将 Git 客户端(如 Windows 版 GitHub)配置为不要求身份验证 [英] Configure Git clients, like GitHub for Windows, to not ask for authentication
问题描述
我已经为 Windows 安装了 GitHub 和 GitExtensions,并且在我的路径中有多个版本的 git.exe.
C:UsersRajatAppDataLocalGitHubPortableGit_93e8418133eb85e81a81e5e19c272776524496c6cmdgit.exeC:UsersRajatAppDataLocalGitHubPortableGit_93e8418133eb85e81a81e5e19c272776524496c6ingit.exeE:cygwiningit.exeC:Program Files (x86)Gitcmdgit.exeC:Program Files (x86)Gitingit.exe现在,当我使用最后三个 git.exe 中的任何一个执行 git push origin master 时,它会询问我的用户名.但是便携式 Git 不要求输入用户名.请参阅以下屏幕截图:
心形字符只是一个^C所以忽略它.
在这种情况下如何处理身份验证?最终我希望最后三个 Git 不要求授权.这怎么可能?
我在 GitHub 的 Git 中发现了两个额外的文件,但我怀疑它们根本不重要:
对于 GitHub for Windows 本身,)客户端,输入相同的 2FA 密钥,然后查看与您通过 SMS 消息获得的完全相同的代码.
除此之外,如果您没有电话服务,它仍然可以工作;)
当然,,一个漂亮的双因素桌面客户端,(:gpg 加密)
您至少需要在该文件中加密这两个凭据:
machine github.com登录用户名密码xxx协议 https机器要点.github.com登录用户名密码xxx协议 https然后你只保留一个 ~/.netrc.gpg 或 %HOME%/_netrc.gpg
但是,如果您启用上述新的双因素身份验证,xxxx"将不会是您的 GitHub 帐户:请参阅下一节有关个人访问令牌"的内容.
生成个人访问令牌
如果您已激活 2FA,您将无法使用 GitHub 密码进行推送.
匿名访问 user/repo.git 被拒绝
这是你会看到的(gpg 部分是因为我使用了
您需要保存:
- 您的 GitHub 帐户密码
- 您的 2FA 密钥
- 您的 2FA 恢复代码
- 您的个人令牌
I have installed GitHub for Windows and also GitExtensions and have multiple versions of git.exe in my path.
C:UsersRajatAppDataLocalGitHubPortableGit_93e8418133eb85e81a81e5e19c272776524496c6cmdgit.exe
C:UsersRajatAppDataLocalGitHubPortableGit_93e8418133eb85e81a81e5e19c272776524496c6ingit.exe
E:cygwiningit.exe
C:Program Files (x86)Gitcmdgit.exe
C:Program Files (x86)Gitingit.exe
Now, when I do git push origin master with any of the last three git.exes, it asks for my username. But the Portable Git doesn't ask for username. See the following screenshot:
The heart-shaped character is just a ^C so ignore that.
How is authentication being taken care of in this case? Ultimately I want the last three Gits to not ask for authorization. How's that possible?
I found two extra files in the GitHub's Git but I doubt they matter at all:
For GitHub for Windows itself, Paul Betts (GitHub staff) gently reminds everyone that G4W already includes a credential helper (based on CryptProtect and I suppose the CryptProtectData function)
See his answer below.
For those who don't use G4W, read on.
To add to my previous answer (when pushing to GitHub through the console/command-line):
A file like ~/.netrc (on Unix) or %HOME%/_netrc (on Windows) can help you to avoid entering your credential for every git push you would make to GitHub.
You can store as many credentials you need in a netrc file.
(for GitHub or other repo hosting providers)
But:
- you don't want to store your main GitHub password account
- you don't want those in a plain text file.
The following sections address those issues:
Enable the two-factor authentication (2FA) on your GitHub account
(September 3rd, 2013)
Configure 2FA through an application, always through an app, never through a text SMS, if you can avoid it.
The reason is, through that activation process, you have access to your two-factor secret key, which is used to generate the second factor authentication every 30 seconds:
That way you can go to any GAuth (Google Authenticator) client, enter that same 2FA secret key, and see the exact same code you would get through SMS message.
Except that, if you don't have phone service, it still works ;)
Of course, the first client to use is GAuth on your android phone or your iphone.
That means you don't have to wait for an SMS, and you keep your 2FA on your phone.
However, having your secret key allows you to not be limited to a client on your phone.
You can go to any other client, like:
- JAuth, a beautiful two factor desktop client, (codeon GitHub)
- html5-google-authenticator: a GAuth Authenticator client web page where you can see your token generated every 30 seconds, like you would see them on your phone or through SMS.
- a desktop system tray
- a browser extension (like gauth-authenticator for FireFox)
For all those clients (on your phone with GAuth, or with a desktop client or a web page), you will need your two-factor secret key.
If you activated your 2FA through SMS:
- you don't know your secret key
- you can't use any other GAuth client
- you are limited to receiving your token through your phone (if you have phone service and/or if you have your phone at all)
Note: if you have added a key in your Gauth client on Android, without having memorized first said secret key, all is not lost.
(but you need a rooted phone though)
$ adb shell
# sqlite3 /data/data/com.google.android.apps.authenticator/databases/databases
sqlite> select * from accounts;
1|your@email.address|your2factorkey|0|0
sqlite> .quit
#exit
Don't forget to get and then save the associated recovery codes (in the Account Settings section of your GitHub account):
(See also the last section about where to save those codes)
Encrypt your _netrc file
(see the credential helper netrc with git1.8.3+: gpg encryption)
You need to encrypt in that file at least those two credentials:
machine github.com
login username
password xxxx
protocol https
machine gist.github.com
login username
password xxxx
protocol https
You then keep only a ~/.netrc.gpg or %HOME%/_netrc.gpg
But, if you enable the new two-factor authentication described above, 'xxxx' won't be your GitHub account: see the next section about "Personal Access Token".
Generate a Personal Access Token
You won't be able to push with your GitHub password if you have activated 2FA.
Anonymous access to user/repo.git denied
Here is what you would see (the gpg part is because I use the netrc credential helper):
C:UsersVonCproggitgit>git push origin
Using GPG to open %HOME%/_netrc.gpg: [gpg2 --decrypt %HOME%/_netrc.gpg]
You need a passphrase to unlock the secret key for
user: "auser <email@email.com>"
2048-bit RSA key, ID A2EF56, created 2012-09-12 (main key ID DC43D6)
remote: Anonymous access to VonC/git.git denied. <=====
fatal: Authentication failed for 'https://VonC@github.com/VonC/git/' <=====
So go to the Developer section of your GitHub Account (subsection Personal access tokens), and generate a Personal Access Token:
That token won't require a two-factor authentication: you can use it as password in your _netrc file, and you will be able to just push to GitHub.
But the difference with your main GitHub account password is:
You can revoke a personal access token (and generate a new one), while still keeping your main password unchanged.
If you had encrypted your main GitHub password in your ~/.netrc.gpg file, you can replace it with your new personal token:
gpg -d %HOME%\_netrc.gpg | sed "s/yourPassord/YourPersonalAccessToken/g" | gpg -e -r auser --yes -o %HOME%\_netrc.gpg
In multiple line for readability:
gpg -d %HOME%\_netrc.gpg |
sed "s/yourPassord/YourPersonalAccessToken/g" |
gpg -e -r auser --yes -o %HOME%\_netrc.gpg
That works even on Windows, with the help of the unix-like GoW (Gnu on Windows) command, which includes sed.
Save your GitHub credentials
I recommend an online credential storage like lastpass.com
You need to save:
- Your GitHub account password
- Your 2FA secret key
- Your 2FA recovery code
- Your personal token
这篇关于将 Git 客户端(如 Windows 版 GitHub)配置为不要求身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
