Personal Access Tokens

I’ve set up 2 factor authorization, which works fine, but of course I’m then unable to ‘git pull’ changes to my Raspberry Pi using my username/password.
I therefore created a Personal Access Token, and used that instead of my password, which allowed the git pull to occur successfully.

But… how can I add this token to my pi, so that it authorizes me automatically the next time I git pull etc.
I thought that the token would have been added to my .git/config file, once I had used it once???

Paul

Is there a reason you don’t want to just go ahead and use an SSH Certificate? (~/.ssh/id_rsa)

What’s the benefit of 2FA once you “store” your password, over say, a certificate? A secret’s a secret. That’s one factor authentication, if both factors are stored in one place. Am I not understanding?

Well I tried adding a SSH certificate first but when I tried a git-pull it failed authentication.
I created a key, and it’s stored in ~/.ssh/id_rsa.pub in my pi.
I copied the key and pasted it into Gitlab, and can see that it’s been successfully added…

Paul

You need to put the PRIVATE KEY ( ~/.ssh/id_rsa) (no .pub extension) on your pi.

The public key (.pub) goes into your keyring on the Gitlab server

Which I assume is https://gitlab.com/profile/keys if so, that is added ok.

Sorry, I don’t understand this line. Can you expand please?

Paul

You might want to explain what you mean when you say “I tried adding an SSH certificate”.

What you needed to do was generate a public and private key pair. The public file is named id_rsa.pub, and the private key file is named id_rsa and is larger than the public key.

The private file named id_rsa should be on your Raspberry Pi in your ~/.ssh folder.

Yes, it is present. that’s why I was confused by your previous comment “You need to put…” when it’s already there.

I’ve just generated a new SSH pair, and followed the guide in Gitlab help, but still the same…
A git pull asks for my username & password, which I provide, but then I get the message “Authentication Failed”

Paul

What remote-URL are you using? The https one or the git@… ssh one? (ie, what is the output of git remote -v)

You should be using the git@… one

1 Like

Thanks Warren, yes that’s what the problem was!!

The result of $ git remote -v was;
origin https://gitlab.com/myrepo/mysite.git (fetch)
origin https://gitlab.com/myrepo/mysite.git (push)

So I deleted the local repo on my pi, and cloned it again via git@…
and now I can pull via the SSH certificate ok.

I had originally cloned the repo via https because I thought that it would be the most secure (wrong!)

Paul