Github refused to clone a private repo:
$ git clone https://github.com/jamesbond/secretmission
Cloning into 'secretmission'...
Username for 'https://github.com': kilojoules
Password for 'https://[email protected]':
remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: Authentication failed for 'https://github.com/jamesbond/secretmission/'
In my opinion, the blog they post to is not clear about what I can do here. I am trying to add a security key to see if that helps. When I try to enter a security key on firefox on my mac, I see this: github.com wants to register an account with one of your security keys. You can connect and authorize one now, or cancel.
I have no calls actions available I am aware of past this point.
I'm out of my element. How do I connect and authorize a security key? When I use the firefox plugin, it asked for the issuer and secret, of which I have neither. Can I use an ethereum wallet as an authentication?
CodePudding user response:
In 2021 Github removed the use of passwords for authentication, so you will need to use 'token-based authentication'.
Here's a Youtube Video that I've found to be easier to follow: https://youtu.be/eZrOd5qM5WM
CodePudding user response:
To push to GitHub, you don't need to set up a security key. A security key is a special device that plugs into the USB port, such as a YubiKey, and typically acts as a second factor.
In your case, to push, you need to use a personal access token. While Git asks you generally for a username and password, GitHub doesn't permit the use of your actual login password here. You must go to the token page and create a personal access token that has at least the repo
scope. Then, when you're prompted for your password, paste the token in instead of entering your password (note that nothing will be echoed to the screen, including asterisks).
GitHub requires this for several reasons. First, passwords are generally of poor quality, whereas GitHub's tokens contain at least 128 bits of entropy and are effectively unguessable. Second, tokens can be restricted to have access to only some repositories or some functionalities, whereas having your password allows the attacker to log in and do anything. Third, tokens can be rotated or deleted if they're compromised, which is much easier than forcing the user to change their password. And finally, tokens typically have a special fixed form that makes it obvious when they're leaked, so if a token is leaked, it can be automatically revoked.