2 factor authentication and git

By Sachin
March 9, 2018

Google’s 2 Step Verification and GitHub’s 2 Factor Authentication are preferred & secured but they are quite confusing when using git. In this post lets see how to setup those and configure git using generated password/token to send patch using git-send-email & push commit to remote server using git-push.

Google’s 2 Step Verification

Using this link https://security.google.com/settings/security/apppasswords and setup App password. You need to login using your usual password first. After successful login, a section Password & sign-in method will show that your 2 Step Verification is Off. Click the arrow to turn on 2 Step Verification as shown below.

2StepVerification

Next, you need to provide your phone number to receive a verification code. You can get the code using Text message or a Phone call as show below. Enter phone number and click Next.

Enter Phone number

Enter verification code and click Next.

Enter verification code

and click TURN ON

Enter Phone number

This is also a good time to have alternate backup option. I use Free OTP but Google Authenticator is also good choice.

Enter Phone number

Next page will make you select the app and the device.

Select app & device

For sake of this post I want to use the token to send Email using git-send-email, I will select the app as Mail.

Select app

The device is nothing but my GNU/Linux system, I prefer to select Other (Custom name).

Select device

Name the app anything you want. As I plan to use the generated password for git-send-email, I prefer the same name. This also will help me to manage multiple apps in future. Click GENERATE to generate password.

Enter app name

A password is 16 characters. We need this password to send patches via git

Generate app password

Once the password is handy, create a file ~/git-credentials with following line. Replace <username> with Gmail login name and <16CharPassword> with generated password. (Note: This file is in plan text.)

1

smtp://<username>%40gmail.com:<16CharPassword>@smtp.gmail.com%3a587

Or store details in ~/.gitconfig

1
2
3
4
5
6
7
8
9
10

[user]
    name = <FirstName LastName>
	email = <username>@gmail.com
[sendemail]
	smtpEncryption = tls
	smtpServer = smtp.gmail.com
	smtpUser = <username>@gmail.com
	smtpPass = <16CharPassword>
	smtpServerPort = 587
	suppresscc = all

Or you can use git credential helper store to store above details

Test the settings by sending a patch,

1

git send-email --to=user@somedomain.com -1

GitHub’s 2 Factor Authentication

Generate new token using this link https://github.com/settings/tokens and click Generate new token as shown below,

Generate GitHub token

and store the token in ~/.git-credentials as below,

1

https://<GitHub username>:<GitHub Token>@github.com

Test the setting by pushing a commit.

Each credential is stored on its own line in file ~/.git-credentials file, something like,

1
2

smtp://<username>%40gmail.com:<16CharPassword>@smtp.gmail.com%3a587
https://<GitHub username>:<GitHub Token>@github.com

Reference

  1. git-send-email
  2. git-credential-store
  3. GitHub Gist