My current workflow includes typing the password. Log into a server, pull (or sometimes clone, checkout or even push), type in the creds and leave. I do not want to store my credentials on that machine and I do not always have the chance to access my own password manager on the same machine.
How are we supposed to do this after a password can no longer be used with GitHub on the command line? Should I actually carry a paper slip with an access token? Or am I obliged to configure SSH deploy key for every project on every server? It seems to require logging into github website and it's not like I have a GUI on those machines.
Is there any sane way? How would you do it, if you sit down in front of a linux bash and have to deploy a project on that machine, using that machine?
How you should handle this depends on what your needs are.
If you want to automate a deployment process for a machine, then using a deploy key for that machine is a good idea, since that's the exact purpose for which they're designed. Ideally your deployment processes are automated, and deploy keys are a good way to do that.
If your goal is to log into several machines via SSH and perform Git operations with a remote, you can use an SSH key. If you're logging in via SSH, then add your SSH key to your agent and forward your agent to the remote system with the -A option, which will let you perform the access as if you had that key on the remote system. This is the easiest and simplest solution if you can do so, and is even more convenient than typing your username and password.
If you need to log in to machines at the console, then generate an SSH key, add it to GitHub, and store it on a flash drive, at which point you can mount the flash drive and use the keys with Git by setting the environment variable GIT_SSH_COMMAND to ssh -oIdentitiesOnly=yes -i /mnt/path-to-key (substituting the path to the key).
Related
In the myhome/.ssh/ directory are local SSH keys for my personal GitHub account, the directory has the id_rsa and id_rsa.pub files that allow me to authenticate with GitHub.
I am setting up a server (compute engine on GCP), and this server needs these keys because it needs to authenticate to my GitHub to pull a repo. Should I either:
transfer over / SCP the currently-existing id_rsa, `id_rsa.pub that I have locally onto the server, and use those on the server.
create a brand new SSH key from on the server, and use this key. Add it to my GitHub profile.
it doesn't matter, either (1) or (2) is fine.
or something else?
(2) seems like the right approach, but we are not certain.
Indeed option 2. As a best practice, you should not share the same private key.
Go ahead and generate a new SSH key following the docs: https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh
Ever since Github changed it's policy to not accept username/password anymore, I'm having a difficult time logging in when I push a branch to the remote repo.
I've tried a PKA key, but I forget it sometimes and I have to regenerate. Then I stored it in a plain text file and copy-paste when needed. And this PKA key seems like an API key for one project, instead of a way to log in manually to push changes. This seems to me like not-the-way to go. And I can imagine professionals do this in a better way.
I'm using a Linux machine and git from the terminal. And a Windows 10 machine with Git Bash (Git for Windows). How should I configure my account and computers so that I can easily run git push origin master?
Is it possible to use 2FA in a way where I log in with my account username and password and verify my login with an authenticator app on my phone? And preferably trust my computer from future logins.
It seems like you want to store your credentials globally on your machine. Store your credentials in global git configuration file.
WARNING: Your credentials would be visible to everyone who uses your machine, but the config file is usually hidden /.config.
Store your credentials on your machine globally:
git config --global credential.helper store
Next time you enter your credentials, this will store your credentials. In next consequent times, you won't be prompt to enter credentials anymore.
I have an SSH keypair: private lives on my local Mac, public lives on several AWS cloud machines.
From my Mac, I can SSH to a cloud instance, call it "deploy server". From there, I need to deploy my application to several instances (I cannot deploy locally).
I authenticate to the other instances with my private key. I can do this by either leaving my private key on the deploy server (insecure), or SSH Agent Forwarding (probably not much better).
Moreover, the deploy takes a while, so I do it in a gnu screen or tmux session; then I just detach and end the SSH session with the deploy server meaning I cannot use SSH Agent Forwarding (as I believe it requires the SSH connection to remain open).
What other options are available to me?
You can use a deploy key. That is a server specific key that has read only access to the repository.
To use this, you need to:
Generate a private key for the server (ssh-keygen on the server)
Set it at the github repo as a deploy key (https://github.com/<user>/<repo>/settings/keys). That will grant read only permissions to the repo. You have a checkbox if you also need write access to it.
Read more on this github help guide. There you can see more methods for deploying from a server accessing a repository.
I'm trying to pull an existing github repo made on my local machine onto a vm running on EC2 that will be used by multiple people. I have some concerns with using an ssh key without a password, so I was wondering if there was any way to pull directly onto the VM either anonymously, or by providing the username and password of the account that originally pushed the repo, so that my personal information won't have to be stored on the vm, and there's no security risk in having someone get ahold of a password-less ssh key for the vm. Is this possible?
Currently running Ubuntu 12.04
I recommend generating a new key and adding it as deployment key to your specific repo.
These keys are linked to a specific repo, not your account.
Alot of options are also available here.
https://help.github.com/articles/managing-deploy-keys
I've set up a GitHub repository on my laptop today. I can submit code and all ... but now I want to have the same access with my PC. Do I need to configure the SSH keys etc all over again, with every box I want to work with?
You need SSH access on all computers that will commit code or sync with a private GitHub repository. You have two choices:
Use the same SSH key on all your client computers.
Use a different SSH key on each client computer.
Either way, your authorized SSH keys must be configured on GitHub to allow proper access. Obviously, option #1 is easier to manage, unless your Windows or Mac SSH client doesn't handle OpenSSH keys properly.
Git with apache (http or https), Nice and easy way (in my opinion).
Server: Configuring Apache HTTPS In order to share your repository. (authorization with htaccess)
Client: Install tortoiseGIT, in order to checkout, commit, update or branch.
Basically yes. You have to set up the security stuff, which is kind of unrelated to git itself. In the other PCs, you have to define a remote repository that contains the address of the repository on your computer. Then you can push to/pull from each other's repositories.