Git-Cli cannot authenticate against Gitlab (self-hosted, with 2FA enabled)

heistema · April 19, 2023, 10:54am

I just installed a new instance of Gitlab on a Linux server. Everything works flawlessly so far… I created a user, I created a repo. I also enabled 2FA for the user. I need and therefore have SSH disabled.

However I am not able to push anything to the server. The git client keeps asking about username and password no matter what I supply. So I am in a loop without error messages. Of course I tried to read the documentation on that topic, but he does not take a PAT (= Personal Access Token) either. No matter whether I supply the token as username or as password (which I read about on the internet).

The “Authentication log” on the webinterface shows no errors or connection tries from my git cli.

The documentation seems to have nothing on my specific error as well.
Any ideas?
Thanks for your help in advance

gitlab-greg · April 19, 2023, 2:56pm

Hi @heistema

Since you’ve disabled SSH and this user has 2FA enabled, you’ll need to use a Personal Access Token (PAT) for authentication. Here’s a step-by-step process on how to create and use a PAT:

Create a Personal Access Token: Log in to your GitLab account, navigate to your avatar at the top-right corner, and click “Settings.” In the left sidebar, choose “Access Tokens,” provide a name and an optional expiration date, and check the api and write_repository scopes. Click “Create personal access token” and copy the generated token.

For more information, check the official documentation.
Use the PAT for Git authentication: When Git asks for your username and password, use your GitLab username as the username, and the Personal Access Token as the password. This should allow you to authenticate.

If you’d like to avoid entering your credentials every time, you can configure Git to cache your credentials.

If the problem persists, try again with a freshly-generated PAT and check your server logs for any errors or configuration issues.

I hope this helps! If you need further assistance, please don’t hesitate to ask.

heistema · April 21, 2023, 12:12pm

Hi @gitlab-greg ,

thanks for your answer. I tried again, with a new token, but still the same error as mentioned above. Git simply keeps asking for username and password, as if I had entered nothing.

iwalker · April 21, 2023, 1:30pm

I usually just edit the .git/config file and place my username and token in there, we do it over https, so your url then looks like:

https://username:token@myserver.com/group/project

since it’s stored on my laptop and nobody can gain access to it, it’s not an issue for me. Disk is encrypted anyway if someone ever steals it.

heistema · April 25, 2023, 7:01pm

@iwalker Well using this pattern… I just got: “remote: The project you were looking for could not be found or you don’t have permission to view it.”

heistema · April 27, 2023, 1:11pm

Setting up the gitlab server again with another Linux distribution somehow solved the issue for me.

But still it is mandatory to do as @iwalker suggested. Only putting the token into the remote url for git allows me to push / pull.

But still… Thanks to you @iwalker and @gitlab-greg

markr · April 5, 2024, 10:00am

What I eventually found was that I was getting the 2FA message regardless of what I did, even when 2FA was disabled. Turns out, I needed to bypass the corporate proxy by adding an environment variable for no_proxy with the URL of my GitLab endpoint.