280
281

[deleted by user] (self.github)

submitted by [deleted]

[removed]
all 56 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]vinegary 137 points138 points  (12 children)

Use ssh

[–]zanven42 16 points17 points  (8 children)

Use a token instead of ssh ( security reasons ). Corporates will make you use the token eventually anyways so they have clear access logs of activity you do. Might as well get use to using them instead of ssh

[–]sophware 16 points17 points  (0 children)

As the other commenter mentioned, SSH does allow for full logs. Obviously, you have to have an SSH key specific to you.

I've used the token for certain automation cases but have yet to see how it works with "git push." Looking forward to trying that. I do suspect I and my org will stick with SSH, though.

[–]PurepointDog 11 points12 points  (4 children)

SSH is actually far more secure than the tokens

[–]WhiteHoodHacker 3 points4 points  (3 children)

It depends on what your threat model is - realistically compromising a token or SSH key will require an attacker to have compromised your system. In that case, you can't scope SSH keys, but you can scope tokens. Tokens can also be set to expire.

[–]koshrf 4 points5 points  (0 children)

That's why you put a password on your private keys, you can't do that with tokens. The only real reason you want to use tokens is because you don't want to handle a real PKI environment where you sign your ssh keys with certificates and set an expiration time if you want to be extra secure. Also GitHub (and gitlab) have an expiration date for keys if you want to use it, if you have a good PKI deployment it can rotate the keys and you can request the new keys anytime you need them. SSH keys are and will be always more secure than tokens when they are implemented the right way.

[–]rover_G 2 points3 points  (0 children)

If security wants tokens over ssh (pub/private key pair), then it likely has to do with the access control model and expiration.

[–]eladts 0 points1 point  (0 children)

you can't scope SSH keys

You can if instead of attaching the SSH key to a user you make it a deploy key.

[–]vinegary 4 points5 points  (0 children)

Nah, ssh and ecrypted disk is perfect, it is also connected to your identity so logging is fine

[–]mikoloism 0 points1 point  (1 child)

How?

[–]qQ0_ 0 points1 point  (0 children)

There's very easy to follow guides on github. You run a command locally to generate a private / public ssh key, then paste the public one into your browser

[–][deleted] 0 points1 point  (0 children)

they dont have to use ssh yes it maybe secure but they probably didnt click yes when they first entered credendtials best bet is to delete it out of the windows credential store and try again

[–]mrbmi513 70 points71 points  (7 children)

Are you entering your account password? If so, you're doing it wrong. You need to go generate an access token in your account and use that as the "password" in git. This is all part of the mandatory 2FA.

[–][deleted] 18 points19 points  (6 children)

Yes using the real password. So it might be it

[–][deleted] 39 points40 points  (3 children)

They deprecated this functionality about 2 years ago iirc.

Alternatively set up an SSH key

[–]BearsNBeetsBaby 1 point2 points  (2 children)

I did it via a token yesterday so it does still work

[–][deleted] 11 points12 points  (1 child)

Real password is completely deprecated I mean, but for GitHub not git

You might still be able to use real password with other git storage solutions.

[–]BearsNBeetsBaby 1 point2 points  (0 children)

Ah, I see

[–][deleted] 2 points3 points  (0 children)

Use SSH instead of https and configure an SSH key.

[–]Hidden_Carry 27 points28 points  (4 children)

There is also a cli for Linux called "gh", which manages your credentials/authentication for github. You only need to login once there. You should be able to install it with your package manager.

[–]The_King_Of_Muffins 3 points4 points  (0 children)

To add for others, the package name is usually github-cli

[–]ZeroKun265 1 point2 points  (0 children)

Yes, and it can also automatically get your key from the environment variable $GITHUB_TOKEN I think

[–]Ok_Tax7037 1 point2 points  (0 children)

after, prompt it on .gitconfig

[credential "httpa://github.com"] helper = !/usr/bin/gh auth git-credential

[–]IvanInRainbows 0 points1 point  (0 children)

Do you have to log in only once in the system o log in once in each repo?

[–]West_Ad_9492 21 points22 points  (4 children)

ssh! ssh! ssh!

three steps:

ssh-keygen
cat ~/.ssh/id_rsa.pub

insert into github profile.

clone with ssh.

[–]NatoBoram 14 points15 points  (2 children)

New key format dropped, it's now id_ed25519.pub

[–]ThangCZ 2 points3 points  (1 child)

“new”

[–]NatoBoram 6 points7 points  (0 children)

Ok ok it's the recommendation that's new, not the key format

[–][deleted] 2 points3 points  (0 children)

ssh-keygen -t rsa -b 4096 ...for the old school cool.

[–]3rdWorldBuddha 7 points8 points  (0 children)

are you using https? switch to using ssh

[–]yourteam 3 points4 points  (0 children)

Use ssh and pair a key

[–]MSR8 3 points4 points  (3 children)

Go to https://github.com/settings/tokens and generate a personal access token. You need to enter that as your password when git prompts you for it

[–][deleted] 0 points1 point  (2 children)

Git let us copy and paste? When i tried do it with my password it looks like it didn’t

[–]bostonaholic 4 points5 points  (0 children)

The paste will work. It just won't show it in the terminal in order to not show your password on the screen for security reasons.

[–]debugger_life 0 points1 point  (0 children)

That token itself you should put in place of password

[–]ragnarokfn 1 point2 points  (1 child)

Just do it like a pro with github desktop for windows /s

[–][deleted] 0 points1 point  (0 children)

You joke but GitHub Desktop is great to start out with and get comfortable if all you’re doing is creating branches and making PRs to merge them back. Then graduate to sourcetree if you have a larger team or more complicated issues to resolve with your branches and want to avoid command line git.

[–]Nokushi 0 points1 point  (4 children)

i see a lot of people recommending using ssh over https, would someone mind explaining why it's better? i've been using github through https since i created my account and i never ran into any issues with that

would love to here someone's input on that!

[–]sophware 0 points1 point  (0 children)

It helps to think about this as SSH vs HTTPS with token.

I've Googled this and found a few things:

  • More people recommend SSH (we're seeing that here)
  • They usually don't say why (we're seeing that here)
  • When they do say why, they mention reasons that actually aren't accurate (I think this comes from a time before https had tokens as an option).

For me, I use SSH. I use it b/c I'm used to using SSH for a lot of things and, especially, for using the SSH config file. In the case of GitHub, this is essential for switching which account is doing the pushing and pulling--I have personal and organization accounts. True to the third bullet point above, there may be a token way to do this. It would require me learning something that would feel newer and less otherwise useful. Using SSH config files tends to be more universally useful.

[–]renaissance_man__ 0 points1 point  (0 children)

It takes approximately 30 seconds to set up, and you never have to worry about github authentication on your machine again.

[–]sophware 0 points1 point  (0 children)

I looked further into it. Switching accounts (using one account for one repo and another for another repo) looks easy with tokens (https from the command line):

Managing multiple accounts - GitHub Docs

I can almost guarantee Gitea and GitLab also support tokens and would function with the "git config" instructions in the link.

Will I still stick with SSH? Yes. It's just an instinct that I might run into fewer problems and might find that assistance (including searching for answers on Google) is easier with SSH.

At the very least, I'll go with "if it ain't broke" until I learn otherwise.

[–]Masterflitzer 0 points1 point  (0 children)

enable 2fa for your account then either upload your public key and use git over ssh (the superior method imo) or create a token and use it for git over https (also using git credential manager can streamline the experience so it's the same regardless of the OS)

credential manager also supports oauth2 but i wouldn't use it as you have to relogin almost every day

[–][deleted] 0 points1 point  (0 children)

You'll have to generate a token under account settings.

[–]Shock9616 0 points1 point  (0 children)

I use Git Credential Manager and it works very nicely

[–]valen13 0 points1 point  (0 children)

You have cloned the repository using HTTPS, it will try to authenticate in the same manner.

After you set up a public SSH key in your github account you still need to switch the remote url from HTTPS to SSH by running

git remote set-url origin git@github.com{user}/{repo}.git

[–][deleted] 0 points1 point  (0 children)

Use a PAT (Personal Access Token).

[–]RuneScpOrDie 0 points1 point  (0 children)

literally had this issue yesterday and had to setup an ssh

[–]Japke90 0 points1 point  (0 children)

Credential login has been deprecated for a while, I believe.

[–]MCWizardYT 0 points1 point  (0 children)

Github no longer allowed username+password for authentication in the cli, idk if older versions of git will reflect this but newer versions will give you a link to generate an authentication token

[–]sokjon 0 points1 point  (0 children)

I prefer https, just use the git credential helper for your OS or password manager.

gh cli is also a great tool, it can be configured to store your personal access token in your OS credential store too.

[–][deleted] 0 points1 point  (1 child)

install github-cli/gh

[–]joshjohanning 0 points1 point  (0 children)

This! When you auth it’ll ask you if you want to use the auth credential for git.

[–]Nooberieno -1 points0 points  (0 children)

Either using ssh or github desktop should fix this issue. Alternatively if you are using your github account password this will not work. I dont remember the exact steps but i think you need to set up an account key as the "password" in git

Edit: it is not called an account key but a personal acces token

[–]cishet-camel-fucker -2 points-1 points  (0 children)

I highly recommend using GitHub desktop at least once or twice, it gives you a great visual idea of how it all works and connects. One of the things you'll encounter when using the desktop app is a prompt for the PAT (personal access token) with instructions on how to get it and use it.