Skip to content

Instantly share code, notes, and snippets.

@JonasAlfredsson
Last active October 18, 2019 11:34
Show Gist options
  • Save JonasAlfredsson/fd129c2bb64b50418e9a0a022ca11bd1 to your computer and use it in GitHub Desktop.
Save JonasAlfredsson/fd129c2bb64b50418e9a0a022ca11bd1 to your computer and use it in GitHub Desktop.
Guide on how to create an authentication token to be used with HTTPS instead of SSH when it is blocked by a proxy.

GitHub Authentication Token Behind Corporate Proxy

When your are behind a corporate proxy it might be difficult to use SSH to communicate with github.com, since this type of traffic may be blocked. A way to get around this is to authenticate over HTTPS instead, and supplying a username and password.

However, if two factor authentication is enabled, as it should be, this method will fail since the current interface does not support this. The solution is to create an authentication token to use for this specific machine.

The even shorter version of this guide is

  1. Go to the token creation page.
  2. Click Generate new token.
  3. Set the following permissions, and let the rest remain unchecked.
    • repo
      • repo:status
      • repo_deployment
      • public_repo
      • repo:invite
    • gist
    • delete_repo
    • write:discussion
      • read:discussion
  4. Click Generate token.
  5. Copy the token now as this is the last time you will see it!

This token is now used as a password for authenticating via the CLI, but has limited permissions. As this token is hard to remember you can store this information in a file so authentications are done automatically.

Git is using curl in the background, which will check the file ~/.netrc to see if there are any credentials that match the current domain. If it doesn't already exist, create it and add the following:

machine github.com
login <username>
password <token>
protocol https

machine gist.github.com
login <username>
password <token>
protocol https

machine api.github.com
login <username>
password <token>
protocol https

Limit the permisssions of the file.

sudo chmod 600 ~/.netrc

This file is not protected well, so if you are defensive you might want to uncheck the delete_repo permission as well, as an additional precaution.

Now you should now be able to use GitHub over HTTPS without having to authenticate all the time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment