Sachin Patil

Sachin

Free software developer & Emacser

2 factor authentication and git

Google’s 2 Step Verification and GitHub’s 2 Factor Authentication are preferred & secured but they are quite confusing when using git. In this post lets see how to setup those and configure git using generated password/token to send patch using git-send-email & push commit to remote server using git-push.

Google’s 2 Step Verification

Using this link https://security.google.com/settings/security/apppasswords and setup App password. You need to login using your usual password first. After successful login, a section Password & sign-in method will show that your 2 Step Verification is Off. Click the arrow to turn on 2 Step Verification as shown below.

Enable 2 Step Verification
Figure 1: Enable 2 Step verification

Next, you need to provide your phone number to receive a verification code. You can get the code using Text message or a Phone call as show below. Enter phone number and click Next.

Enter Phone number
Figure 2: Enter Phone number

Enter verification code and click Next.

Enter verification code
Figure 3: Enter verification code

and click TURN ON

Turn On 2 Step verification
Figure 4: Turn On 2 Step verification

This is also a good time to have alternate backup option. I use Free OTP but Google Authenticator is also good choice.

Choose alternative application
Figure 5: Choose alternative application

Next page will make you select the app and the device.

Select app and device
Figure 6: Select app and device

For sake of this post I want to use the token to send Email using git-send-email, I will select the app as Mail.

Select app and device
Figure 7: Select app and device | App

The device is nothing but my GNU/Linux system, I prefer to select Other (Custom name).

Select app and device
Figure 8: Select app and device | Device

Name the app anything you want. As I plan to use the generated password for git-send-email, I prefer the same name. This also will help me to manage multiple apps in future. Click GENERATE to generate password.

Generate password for an application
Figure 9: Generate password for an application

A password is 16 characters. We need this password to send patches via git

Generate app password
Figure 10: Generate app password

Once the password is handy, create a file ~/git-credentials with following line. Replace <username> with Gmail login name and <16CharPassword> with generated password. (Note: This file is in plan text.)

smtp://<username>%40gmail.com:<16CharPassword>@smtp.gmail.com%3a587

Or store details in ~/.gitconfig

[user]
    name = <FirstName LastName>
    email = <username>@gmail.com
[sendemail]
    smtpEncryption = tls
    smtpServer = smtp.gmail.com
    smtpUser = <username>@gmail.com
    smtpPass = <16CharPassword>
    smtpServerPort = 587
    suppresscc = all

Or you can use git credential helper store to store above details

Test the settings by sending a patch,

git send-email --to=user@somedomain.com -1

GitHub’s 2 Factor Authentication

Generate new token using this link https://github.com/settings/tokens and click Generate new token as shown below,

Generate GitHub token
Figure 11: Generate GitHub token

and store the token in ~/.git-credentials as below,

https://<GitHub username>:<GitHub Token>@github.com

Test the setting by pushing a commit.

Each credential is stored on its own line in file ~/.git-credentials file, something like,

smtp://<username>%40gmail.com:<16CharPassword>@smtp.gmail.com%3a587
https://<GitHub username>:<GitHub Token>@github.com

Reference