Skip to main content

Enabling two-factor authentication for Github

·2 mins
github tfa two-factor authentication ssh
Table of Contents

Enabling TFA #

Its considered best practice now a days to enable two-factor authntication for your bank accounts, AWS accounts, and now your Github repositories as well.

Two-Factor authentication gives your accounts extra security by enforcing two secret pieces of information: your password and a temporary code that rotates every few minutes.

Enabling two-factor authentication is as simple as updating your Github profile: Settings > Security.

Github Two Factor Authentication

I use Google’s Authenticator app to generate keys for me: Google Authenticator

Create Keypair #

If you don’t have an RSA keypair already, create on for your workstation:

ssh-keygen -t rsa
Generating public/private rsa key pair.

and follow the directions. Be sure to give your RSA key a strong password using a password manager.

Copy the contents of the id_rsa.pub:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUhPVemD1nk8u2Ww/VxHV5mIub+GRDpnLvRcWWi5iDHu0ygkqjXk5ar7IEN7xcVMslvBj15FcE8xjUQaiKFXyzPhhgzZAUX61QAQAM8yoUsuuTA5AquDlS/n12xGKWCWp+Z3OlUl+HvlneyyZZsayzDXv4pa2XrsFTMnT3Qjy5y4Ca3XOYHftNTVPkraWlCqfqqvjB2+mSHSl4KfZe/Z3sF7OBD5gUgJEkPXxesWWeNSdQP9dxuJN8SBUcdnCxEswbtVrq35D0P9kMkNoVYLzgkt3eQ6ov9UrFn9N1VaUlG+bCa1KxG4jv/TeBEU5lQrxNU+lJdMiDd6kRBSbDTvvJ [email protected]

to Github’s authorized keys under Settings > SSH and GPG Keys and select New SSH Key:

add the contents of your id_rsa.pub to your Github account

Github will now accept commits from your workstation.

Gotchas #

HTTPS Git URLS: Authentication failed #

As of this writing, Github’s two-factor authentication breaks https:// git repository urls. Authenticating with a username and password thows this error:

Username for 'https://github.com': __github username__
Password for 'https://__github [email protected]':
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/__github username__/__github repo__.git/'

To solve this, use the SSH repository urls that start with [email protected]:.

Remove the old HTTPS remote hook and replace it with the SSH version:

git remote -v

origin	https://github.com/__github username__/__github repo__.git (fetch)
origin	https://github.com/__github username__/__github repo__.git (push)

git remote -D origin

Add the new SSH url:

git remote add origin [email protected]:__github username__/__github repo__.git

Pushing to your Github repository should work now.