2 factor authentication and git
Google’s 2 Step Verification
and GitHub’s 2 Factor
Authentication
are preferred & secured but they are quite confusing when using git
.
In this post lets see how to setup those and configure git
using
generated password/token to send patch using git-send-email
& push
commit to remote server using git-push
.
Google’s 2 Step Verification
Using this link https://security.google.com/settings/security/apppasswords and setup App password. You need to login using your usual password first. After successful login, a section Password & sign-in method will show that your 2 Step Verification is Off. Click the arrow to turn on 2 Step Verification as shown below.
Next, you need to provide your phone number to receive a verification code. You can get the code using Text message or a Phone call as show below. Enter phone number and click Next.
Enter verification code and click Next.
and click TURN ON
This is also a good time to have alternate backup option. I use Free OTP but Google Authenticator is also good choice.
Next page will make you select the app and the device.
For sake of this post I want to use the token to send Email using
git-send-email
, I will select the app as Mail.
The device is nothing but my GNU/Linux system, I prefer to select Other (Custom name).
Name the app anything you want. As I plan to use the generated
password for git-send-email
, I prefer the same name. This also
will help me to manage multiple apps in future. Click GENERATE to
generate password.
A password is 16 characters. We need this password to send patches via
git
Once the password is handy, create a file ~/git-credentials
with
following line. Replace <username>
with Gmail login name and
<16CharPassword>
with generated password. (Note: This file is in
plan text.)
1
smtp://<username>%40gmail.com:<16CharPassword>@smtp.gmail.com%3a587
Or store details in ~/.gitconfig
1
2
3
4
5
6
7
8
9
10
[user]
name = <FirstName LastName>
email = <username>@gmail.com
[sendemail]
smtpEncryption = tls
smtpServer = smtp.gmail.com
smtpUser = <username>@gmail.com
smtpPass = <16CharPassword>
smtpServerPort = 587
suppresscc = all
Or you can use git credential helper
store
to store above
details
Test the settings by sending a patch,
1
git send-email --to=user@somedomain.com -1
GitHub’s 2 Factor Authentication
Generate new token using this link https://github.com/settings/tokens and click Generate new token as shown below,
and store the token in ~/.git-credentials
as below,
1
https://<GitHub username>:<GitHub Token>@github.com
Test the setting by pushing a commit.
Each credential is stored on its own line in file
~/.git-credentials
file, something like,
1
2
smtp://<username>%40gmail.com:<16CharPassword>@smtp.gmail.com%3a587
https://<GitHub username>:<GitHub Token>@github.com