Authenticating to Remote Git Repositories
This documentation outlines how to connect to remote Git repositories, in particular how to avoid entering a password or authentication token each time.
Git provides multiple protocols for authenticating to and interacting with remote Git repositories. This documentation focuses on GitHub but the ideas are relevant for other platforms.
There are three main approaches you can take:
- Using a personal authentication token or password
- Using an SSH key
- Using your GitHub password with 2-factor authentication
With either of the first two approaches you can avoid entering a username and password each time you interact with the remote repository, as discussed below.
Before going into details, note that you can run the following (generally run from a directory within a repository) to see how things are configured:
git config -l
In what follows, I'll refer to the account or organization the repository exists in as ACCOUNT and the repository as REPO.
Using HTTPS with a personal authentication token or a password
The standard way to interact with a repository is via HTTPS. You can clone a repository using HTTPS like this:
git clone https://github.com/ACCOUNT/REPO
You'll be asked to enter your username and password (where the latter could be either your GitHub password or your personal authentication token).
As of fall 2021, GitHub will no longer allow usage of a password alone. One good option is to use a personal authentication token in place of a password.
Saving your password or token to avoid entering it
You can save, or cache, your credentials so that you don't have to reenter them each time you interact with the remote repository.
Your credentials can be stored in the keychain of your operating system or cached in memory or in a file.
To cache in memory, in the MacOS keychain, or in the Windows keychain, choose the relevant one of these three invocations:
# in memory: git config --global credential.helper cache # MacOS git config --global credential.helper osxkeychain # Windows git config --global credential.helper wincred
To set the cache in memory to last for a particular amount of time, here 3600 seconds (i.e., 1 hour):
git config --global credential.helper 'cache --timeout=3600'
If you prefer to set the credential helper on a repository-specific basis, you can omit the '--global' flag.
To check if the credential helper is set up:
git config --get credential.helper
To use SSH, you need to put your SSH public key in your GitHub account. Your public key file is found in the ~/.ssh directory on a Mac or Linux machine and will generally be a file ending in .pub. Go to https://github.com/settings/keys and copy/paste your public key from the public key file.
You can then clone a repository using syntax of either of the following types:
git clone email@example.com:ACCOUNT/REPO.git git clone ssh://github.com/ACCOUNT/REPO
To confirm you are using ssh, run
git config --get remote.origin.url
If you see either of the following, you know you're using SSH to interact with the repository.
Avoiding having to enter your SSH passphrase
Note that you may be asked to enter your SSH passphrase when interacting with a repository. To avoid having to keep doing this, you can add your passphrase to your running SSH authentication agent, like this (assuming here your key is called 'id_rsa'):
Note that you might need to start your SSH agent with:
eval `ssh-agent -s`
More details on using the SSH agent can be found here.
If you have a repository that is using HTTPS and you want to switch to SSH, you can run either of these invocations from within a directory within your repository:
git config remote.origin.url firstname.lastname@example.org:ACCOUNT/REPO.git git remote set-url origin email@example.com:ACCOUNT/REPO.git
Using a password plus two-factor authentication
Finally, if you want you can use your GitHub password (potentially saved via credential.helper as discussed above so you don't have to enter it), rather than a token or SSH, and enable two-factor authentication.