This guide covers two methods to authenticate with GitHub: HTTPS (using Personal Access Tokens) and SSH keys.
GitHub no longer accepts regular passwords for Git operations. You must use Personal Access Tokens instead.
-
Go to GitHub Settings
- Click your profile picture (top-right) → Settings
- Scroll down to "Developer settings" (bottom-left)
- Click "Personal access tokens" → "Tokens (classic)"
-
Generate New Token
- Click "Generate new token" → "Generate new token (classic)"
- Give it a descriptive name (e.g., "My Laptop - Git Access")
- Set expiration (recommend 90 days for security)
- Select scopes (minimum: check "repo" for full repository access)
- Click "Generate token"
-
IMPORTANT: Save Your Token
- Copy the token immediately (it won't be shown again)
- Save it in a secure password manager
- Treat it like a password
When Git asks for your password during push/pull/clone:
- Username: Your GitHub username
- Password: Paste your Personal Access Token (not your GitHub password)
git config --global credential.helper osxkeychaingit config --global credential.helper wincred# Cache for 1 hour (3600 seconds)
git config --global credential.helper 'cache --timeout=3600'
# Or use libsecret for permanent storage
sudo apt-get install libsecret-1-0 libsecret-1-dev
cd /usr/share/doc/git/contrib/credential/libsecret
sudo make
git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecretSSH keys allow you to connect to GitHub without entering credentials each time.
ls -al ~/.sshls -al ~/.sshLook for files named:
id_rsa.pubid_ecdsa.pubid_ed25519.pub
If you see these, you already have SSH keys. You can use them or create new ones.
ssh-keygen -t ed25519 -C "your_email@example.com"Note: If your system doesn't support ed25519, use:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"During key generation:
- Press Enter to save in default location (
~/.ssh/id_ed25519) - Enter a passphrase (optional but recommended for security)
- Re-enter passphrase
- Start the SSH agent:
eval "$(ssh-agent -s)"- Check if
~/.ssh/configexists:
ls ~/.ssh/config- If it doesn't exist, create it:
touch ~/.ssh/config- Add this to
~/.ssh/config:
Host github.com
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
- Add your key:
ssh-add --apple-use-keychain ~/.ssh/id_ed25519If you didn't set a passphrase, omit --apple-use-keychain:
ssh-add ~/.ssh/id_ed25519- Start the SSH agent:
eval "$(ssh-agent -s)"- Add your key:
ssh-add ~/.ssh/id_ed25519To make the key persist across reboots, add this to your ~/.bashrc or ~/.zshrc:
if [ -z "$SSH_AUTH_SOCK" ] ; then
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
fiUsing Git Bash:
- Start SSH agent:
eval "$(ssh-agent -s)"- Add your key:
ssh-add ~/.ssh/id_ed25519Using PowerShell (Windows 10/11):
- Start SSH agent service (as Administrator):
Get-Service ssh-agent | Set-Service -StartupType Automatic
Start-Service ssh-agent- Add your key:
ssh-add ~\.ssh\id_ed25519-
Copy your public key to clipboard:
macOS:
pbcopy < ~/.ssh/id_ed25519.pub
Linux:
cat ~/.ssh/id_ed25519.pub # Then select and copy the output
Or with xclip:
sudo apt-get install xclip xclip -sel clip < ~/.ssh/id_ed25519.pub
Windows (Git Bash):
clip < ~/.ssh/id_ed25519.pub
Windows (PowerShell):
Get-Content ~\.ssh\id_ed25519.pub | Set-Clipboard
-
Add to GitHub:
- Go to GitHub Settings
- Click "SSH and GPG keys" (left sidebar)
- Click "New SSH key"
- Title: Give it a name (e.g., "My MacBook Pro")
- Key type: Authentication Key
- Paste your copied key into "Key" field
- Click "Add SSH key"
ssh -T git@github.comYou should see:
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
If you see a message about authenticity of host, type yes to continue.
When cloning or adding remotes, use SSH URLs instead of HTTPS:
SSH URL format:
git@github.com:username/repository.git
HTTPS URL format:
https://github.com/username/repository.git
Clone with SSH:
git clone git@github.com:username/repository.gitChange existing repo from HTTPS to SSH:
git remote set-url origin git@github.com:username/repository.gitCheck current remote URL:
git remote -v- Verify SSH key was added to GitHub
- Check SSH agent is running:
ssh-add -l
- If no keys listed, add your key again:
ssh-add ~/.ssh/id_ed25519 - Test connection:
ssh -vT git@github.com
Start SSH agent:
eval "$(ssh-agent -s)"Then add key:
ssh-add ~/.ssh/id_ed25519-
Verify token hasn't expired
-
Check token has correct permissions (repo scope)
-
Make sure you're using the token, not your password
-
Clear credential cache and try again:
macOS:
git credential-osxkeychain erase host=github.com protocol=https
(Press Enter twice)
Windows:
git credential-wincred erase host=github.com protocol=https
(Press Enter twice)
If you're repeatedly asked for passphrase:
ssh-add --apple-use-keychain ~/.ssh/id_ed25519And ensure ~/.ssh/config has:
Host github.com
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
- You're just getting started
- You work on different computers frequently
- You're behind a firewall that blocks SSH (port 22)
- You prefer simplicity
- You push/pull frequently (no credential entry needed)
- You want maximum security
- You work primarily from one machine
- You're comfortable with command line
Pro tip: You can use both! Use SSH on your main computer and HTTPS with tokens on others.
Username: your-github-username
Password: your-personal-access-tokenssh -T git@github.comgit remote -v
# https:// = HTTPS
# git@github.com = SSHgit remote set-url origin git@github.com:username/repo.gitgit remote set-url origin https://github.com/username/repo.git