2 factor authentication and git
Published on Mar 29, 2018 by Sachin.
Google’s 2 Step Verification and GitHub’s 2 Factor Authentication are
preferred & secured but they are quite confusing when using git. In
this post lets see how to setup those and configure git using
generated password/token to send patch using git-send-email & push
commit to remote server using git-push.
Google’s 2 Step Verification
Using this link https://security.google.com/settings/security/apppasswords and setup App password. You need to login using your usual password first. After successful login, a section Password & sign-in method will show that your 2 Step Verification is Off. Click the arrow to turn on 2 Step Verification as shown below.
Figure 1: Enable 2 Step verification
Next, you need to provide your phone number to receive a verification code. You can get the code using Text message or a Phone call as show below. Enter phone number and click Next.
Figure 2: Enter Phone number
Enter verification code and click Next.
Figure 3: Enter verification code
and click TURN ON
Figure 4: Turn On 2 Step verification
This is also a good time to have alternate backup option. I use Free OTP but Google Authenticator is also good choice.
Figure 5: Choose alternative application
Next page will make you select the app and the device.
Figure 6: Select app and device
For sake of this post I want to use the token to send Email using
git-send-email, I will select the app as Mail.
Figure 7: Select app and device | App
The device is nothing but my GNU/Linux system, I prefer to select Other (Custom name).
Figure 8: Select app and device | Device
Name the app anything you want. As I plan to use the generated
password for git-send-email, I prefer the same name. This also
will help me to manage multiple apps in future. Click GENERATE
to generate password.
Figure 9: Generate password for an application
A password is 16 characters. We need this password to send patches
via git
Figure 10: Generate app password
Once the password is handy, create a file ~/git-credentials with
following line. Replace <username> with Gmail login name and
<16CharPassword> with generated password. (Note: This file is in
plan text.)
smtp://<username>%40gmail.com:<16CharPassword>@smtp.gmail.com%3a587
Or store details in ~/.gitconfig
1: [user] 2: name = <FirstName LastName> 3: email = <username>@gmail.com 4: [sendemail] 5: smtpEncryption = tls 6: smtpServer = smtp.gmail.com 7: smtpUser = <username>@gmail.com 8: smtpPass = <16CharPassword> 9: smtpServerPort = 587 10: suppresscc = all
Or you can use git credential helper store to store above details
Test the settings by sending a patch,
git send-email --to=user@somedomain.com -1
GitHub’s 2 Factor Authentication
Generate new token using this link https://github.com/settings/tokens and click Generate new token as shown below,
Figure 11: Generate GitHub token
and store the token in ~/.git-credentials as below,
https://<GitHub username>:<GitHub Token>@github.com
Test the setting by pushing a commit.
Each credential is stored on its own line in file
~/.git-credentials file, something like,
1: smtp://<username>%40gmail.com:<16CharPassword>@smtp.gmail.com%3a587 2: https://<GitHub username>:<GitHub Token>@github.com