Github 使用PAT(Personal Access Token)后的命令行登录

在Github上启用PAT

命令行下使用git push不能再直接使用用户名密码, 在输入密码的地方需要使用PAT来代替. 具体的创建步骤为
https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token

如果只是用于提交代码, 勾选repo部分即可, 对于大部分场景, 可以加上这几个权限gist, read:org, repo, workflow

Windows 用户

控制面板 => Credential Manager => Windows Credentials

• 找到 git:https://github.com => 编辑 => 将 Password 替换成在 GitHub 上生成的 Personal Access Token => OK
• 如果没有 git:https://github.com , 点击 Add a generic credential => Internet 地址填写 git:https://github.com , 输入用户名和 Personal Access Token => OK

之后在git中做如下设置

git config --local credential.helper wincred

Linux 用户

首先给git配置上 username 和 email

$ git config --global user.name "your_github_username"
$ git config --global user.email "your_github_email"
$ git config -l

然后用git连接 GitHub. 例如:

$ git clone https://github.com/YOUR-USERNAME/YOUR-REPOSITORY
> Cloning into `Spoon-Knife`...
$ Username for 'https://github.com' : username
$ Password for 'https://github.com' : 这里输入 personal access token

然后用下面的命令, 将这个token加入缓存

$ git config --global credential.helper cache

你可以随时使用下面的命令删除缓存

$ git config --global --unset credential.helper
$ git config --system --unset credential.helper

可以用-v参数验证一下

$ git pull -v

Linux/Debian可以用下面的命令Clone:

git clone https://<tokenhere>@github.com/<user>/<repo>.git

开启双因子认证后命令行登入Github

在GitHub开启双因子后, 以前的登录方式不行了

mote-pad$ git pull
Username for 'https://github.com': someone
Password for 'https://someone@github.com': 
remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
fatal: Authentication failed for 'https://github.com/someone/mote-pad.git/'

搜了下, 命令行登录需要通过GitHub CLi 或者 Git Credential Manager, 当前环境还没安装

mote-pad$ git credential-manager -h
git: 'credential-manager' is not a git command. See 'git --help'.

安装步骤

从 https://github.com/git-ecosystem/git-credential-manager/releases 下载 .deb 包(我用的Ubuntu环境)然后安装

# download
wget https://github.com/git-ecosystem/git-credential-manager/releases/download/v2.4.1/gcm-linux_amd64.2.4.1.deb
# install
sudo dpkg -i gcm-linux_amd64.2.4.1.deb 
# configurate
git-credential-manager configure
# check
git credential-manager -h

设置存储方式
plaintext 明文方式, 默认存到 /home/[username]/.gcm/store/git/https/github.com/someone.credential, 这种方式不够安全

# cd到项目目录下, 用--local设为局部设置
git config --local credential.credentialStore plaintext

这时候就可以用github账号登录了

# 查看保存的github账号, 当前为空
git credential-manager github list
# 登录, 不需要用户名, 直接用 PAT Token
git credential-manager github login
Select an authentication method for 'https://github.com/':
  1. Device code (default)
  2. Personal access token
option (enter for default): 2
Enter GitHub personal access token for 'https://github.com/'...
Token: 
# 检查
git credential-manager github list
someone

换成gpg存储

参考 https://github.com/git-ecosystem/git-credential-manager/blob/main/docs/credstores.md

初始化 gpg key, 会让输入name和email, name 就是 user id, 可以用于后面的pass init

$ gpg --gen-key
...
Real name: someone
Email address: someone@outlook.com
You selected this USER-ID:
    "someone <someone@outlook.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 2EDDD89402CB8758 marked as ultimately trusted
gpg: directory '/home/someone/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/someone/.gnupg/openpgp-revocs.d/771DB7B3382BA257BE64DB6F2EDDD89402CB8758.rev'
public and secret key created and signed.

pub   rsa3072 2023-11-09 [SC] [expires: 2025-11-08]
      771DB7B3382BA257BE64DB6F2EDDD89402CB8758
uid                      someone <someone@outlook.com>
sub   rsa3072 2023-11-09 [E] [expires: 2025-11-08]

中间会创建一个口令, 用于日常验证

用这个user id创建pass

pass init someone
mkdir: created directory '/home/someone/.password-store/'
Password store initialized for someone

git config 换成 gpg 存储

git config --local credential.credentialStore gpg

之后第一次使用, 需要用APT登录, 后续登录, 需要使用之前创建的口令, 和sudo一样有缓存不需要每次验证