0

I have used git a lot. I am wondering how does git authenticate because

git config --global user.name "Jane Doe"
git config --global user.email "janedoe@gmail.com"

does not ask for password.

I can push without the password. Does this mean anyone with my email can push to my github account?

Daemon Painter
  • 3,208
  • 3
  • 29
  • 44
PalPalash
  • 122
  • 1
  • 9

1 Answers1

2

The user.name/email is not about remote authentication, but about local commit authorship (the committer user name/email associated with the commit you are creating locally)

If you push without entering any credentials, it can be:

  • because you are using an HTTPS URL and the credentials were already cached by the git config credential.helper
  • because you are using an SSH URL and:
    • the private key is not passphrase-protected
    • or the private key is passphrase-protected and said passphrase is added to a running ssh-agent
matt
  • 515,959
  • 87
  • 875
  • 1,141
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • services like GitHub, however, _may_ use just the pair name/email to put avatars in the UI. For that reason, somebody else (with access and rights to push to your repo) may sign off commits under your name, just knowing your name and email, and be off with it. I, on the other hand, often sign commits with multiple personalities in my company, because I forgot to update the git settings before starting on a new project. – Daemon Painter Jan 11 '21 at 08:32
  • 2
    @DaemonPainter I agree. That is why I always use `git config --global user.useConfigOnly true`: that forces me to set user.name/email on each new project at the first `git commit`: see https://stackoverflow.com/a/58038687/6309 – VonC Jan 11 '21 at 09:51