Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Github Two-Factor Authentication Failed For HTTPS

I heard from GitHub Two-Factor Authentication](https://github.com/blog/1614-two-factor-authentication) nearly a couple of days ago when I was reading my RSS feed. I enabled it and couldn' push to any of my repositories anymore. Learn in this blog post how to fix it.

Two-Factor Authentication

"Is a process involving two stages to verify the identity of an entity trying to access services in a computer or in a network". Github solves this authentication with sending an SMS to a device which wants to push to their platform.

Enabling Two-Factor Authentication

  1. Go to your Account Settings.
  2. Set up two-factor authentication.
  3. You'll be given the option of setting up 2FA either through a text message, or through an app you can download onto your smartphone.

Once you type in the number on your github page, your account is verified.

Setting Up Personal Access Token

Since you have enabled 2FA, you can create a personal access token.

  1. Go into your Account Settings.
  2. Click on Applications - this is where you can find the a section where you can create your "Personal Access Token"
  3. Save the password in some encrypted file.

Testing your Personal Access Token

Run:

$ curl -u <token>:x-oauth-basic https://api.github.com/user

If everythings works fine then you should get following json output:

{
  "login": "matthias-guenther",
  "id": 264708,
  "avatar_url": "https://avatars.githubusercontent.com/u/264708?",
  "gravatar_id": "9172bb642e29e9959f078f329308faa1",
  "url": "https://api.github.com/users/matthias-guenther",
  "html_url": "https://github.com/matthias-guenther",
  "followers_url": "https://api.github.com/users/matthias-guenther/followers",
  "following_url": "https://api.github.com/users/matthias-guenther/following{/other_user}",
  "gists_url": "https://api.github.com/users/matthias-guenther/gists{/gist_id}",
  "starred_url": "https://api.github.com/users/matthias-guenther/starred{/owner}{/repo}",
  "subscriptions_url": "https://api.github.com/users/matthias-guenther/subscriptions",
  "organizations_url": "https://api.github.com/users/matthias-guenther/orgs",
  "repos_url": "https://api.github.com/users/matthias-guenther/repos",
  "events_url": "https://api.github.com/users/matthias-guenther/events{/privacy}",
  "received_events_url": "https://api.github.com/users/matthias-guenther/received_events",
  "type": "User",
  "site_admin": false,
  "name": "Matthias Günther",
  "company": "",
  "blog": "http://wikimatze.de/about.html",
  "location": "Berlin",
  "email": "matthias@wikimatze.de",
  "hireable": true,
  "bio": "software developer, writer, hiker, jogger, and mobile apps lover",
  "public_repos": 64,
  "public_gists": 11,
  "followers": 54,
  "following": 65,
  "created_at": "2010-05-04T16:46:36Z",
  "updated_at": "2014-03-26T04:43:54Z",
  "private_gists": 0,
  "total_private_repos": 0,
  "owned_private_repos": 0,
  "disk_usage": 57682,
  "collaborators": 0,
  "plan": {
    "name": "free",
    "space": 307200,
    "collaborators": 0,
    "private_repos": 0
  }
}

If something went wrong, you should get a message like the following:

{
  "message": "Not Found",
  "documentation_url": "http://developer.github.com/v3"
}

Pushing To An HTTPS Github URL On Your Own

I had all my repositories checked out via HTTPS. But after enabling 2FA, you can't push to this repositories anymore.

$ git remote -v
  origin https://github.com/matthias-guenther/wikimatze.de.git (fetch)
  origin https://github.com/matthias-guenther/wikimatze.de.git (push)

$ git push origin master
  fatal: 'git@github.com/matthias-guenther/wikimatze.de.git' does not appear to be a git repository
  fatal: Could not read from remote repository.

  Please make sure you have the correct access rights
  and the repository exists.

I tried every combination of passwords, personal access token and even created a new ssh-key, but it won't work. I had to change the remote URL to git@github.com:matthias-guenther/wikimatze.de.git and it worked.

Pushing To An HTTPS GitHub URL On An Organization

I'm the maintainer of vimberlin.de and pushing my changes with the git@* remote URL hack did not work out very well:

$ git remote -v
  origin git@github.com/vimberlin/vimberlin.de.git (fetch)
  origin git@github.com/vimberlin/vimberlin.de.git (push)

$ git push
  fatal: 'git@github.com/vimberlin/vimberlin.de.git' does not appear to be a git repository
  fatal: Could not read from remote repository.

  Please make sure you have the correct access rights
  and the repository exists.

Most posts out there advices to use osxkeychain to save your credentials. Since I'm using Xubuntu for developing I had to search after another method.

Use .netrc File To Store Credentials

The .netrc file contains login and initialization information for managing the auto-login process.

All you have to do is to setup your crdentials in ~/.netrc:

machine github.com
login matthias-guenther
password <token>
protocol https

machine gist.github.com
login matthias-guenther
password <token>
protocol https

Where <token> is your personal access token. It would be silly to save your password in plain text.

Encrypt .netrc file with gpg

I assume that you already have your gpg key, you need to run the following command:

$ gpg --encrypt --armor --recipient matthias.guenther@wikimatze.de .netrc

And update the credentials helper:

$ git config --global credential.helper "netrc -f ~/.netrc.asc -v"

Now you can push again.

@shaekuronen

This comment has been minimized.

Copy link

@shaekuronen shaekuronen commented Nov 19, 2014

in the docs for Github 2F Auth, there's some info on how to use on the command line.

https://github.com/blog/1614-two-factor-authentication

Basically, for https, use Personal Access Token, generated at github.com/settings/applications. The ssh solution described here works, but if you still want to use https, good to go

Thanks for the gist, got me working again quickly!

@adsteel

This comment has been minimized.

Copy link

@adsteel adsteel commented Aug 10, 2015

Looks like there's a simpler way. After turning on two step authentication:

  1. Create a personal access token.
  2. When you go to push your repo, paste that token instead of typing your password
@akauppi

This comment has been minimized.

Copy link

@akauppi akauppi commented Oct 12, 2015

+1 for @adsteel. Worked for me.

@JMatharu

This comment has been minimized.

Copy link

@JMatharu JMatharu commented Oct 22, 2015

@adsteel , thanks , works for me :)

@holtzermann17

This comment has been minimized.

Copy link

@holtzermann17 holtzermann17 commented Oct 28, 2015

interestingly it did not work for me, though the longer tips above did. I wonder if I was pasting it wrong or what.

@coldcandor

This comment has been minimized.

Copy link

@coldcandor coldcandor commented Dec 24, 2015

For me, the issue was the remote origin URL. I had to change it to git@ in order for my SSH key to work. No password I used ever had an effect.

@ItGumby

This comment has been minimized.

Copy link

@ItGumby ItGumby commented Jan 3, 2016

It appears I just had to change the repo url. Your gist helped me resolve that. Thanks!

@carlbennett

This comment has been minimized.

Copy link

@carlbennett carlbennett commented Mar 28, 2016

Why would entering the access token every time you want to do anything with the git remote be easier than just using the method this Gist covers?

@samvyatkin

This comment has been minimized.

Copy link

@samvyatkin samvyatkin commented May 10, 2016

+1 for @adsteel. Also worked for me

@frost-byte

This comment has been minimized.

Copy link

@frost-byte frost-byte commented Dec 13, 2016

I was just running into a similar problem with a repo from one of my organizations. I also have two-factor authentication enabled.
I used my username and the personal access token that was created for the organization and then the following solution worked for me: git remote set-url git@github.com:organizationname/reponame.git

This was based upon the section in this gist called Pushing to an HTTPS Github URL on your own

This was on Windows 10 x64, using Git Shell (PowerShell). Once I'd updated the remote URL, I was then able to use Github for Windows to push/pull.

@petewillard

This comment has been minimized.

Copy link

@petewillard petewillard commented Jan 17, 2017

thanks @adsteel!

@jruivo-dev

This comment has been minimized.

Copy link

@jruivo-dev jruivo-dev commented Feb 6, 2017

Thank you, this solved my problem.

@twang2218

This comment has been minimized.

Copy link

@twang2218 twang2218 commented Feb 9, 2017

Thanks @adsteel, Personal Access Token as password works smoothly on https.

@BYVB

This comment has been minimized.

Copy link

@BYVB BYVB commented Feb 27, 2017

+1 @adsteel, worked for me

@quantuminformation

This comment has been minimized.

Copy link

@quantuminformation quantuminformation commented May 10, 2017

Personal Access Token worked for me thx!

@fahmilatib

This comment has been minimized.

@axelrindle

This comment has been minimized.

Copy link

@axelrindle axelrindle commented Jul 18, 2017

Thanks mate! Probably saved me some hours of trying and failing. 😄 👍

@byassine52

This comment has been minimized.

Copy link

@byassine52 byassine52 commented Aug 22, 2017

I Googled for hours trying and failing, and this post was the only one explaining how to do 2FA.
Now works like charm ;)

Shame on GitHub for not providing a decent documentation about this topic :(

@predevsign

This comment has been minimized.

Copy link

@predevsign predevsign commented Oct 11, 2017

@adsteel thanks a lot this worked perfect.

@eckucukoglu

This comment has been minimized.

Copy link

@eckucukoglu eckucukoglu commented Oct 18, 2017

yes we can use this personal access token as a password, however it is hard to remember, not safe to write it down.
i used to cache my github pw with a timeout. (https://help.github.com/articles/caching-your-github-password-in-git/). I believe re-authenticate the github session (that last max ~6h for me) for each time is more secure way. after 2-way authentication is enabled, it is almost impossible to use this feature.

@bonekost

This comment has been minimized.

Copy link

@bonekost bonekost commented Feb 2, 2018

Thanks. Saved hours ;)

@AndrejLavrinovic

This comment has been minimized.

@sio4

This comment has been minimized.

Copy link

@sio4 sio4 commented Feb 21, 2018

FYI, when I use personal access token, it requires scope 'repo'.

@Sylvia23

This comment has been minimized.

Copy link

@Sylvia23 Sylvia23 commented Feb 28, 2018

It worked for me. Thank you so much @adsteel. It was really helpful.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Apr 9, 2018

This information is no longer relevant. There is no "Personal Access Token" section.

@intere

This comment has been minimized.

Copy link

@intere intere commented Apr 20, 2018

@rquinlivan - there is a section for this "Personal Access Tokens", it's just moved: https://github.com/settings/tokens

@EdwardDiehl

This comment has been minimized.

Copy link

@EdwardDiehl EdwardDiehl commented May 31, 2018

thanks
check this
https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/

Once you have a token, you can enter it instead of your password when performing Git operations over HTTPS.

@alexzwir

This comment has been minimized.

Copy link

@alexzwir alexzwir commented Oct 14, 2018

Both ways work fine for me:

  1. Changing the URL (HTTPS -> SSH) with the command:
    git remote set-url origin
  2. Using the access token as the password.

Thanks @adsteel for sharing! =]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment