Enabling 2 factor authentication on GitHub is a good way to protect your data, but unfortunately, it means you can’t use your password to login at the command line on Linux for pushes and pulls to HTTPS repositories.
You can set up a special
.netrc file to enable 2FA login from the command line.
First, go to GitHub and create a Personal Access Token.
Then, create a
~/.netrc file with the following contents:
machine github.com login yourusername password <token> protocol https machine gist.github.com login yourusername password <token> protocol https
<token> is the token set up on the GitHub website.
Then generate a GPG key if one doesn’t exist:
Make sure to put a passphrase on that key.
You may have to do some other tasks on the computer while it generates enough entropy.
Then encrypt the
gpg -e -r email@example.com ~/.netrc
~/.netrc file can be deleted as long as the
~/.netrc.gpg file is kept.
Add the netrc credential helper:
curl -o ~/.local/bin/git-credential-netrc https://raw.githubusercontent.com/git/git/master/contrib/credential/netrc/git-credential-netrc
Finally, set up Git to use this file:
git config --global credential.helper "netrc -f ~/.netrc.gpg -v"
Install gpg-agent and pinentry
sudo apt-get install gnupg-agent pinentry-curses
# Invoke GnuPG-Agent the first time we login. # Does `~/.gpg-agent-info' exist and points to gpg-agent process accepting signals? if test -f $HOME/.gpg-agent-info && \ kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info | cut -c 16-` else # No, gpg-agent not available; start gpg-agent eval `gpg-agent --daemon --no-grab --write-env-file $HOME/.gpg-agent-info` fi export GPG_TTY=`tty` export GPG_AGENT_INFO
Now https pushes and pulls should work with GitHub on Linux.