Skip to content

Instantly share code, notes, and snippets.

@ateucher

ateucher/setup-gh-cli-auth-2fa.md

Last active June 28, 2022 07:16
Show Gist options
  • Save ateucher/4634038875263d10fb4817e5ad3d332f to your computer and use it in GitHub Desktop.
Save ateucher/4634038875263d10fb4817e5ad3d332f to your computer and use it in GitHub Desktop.
Download ZIP
Setup git on the CLI to use 2FA with GitHub
Raw
setup-gh-cli-auth-2fa.md

These are instructions for setting up git to authenticate with GitHub when you have 2-factor authentication set up. This authentication should be inherited by any GUI client you are using. These are intentionally brief instructions, with links to more detail in the appropriate places.

  1. Download and install the git command-line client (if required).

  2. Open the git bash window and introduce yourself to git (if required):

    git config --global user.name 'Firstname Lastname'
git config --global user.email 'firstname.lastname@gov.bc.ca'

  3. Turn on the credential helper to cache your credentials (so you only need to do this once):

    a. Windows (more detailed instructions here):

    git config --global credential.helper wincred

    b. Mac (more detailed instructions here):

    git config --global credential.helper osxkeychain

  4. Set up a personal access token for accessing GitHub repositories - I recommend giving it gist, repo, and user scope. Make sure you copy the token now as you won't be able to later

  5. Create a test repository in the bcgov organization.

  6. Clone the repository on the command line (terminal/git bash window):

    git clone https://github.com/bcgov/[my-test-repo]

  7. Make any change you want in your local repository. Eg., make or edit your README.md file.

  8. Add, commit, and push your changes:

    git add README.md
git commit -m "Edit README"
git push -u origin master

    At this point you'll be asked for your username and password. Enter your username, then in the password prompt paste your Personal Access Token you created in step 3. (Note: in the Windows git bash shell, paste with Shift+Insert or right-click -> paste)

  9. Now push AGAIN.

    git push

    You should NOT be asked for your username and password, instead you should see Everything up-to-date.

    Rejoice and close the shell. If your test repository isn't important, you can delete it from the bcgov GitHub account.

@soletan
Copy link

soletan commented Jun 26, 2018

What about Linux?

@Asdafers
Copy link

+1 for Linux question :)

@dwurf
Copy link

dwurf commented Jul 1, 2018

For Linux, you can:

  • Use credential.helper cache to cache for 15 minutes.
  • Use credential.helper store to store the credentials unencrypted on disk
  • Enter the access token every time

There are other helpers floating around such as gnome/libsecret

@Vegemash
Copy link

Vegemash commented Sep 26, 2018
edited

More secure Linux: https://askubuntu.com/a/811397 This changes your credential helper to an encrypted one

@Berkmann18
Copy link

In fact for GNU/Linux and WSL.
It's as simple as:

git config --global credential.helper cache
# do whatever you need with git but using the token instead of your password

It's really odd to suggest creating a repo in a governmental organisation which doesn't allow that.

@nikita-fuchs
Copy link

What if many people work on the same repo on a server environment and would like to push changes ?

@thomscode
Copy link

@nikita-fuchs

There are 2 options here:

  1. Don't use a username in your remote's URL, this would force each person to specify their username each time they need to authenticate with the repository.
  2. Use the repository's SSH remote URL and have each user upload their public key to their account. This way whenever they are authenticating with the remote it uses their SSH key to do so.

With the SSH method, each person can set a their own passphrase on their SSH key pair, and add their SSH key to their agent on login. The passphrase will only need to be used to decrypt the private key when it's added to the agent. The agent handles the authentication from there.

@olotintemitope
Copy link

Thanks

@cristianhoyos66-zz
Copy link

For linux to save the credentials (user and password whose value which will be the access token) you can use https://git-scm.com/docs/git-credential-cache with --timeout option defining the time you want it to be saved.

This a better option for me, howevere you can still use https://git-scm.com/docs/git-credential-store but it will save the data inside your disk.

@TheM0nk25
Copy link

What about VMs where you cant just c/p the token?

@paultech4u
Copy link

For Linux, you can:

  • Use credential.helper cache to cache for 15 minutes.
  • Use credential.helper store to store the credentials unencrypted on disk
  • Enter the access token every time

There are other helpers floating around such as gnome/libsecret

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment