github - Git Password Deprecation - Is my use case still supported?

Question

I work with deep learning models everyday, and in order to do this efficiently I ssh into multiple computers on my network at the same time.

For example:

• Computer A: Running a training script
• Computer B: Running an inference script
• Computer C: Creating synthetic data for the next training session.
• Host Computer: Coding

The code that I am running on Computer A, B, and C is pushed to GitHub from my Host Computer and pulled on each target computer. My Host Computer is used only by myself, so it wouldn't be that inconvenient to use token authentication on my Host Computer. However, Computer A, B, and C are all computers that are shared by several members on my team, and there can be multiple people connecting to any given computer via ssh at any given time.

Consequently, it is necessary that everyone authenticates git operations with their own username and password, so using a credential helper on Computer A, B, and C is not an option. (I don't want one of my team members to accidentally make a push using my git account.)

However, starting August 13, 2021 I will be forced to use token authentication. I can't use a credential helper on Computer A, B, and C. At the bare minimum, it is necessary for at least the username to be prompted for each git operation. Will I need to copy and paste my token from a text file every time I do a git operation on Computer A, B, and C? Since I'm working with 4+ computers at any given time, I have to push and pull from GitHub many times everyday. Copying and pasting an access token from a text file every time is too inconvenient for me. I need a workaround.

question from:https://stackoverflow.com/questions/65858829/git-password-deprecation-is-my-use-case-still-supported

Answer 1

I agree that in this case it would be a bit inconvenient to use a token each time especially since once you create a token in the interface, you can never see it again (since GitHub prudently does not store it in plaintext).

However, you can use an SSH key to do this. If computers A, B, and C are shared instances that are essentially just places that you deploy code and anyone who uses those computers should be able to pull the code down, then you can create an SSH key for each of those machines (e.g., with ssh-keygen -t ed25519) and set each one up as a read-only deploy key on GitHub. That's a good way to have each machine have the access it needs but not have to worry about unauthorized writes to the repository.

If you need to push code authenticated as your user and others do as well, you can each use an SSH key on a flash drive associated with your account. If these computers are accessible from each other by SSH, then you can just SSH into the machine with the -A flag to forward your agent and use your own personal SSH key to fetch data from GitHub on those machines without a problem.

SSH keys aren't affected by the disabling of password auth because they, like tokens, are not easily guessable.