How to correctly use GitHub's authentication token?

8
votes

When I pushed to my repository using the bash terminal, GitHub sent me an email:

[GitHub] Deprecation Notice
Hi,

You recently used a password to access the repository at with git using git/.

Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.

Thanks, The GitHub Team

So I tried figuring out how to use the auth token, but this, this and this page didn't really help.

Once I generate a token that looks like this, ff35995a9624470a855520c573972d2f1812843, I understand that I'm supposed to be able to do a git push --all, then type my username and enter the token to be able to authenticate.
But this would mean that I need to store this token in plain text or in some password manager. That just seems wrong. Or is my understanding of this whole process flawed?

How do I securely use this token instead of a password? I remember SourceTree had something that I think was a provision for storing such a token, but how would one do it via the Linux terminal securely?

2
authenticationgithub
I'm really confused about this issue, because I successfully used ssh -T and connected and on Ubuntu 20.04 it tells me that " You've successfully authenticated, but GitHub does not provide shell access." But that's how the documents tell me how to connect. If I attempt to sign in with a username and password it warns me that this won't be allowed in the future. Is console access via git going to be gone from github?raddevus
I finally figured out the exact steps how to move forward with this using a PAT and wrote it up at: stackoverflow.com/questions/18935539/…raddevus

2 Answers

1
votes

Effectively, your password is replaced by a "personal access token", which is just another sort of password. Instructions for how to generate it are here. It's completely random so it is impossible to remember. Cool. Save it in place of your password in a password manager so you can use it when necessary, or there are other solutions such as caching.

See the bottom of this help page you will see it is used in exactly the same way as a password along with your original username. Also you might need to switch your repository from ssh to html.

More stackoverflow answers are here Authenticate with GitHub using a token

0
votes

As per a reply from the GitHub community:
Using a password manager would be the preferred solution. You could look into git-credential-cache so you don’t have to enter the token (from the password manager) for each and every push. Using SSH with an encrypted key and ssh-agent has a similar effect.