokens are recognized; they may be separated by spaces,
tabs, or new-lines:

    machine name

    Identify a remote machine name. The auto-login process searches
    the .netrc file for a machine token that matches the remote
    machine specified on the ftp command line or as an open command
    argument. Once a match is made, the subsequent .netrc tokens are
    processed, stopping when the end of file is reached or another
    machine or a default token is encountered.


    This is the same as machine name except that default matches any
    name. There can be only one default token, and it must be after
    all machine tokens. This is normally used as:

    default login anonymous password user@site

    thereby giving the user automatic anonymous ftp login to machines
    not specified in .netrc. This can be overridden by using the -n
    flag to disable auto-login.

    login name

    Identify a user on the remote machine. If this token is present,
    the auto-login process will initiate a login using the specified

    password string

    Supply a password. If this token is present, the auto-login
    process will supply the specified string if the remote server
    requires a password as part of the login process. Note that if
    this token is present in the .netrc file for any user other than
    anonymous, ftp will abort the auto-login process if the .netrc is
    readable by anyone besides the user.


Linux NetKit (0.17) September 23, 1997 Linux NetKit (0.17) 


Here's stackoverflow articles telling people how to use the “.netrc” file:

Note: if Google supports git over ssh protocol, then the manual-typing-password problem can be solved. See: However, Google does not plan to support git over ssh (See: See also:

2012-08-16 thanks to [Evan Cofsky] and Tom Novelli for help.