Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Setup git on the CLI to use 2FA with GitHub

These are instructions for setting up git to authenticate with GitHub when you have 2-factor authentication set up. This authentication should be inherited by any GUI client you are using. These are intentionally brief instructions, with links to more detail in the appropriate places.

  1. Download and install the git command-line client (if required).

  2. Open the git bash window and introduce yourself to git (if required):

    git config --global user.name 'Firstname Lastname'
    git config --global user.email 'firstname.lastname@gov.bc.ca'
    
  3. Turn on the credential helper to cache your credentials (so you only need to do this once):

    a. Windows (more detailed instructions here):

    git config --global credential.helper wincred
    

    b. Mac (more detailed instructions here):

    git config --global credential.helper osxkeychain
    
  4. Set up a personal access token for accessing GitHub repositories - I recommend giving it gist, repo, and user scope. Make sure you copy the token now as you won't be able to later

  5. Create a test repository in the bcgov organization.

  6. Clone the repository on the command line (terminal/git bash window):

    git clone https://github.com/bcgov/[my-test-repo]
    
  7. Make any change you want in your local repository. Eg., make or edit your README.md file.

  8. Add, commit, and push your changes:

    git add README.md
    git commit -m "Edit README"
    git push -u origin master
    

    At this point you'll be asked for your username and password. Enter your username, then in the password prompt paste your Personal Access Token you created in step 3. (Note: in the Windows git bash shell, paste with Shift+Insert or right-click -> paste)

  9. Now push AGAIN.

    git push
    

    You should NOT be asked for your username and password, instead you should see Everything up-to-date.

    Rejoice and close the shell. If your test repository isn't important, you can delete it from the bcgov GitHub account.

@soletan

This comment has been minimized.

Copy link

soletan commented Jun 26, 2018

What about Linux?

@Asdafers

This comment has been minimized.

Copy link

Asdafers commented Jun 29, 2018

+1 for Linux question :)

@dwurf

This comment has been minimized.

Copy link

dwurf commented Jul 1, 2018

For Linux, you can:

  • Use credential.helper cache to cache for 15 minutes.
  • Use credential.helper store to store the credentials unencrypted on disk
  • Enter the access token every time

There are other helpers floating around such as gnome/libsecret

@Vegemash

This comment has been minimized.

Copy link

Vegemash commented Sep 26, 2018

More secure Linux: https://askubuntu.com/a/811397 This changes your credential helper to an encrypted one

@Berkmann18

This comment has been minimized.

Copy link

Berkmann18 commented Jan 17, 2019

In fact for GNU/Linux and WSL.
It's as simple as:

git config --global credential.helper cache
# do whatever you need with git but using the token instead of your password

It's really odd to suggest creating a repo in a governmental organisation which doesn't allow that.

@nikita-fuchs

This comment has been minimized.

Copy link

nikita-fuchs commented Jun 19, 2019

What if many people work on the same repo on a server environment and would like to push changes ?

@thomscode

This comment has been minimized.

Copy link

thomscode commented Nov 13, 2019

@nikita-fuchs

There are 2 options here:

  1. Don't use a username in your remote's URL, this would force each person to specify their username each time they need to authenticate with the repository.
  2. Use the repository's SSH remote URL and have each user upload their public key to their account. This way whenever they are authenticating with the remote it uses their SSH key to do so.

With the SSH method, each person can set a their own passphrase on their SSH key pair, and add their SSH key to their agent on login. The passphrase will only need to be used to decrypt the private key when it's added to the agent. The agent handles the authentication from there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.