I have repositories on GitHub, and have been using a user name and password to access them. All was working great. I could use various GIT commands on the command line, and GIT would automatically supply the password I entered once a long time ago. It saves this in a file in my personal directory.

I'm not too concerned about security, especially anyone else using any of my machines. I was fine with a user name and password.

Unfortunately, GitHub is now insisting on stronger security, whether I care or not. Authentication with just a user name and password won't work anymore soon. According to the nasty-gram emails I get, I need to use something called a Personal Access Token.

I went to the GitHub web site and generated such a token. To be sure I'm really using it, I deleted the lines associated with GitHub from the GIT CRD file (where login credentials are kept). Unfortunately, now I can't get access anymore. For example:

C:\embed\source\util>git push -u origin master
Fatal: HttpRequestException encountered.
Username for 'https://github.com': OlinLathrop
Password for 'https://OlinLathrop@github.com':
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/EmbedInc/util/'

Before this test, there was nothing in my GIT CRD file applying to GitHub at all.

Even before it asks me for my user name, the error on line 2 shows up. What is that all about? I never got that before.

I enter my GitHub user name on line 3, then it asks me for my password on line 4. According to GitHub, the new token is supposed to work like a password. I try to paste it in response, but echo is turned off so I don't know if the paste worked. It's something like 40 characters of gobbledygook, so not much chance of typing it correctly, especially when I can't see the result.

In any case, the request always fails.

I generally use GIT from the command line, including doing pulls and pushes to "remote", which is set up to point to the repository on GitHub in this case. If I type my old password instead of the new token, it works, and the appropriate entry is added to the GIT CRD file.

How do I access my GitHub reposistories with the new Personal Access Token when using GIT on the command line?

Alternatively, How can I set up my GIT CRD file so that GIT automatically supplies the necessary credentials?

This is on machines running Windows 7 and Windows 10. The above example was on Windows 7.

Why not just use SSH?

Because

1. I'm not familiar with it. I'd rather keep doing what I've been doing. I've got firmware and software to get on with. Sys admin activities are just overhead for me, and it's not my expertise.
2. I thought SSH means running a command shell on my local machine, that is actually executing commands on a remote machine. I don't see how that solves the problem. I'm having problems with GIT commands running locally, trying to access a remote repository.
3. I thought the first S in SSH stands for "secure". That implies some authentication mechanism. It seems this is just pushing the problem from one place to another. If GitHub insists on the personal authentication tokens, I expect they're going to want them for all means of access to their site.
4. I have various GIT actions canned into scripts.

The answer by ArtOfCode suggests to update GIT, so I did that. I installed the latest as of an hour ago. Before the update "git --version" said 2.7.3.windows.1, and now it says 2.23.0.windows.1.

However, now I have a different problem when I try the same thing as above:

remote: Password authentication is temporarily disabled as part of a brownout. Please use a personal access token instead.
remote: Please see https://github.blog/2020-07-30-token-authentication-requirements-for-api-and-git-operations/ for more information.
fatal: unable to access 'https://github.com/EmbedInc/util/': The requested URL returned error: 403

I am trying to use the personal access token, but wasn't given an opportunity enter it. There were no prompts or popups. The message above came out immediately.

What do I do with the personal access token so that it eventually gets passed to GitHub when needed? I went to the URL above, but that was a general description of how they are getting more strict with security, and the details were over my head as a GIT user that just wants to push and pull to repositories on GitHub occasionally.

SSH Confusion

There have been more comments about using SSH that don't make sense to me. Right now, I run GIT commands by entering them on the command line, or by running BAT files that run GIT for me.

SSH is a separate shell that lets you run commands on a remote system. How does that address the problem? I'd first have to run SSH to get into this remote shell, then run GIT commands. However, then I'd be running GIT on the remote machine. It sounds like quite a hassle to have to go back and forth between running commands locally and on the remote machine, but how does running them on the remote machine help in the first place? I'm still working in my local repository. I just want to pull and push to a remote repository. Are you saying I'm supposed run a pull remotely when I really want to do a push, for example. But then how would the remote machine be able to access my data? That sounds like a huge security hole, even if I did know how to set it up.

I'm obviously missing something here.

posted almost 3 years ago

CC BY-SA 4.0

3y ago by FoggyFinder‭

Olin Lathrop‭

850 reputation 3 25 70 19