10

I set up 2 Factor Authentication on GitHub a while back. So, once I was working in the command line and wanted to push to my repo. I entered my username and password but it failed by giving an error like this

USERNAME@MYCOMPUTER:~/MyRepo$ git push
Username for 'https://github.com': GitHubUsername
Password for 'https://GitHubUsername@github.com': GitHubPassword 
remote: Invalid username or password.
fatal: Authentication failed for ' 
https://github.com/GitHubUsername/MyRepo/'

So, I read this post and got the solution that I have to generate a Personal Access Token to push anything. Fine, but I think this is a little tough process because First I can't remember that massive Token and Second Storing an access key in a text file is not a safe thing to do.

So, it'll be very nice if someone can give an easy solution to push to my repo without disabling 2FA. - Thanks!

lad
  • 233
  • 1
  • 4
  • 14
  • You just need to add it once only then it after you don't need to remember token again. Check this out : https://help.github.com/en/articles/authorizing-a-personal-access-token-for-use-with-a-saml-single-sign-on-organization – Mayank Dudakiya Apr 01 '19 at 05:16
  • Thanks, @MayankDudakiya but SSOs are for organizations. – lad Apr 01 '19 at 05:23
  • I don't think so there is another way to do this. You have to add access token in order to use GitHub. You just need to do it only once. – Mayank Dudakiya Apr 01 '19 at 05:39
  • @MayankDudakiya My problem is not about Access Token but to store the Access Token. I use RSA Encryption with Python but it's just too inconvenient. – lad Apr 01 '19 at 05:42
  • You can store your access token very safely. You can use encryption to store your access token then at the time of use decrypt. Make default encrypted access token with any prefer method and then decrypt it and use it . There are many ways you can also create api to get your access token. – Mayank Dudakiya Apr 01 '19 at 05:51
  • I have used GitHub API in one of my project so I first encrypted my access token by adding symbols, latter & number myself then I replace that all symbols, latter & number at the time of use. – Mayank Dudakiya Apr 01 '19 at 05:59
  • I use cryptography.fernet module in Python to make thing easier. – lad Apr 01 '19 at 06:04
  • You can let git store the auth for you, see https://stackoverflow.com/a/35942890/7362396 - this will however also only store it somewhere on your disk. Alternatively you could store your SSH public key [to GitHub](https://github.com/settings/keys) and access using SSH instead of HTTPS. – Tobias K. Apr 01 '19 at 06:08
  • Don't use token directly into the application for encrypt and decrypt. You should manually encrypt it first then you can use it in application. To manually encrypt add some symbols, latter and numbers then you can remove it or replace using method to use in application. – Mayank Dudakiya Apr 01 '19 at 06:09
  • Any reason you are not using ssh url's with GitHub? – Ferrybig Apr 01 '19 at 06:12
  • If you setup ssh url's, you get an password protected public & private key file on your disk, that git will use that file for authentication, instead of your GitHub access token – Ferrybig Apr 01 '19 at 06:20
  • @Ferrybig, That's my answer!! – lad Apr 01 '19 at 06:55
  • @KarthikSrivijay If you already have saved the id_rsa.pub to the Github account, then use can clone using SSH URL of the repo(If you don't have any changes in the local server) git@github.com:URL-of-Repo in place of https:/.... Then you can push to the remote repository without being asked for the credentials! – CoderSam Jun 25 '19 at 08:14
  • 1
    This is relevant to https://stackoverflow.com/questions/6565357/git-push-requires-username-and-password?rq=1, for avoiding username and password, will work here as well. – CoderSam Jun 25 '19 at 08:19

2 Answers2

7

Instead of using Github over https, you should use github over ssh.

https://help.github.com/en/articles/connecting-to-github-with-ssh

While https setup is easy, setting up ssh connections is a little bit more difficult, and this is the reason why https is used as standard option.

When you want to connect to github, you need to follow the following steps:

  1. Create an ssh key

    When you connect over ssh, it works with ssh keys instead of normal passwords, this increases your security, as even a server compromise won't leak your password, and even a attacker compromising your connection cannot change the data you send or receive to/from Github. Ssh keys also have optional passwords, that you need to provide in order to use said key.

    Usually, ssh-keys are combined with a program called a ssh-agent, and this program basically "caches" the decrypted key in memory, either forever, or with a timeout, so don't have to fill your password multiple times in a short period.

    You can create a key as follows:

    1. Run ssh-keygen -t ed25519 -C "your_email@example.com"
    2. Follow the standard options, and set a password.
    3. Optionally configure an ssh-agent

  2. Tell Github about your new key

    When you create your ssh key, it make 2 files, id_rsa and id_rsa.pub, the .pub file contains the public key.

    You can upload this key to Github by going to the settings, pressing "ssh keys", and adding the key there

  3. Update the local reposirory to use ssh keys

    Now that you told github about your new fance key, you need to configure your repository on disk to use this key.

    You can use the git remote command to do this:

    git remote set-url origin https://github.com/USERNAME/REPOSITORY.git

    Test your new settings by doing git fetch, it should ask for your ssh key password, and then fetch any updates branches.

Ferrybig
  • 18,194
  • 6
  • 57
  • 79
  • if I'm using multiple computers with one account, do I need multiple keys? – Neil Apr 07 '22 at 16:22
  • It depends on what is the easiest for you. In most cases, just making an ssh key is way easier than using network transfers to move it. If your computer ever gets stolen, it is also easier to jsuit remove a key, rather than having to generate it anew on other computers – Ferrybig Apr 07 '22 at 17:14
  • I opted for multiple keys, like you say for security purposes its handy to isolate a particular computer at any time – Neil Apr 11 '22 at 11:00
1

You can browse to the .git folder. In which you can find the config file, change the url (would be something like this):

to this:

  • https://your_token@github.com/your_name/repo_name.git

And thus, you won't need to provide token everytime you try to push.

Samir Tak
  • 11
  • 1