git push says forbidden

Question

I usually work from two places and new to git. The very first time i created one repository online and added it to my system like the steps told by the github website. Then i wanted to work on the same repository from my the other place so i installed git in my other system too and did the following:

Created a directory:

Then in that directory i did git init

After that i did git config --global user.name "Name" and git config --global user.email "email"

Then i added the same repository created earlier from other system by getting the address of the repository from HTTPS CLONE URL option in github website as:

git add origin https://github.com/myUserName/repoName.git

Then to get all the repository data i did:

git pull origin master

Till this all works fine i got all the data onto my system, but when i made some changes in the files and committed the changes, I started to push back the changes using the command:

git push origin master

But i was not able to push the changes as it says Error: 403 Forbidden

According to me it gave me such a message because it does not asked me for any username and Password combo, but it asked me for a username and password while pushing when i configured the repository in my first system.

The after doing some Google I found that we can insert Username and Password into a file present in .git/config

So i edited that file as below:

Earlier my config file looks like:

[core]

        repositoryformatversion = 0
        filemode = true
        bare = false
        logallrefupdates = true
[remote "recupero"]

        url = https://github.com/satyam1990/recupero.git
        fetch = +refs/heads/*:refs/remotes/recupero/*

After Editing my config file looks like:

[core]

        repositoryformatversion = 0
        filemode = true
        bare = false
        logallrefupdates = true
[remote "recupero"]

        url = https://Username:myPasswordHere@github.com/satyam1990/recupero.git
        fetch = +refs/heads/*:refs/remotes/recupero/*

After editing my config file as above I am able to push, but when ever I push changes it displays my Username and Password right away onto my screen and i don't want that. Is there a way such that i can make git to ask me for a Username and Password everytime i git push as it does on my previous system where i configured git the very first time. And also storing Username and Password right away in a text file is not a good practice.

Is this two different computers you are using? In that case you have to add both ssh keys to your github account. https://github.com/settings/ssh — crea1, Jul 01 '13 at 10:48
i am not using ssh protocol as you can see in my config file, i am using https, is it necessary to use ssh. — mSatyam, Jul 01 '13 at 10:52
As far as I know Github only supports ssh to write to repos. Try changing your remote url to: ssh://git@github.com:satyam1990/recupero.git — crea1, Jul 01 '13 at 10:58
@crea1 no https is perfectly fine for pushing as well. See my answer below. And it is more convenient than ssh when you are working behind a firewall which blocks ssh port for outside http queries. GitHub supports smart http (https://github.com/blog/642-smart-http-support). See http://stackoverflow.com/a/7073618/6309 and http://stackoverflow.com/a/7502628/6309 for more. — VonC, Jul 01 '13 at 11:46

score 2 · Accepted Answer · edited May 23 '17 at 11:51

2

Yes, you can store your credentials in a $HOME/.netrc file.

machine github.com
login <login1>
password <password1>

Or you can use a credential helper in order to:

encrypt that file (git1.8.3)
store them in memory for the duration of the session (git1.7.12), for windows or for unix.

edited May 23 '17 at 11:51

Community

1
1

answered Jul 01 '13 at 11:38

VonC

1,262,500
529
4,410
5,250

1

Why it doesn't ask for a Username, password as it does on my earlier machine. – mSatyam Jul 01 '13 at 11:47
@msatyam if you are using a wrapper like "GitHub for Mac" or "GitHub for Windows", it may have created the `.netrc` for you, or use its own internal credential helper. I presume you were using an https address as well for '`origin`' (`git remote -v`) on your first machine? – VonC Jul 01 '13 at 11:49

score 1 · Answer 2 · answered Jul 01 '13 at 11:48

1

Generally, you should use SSH with keys, if only for the specific advantage of not having your password laying around in plain text files. With SSH Keys, you can have a distinguished (locally encrypted) key on each of your devices and will never have to copy them around.

As for https, if you use an up-to-date git, it should ask you for your username and password. You could even just add your username in the git URL so that git would only ask for the password.

But if you are able to use SSH, you should use it, as it is more secure and once you got a hang of handling your keys, much more convenient.

answered Jul 01 '13 at 11:48

Holger Just

52,918
14
115
123

Generally, you can use ssh or https. And you have ways now to fully encrypt your https credential. So it is no more or less secure than ssh. *And* you don't have to manage ssh keys while you *already have* a GitHub login/password anyway. – VonC Jul 01 '13 at 12:10
(1) The encrypted `.netrc` is a git-specific "hack" that works nowhere else. (2) I have only one github password, but can have as many keys as I want. (3) I don't want to put my single password on my various production boxes and workstations without a proper means to invalidate it. A key is almost always more secure and better usable than a password (although some of the issues can be solved by issuing device-specific passwords as e.g. possible with gmail). – Holger Just Jul 01 '13 at 14:03
Agreed. I was answering more with the mindset of a casual user, but for different *work* places, if it is possible, then yes, ssh is better. So +1. Except I wouldn't be able to use ssh from my work place (ssh port blocked). – VonC Jul 01 '13 at 14:06
If I were you, I'd consider a different workplace :) On the other hand, Github also speaks SSH on Port 443, so you can probably still use it unless your company is extremely paranoid and uses deep package inspection on its routers to ensure that the data on 443 is actually https... – Holger Just Jul 01 '13 at 16:48
Ssh tunneling ? That is a legitimate cause for a termination of contract. Effective immediately. (at least in the large banking companies I usually work in) – VonC Jul 01 '13 at 17:34
I'm not talking about ssh tunneling, just accessing a legitimate service via SSH on another port than 22. It's not much different than https, just another encoding if you will. Would you fire people for accessing http services on port 8080? But in the end, I have never really understood why you'd want to make your staffs life just hard. You won't protect any data that way. But security policies in the banking sector are rarely actually helpful (at least from my experience). But they have a large amount of Security Theater™... – Holger Just Jul 01 '13 at 19:02
Again, I don't disagree with you :) I simply mentioned some of the policies I have to deal with in my experience (and I wouldn't say they always make sense). – VonC Jul 01 '13 at 20:03

git push says forbidden

2 Answers2