My question is the same as Github add SSH key from others will grant access to all repos?, except my use case is that I am working on a shared server with other contributors. We all need access to a certain repository on this server. However, since GitHub requires SSH now, how can I clone and use the repository without adding my SSH key to the server and allowing everyone else access to all of my personal repositories?
I have already added my teammates as contributors in the repo we want to clone; it would be nice if we could each individually use our username and passwords to interface with the repo (like the old HTTPS method of cloning git repositories) without having to share our private keys with each other. If there is an option to only allow SSH access to a specific repo, that would be nice as well.
The only workaround I can think of right now is to create a dummy GitHub account with the sole purpose of accessing this repo, and registering our SSH key with that GitHub account. But this seems very contrived and I'm wondering if there is a better solution to this problem.
A dummy github account with only the right permissions to access the one repo is what GitHub calls a Machine Account and is the recommended way to provide access under scenarios like these.
Alternatively, you could use a deploy token, those are bound to a single repo by default.
Related
On linux, I have just setup an ssh connection to one of my private repos on github, i have always used https up until now, one thing i dont understand though is how another contributor can access the repo if he wanted to clone it? Do i need to add another public key to the repo from him generating another rsa_id? And what if i want to clone it on another computer, do i need to transfer the key files?
You would normally use Github's mechanisms for access control. If you want to allow access to a private github repo, use the Collaborators tab under settings for the repo. You add people by Github user account and they manage their own SSH keys with github.
If you want to clone your own repo on a different machine then you'd need to add a new SSH key for that machine to your own account.
We have a Github pro account and have a Github repository for which we want to give read-only access to a few people. They should be able to get the code with this access but shouldn't be to modify this repository in any way.
Is this possible?
If your goal is to allow them to clone the repository but still modify it on their own system, you can do this by either assigning them as collaborators on the repository with the read privilege under Settings → Manage Access.
If your goal is to prevent them from modifying the repository even on their own systems once it's cloned, then that isn't possible.
I have on my Mac two GitHub users, one is for work and another is personal. I set them up following this tutorial:
https://medium.com/#ibrahimlawal/developing-with-multiple-github-accounts-on-one-macbook-94ff6d4ab9ca
I created a repo with my personal account, and tried to do a push with the work account, and to my surprise, it let me do this. I thought it should stop me from doing it because the work user should not have access to the personal GitHub. How can I avoid it? I want to be able to push to a personal repo with only my personal account, and to my work repos only with my work account.
The article is about managing two different SSH keys.
But if you can push, it might be because:
you are using an HTTPS URL
your work account credentials were cached (git config credential.helper: probably credential-osxkeychain on Mac: see "clear all Git credentials").
I've tried cloning a private repo (that I have access to) on GitHub and get this message:
Clone Failed
Could not connect to 'origin'. Double-check your remote url, then make sure you have access to do that action on that remote and try again.
I run Windows 10, I have connected Kraken to GitHub and ssh key works and I can push and pull repos to my other GitHub repos that are public just fine.
I was also able to clone the repo from the command line just fine.
For some reason, GitKraken does not use your existing HTTPS credentials to communicate with GitHub, nor does it use SSH on Windows. Instead it uses OAuth2, which means you need to grant OAuth2 access to GitKraken.
https://support.gitkraken.com/integrations/github
If no remotes or repositories are appearing in Add Remote or Clone, the likely cause is the need for an organization to allow access. GitKraken cannot see those repos when cloning or adding a fork unless the org specifically gives permission to GitKraken as an application.
First check to see if access is allowed to GitKraken from GitHub Applications
If access has been allowed, then the organization will need to allow Organization Approval
For details about third-party application restrictions view Third-party apps list
These are the steps I took and they worked for me:
You need to be an administrator in your GitHub Organization.
Access the GitHub GitKraken Application page and request access:
https://github.com/settings/connections/applications/a7557949433b7d282a76
You will see a list of your Organizations at the bottom. Click "Request access" if applicable.
If your Organization is not listed then you have other problems (are you using the correct GitHub user account? Are you a member of the Organization?)
This is what the page looks like for me:
Approve of the Access you just requested:
Access this page: https://github.com/organizations/YOUR_ORG_NAME/settings/oauth_application_policy
You can also access the page by going GitHub Settings > "Organization settings" > "Third-party access"
This page looks like this:
This is not the same page as your "Personal settings" > "Authorized applications" page ( https://github.com/settings/applications )
You should see GitKraken listed as requesting permission.
Click the Approve link to grant it access.
GitKraken should work now.
However, in my experience I don't reliably see the GitKraken request listed in the Requests list. I've contacted GitKraken Support for assistance.
You can use the "GitHub Enterprise" configuration instead of the "GitHub.com" configuration:
As the domain for your GitHub enterprise server just enter "GitHub.com".
Generate a personal access token.
This will work with all repos you have access to, even if the organization has not opted-in to allowing OAuth 2 apps to access them, and it works regardless of which version of GitKraken you're using (i.e. you don't need "Pro").
I had the same issue. I solved by disconnecting from my GitHub.com account in GitKraken. Then, when I tried to clone an organizational private repo, GitKraken asked me username and password. The repo was cloned successufuly.
The above answers are all correct, and granting access to your Github organization is still the recommended way to go if you want to take full advantage of GitKraken's features, but if your organization admins can't or won't grant access, Gitkraken supports SSH keys as well.
It'll only use them on existing repos if the URL of the remote is an SSH url (starts with ssh:), and it'll only clone over SSH if you allow it to generate its own SSH key. Go to Preferences > authentication > Github, and it should be able to clone any repo you have access to.
This seems like a simple question which should have a simple answer...
I'm trying to checkout a GitHub project. The project is owned by someone else, so someone else is the Owner. GitHub Collaborators have read/write access, and I have been granted collaborator rights on the project. Collaborators are slightly different than Contributors, who have simply provided a pull request in the past.
I'm trying to avoid the following because I do not want the source files in "read-only" mode:
git clone https://github.com/user/project.git
I feel like I need to identify myself, and send my password or SSH key. But GitHub's help at Which remote URL should I use? only discusses SSH in the context of a Desktop client. I guess they have an app they want me to use, but I don't really want to use one.
Note: I have information in Git's global config (user.name and user.email), but its not the correct information/credentials for these purposes.
How do I checkout a GitHub based project as a Collaborator from the command line?
Using the the HTTP endpoint instead of the the SSH one.
As an aside, when you say checkout do you mean clone, fork or pull?
for clone it would be similar to this:
git clone https://github.com/user/project.js.git
You will be prompted for your user name and password.