IT Support: CoE CIS Tech

IT Support: CoE CIS Tech

Providing Community, Instructional, and Research IT Support

Menu

  • Home: Unit Support
    • College of Engineering
      • Applied Engineering & Physics
      • Biological & Environmental Engineering
      • Biomedical Engineering
      • Chemical & Biomolecular Engineering
      • Civil & Environmental Engineering
      • Earth & Atmospheric Sciences
      • Electrical & Computer Engineering
      • Materials Science Engineering
      • Mechanical & Aerospace Engineering
      • Operations Research & Information Engineering
    • Cornell Ann S. Bowers College of Computing and Information Science
    • Cornell Tech Campus
  • Getting Started
    • Onboarding New Hires
    • Get Connected: Wired
    • Get Connected: Wirless
    • Printing: Ithaca
    • Printing: Tech Campus
    • Connect Remotely: VPN
    • Remote and Hybrid Work
    • Available Software
    • Two Step Login
    • Community IT Support
    • Staff IT@Cornell
    • Faculty IT@Cornell
    • Students IT@Cornell
    • Visitor & Alumni IT@Cornell
    • New Employee Guide
  • Instructional IT Support
    • Available Software
    • Azure Dev Tools for Teaching
    • Classroom Support
    • Distance/Remote Classes
    • Github
    • Instructional Labs
    • Loaner Equipment
    • Video Conferencing
    • CU Teaching Resources
    • IT@Cornell Faculty Resources
  • Research Computing Support
    • G2 GPU Cluster
    • Magma CPU Cluster
    • Data Security Plan (DSP)
    • Data Storage
    • Github
    • Server Configuration & Hosting
    • Terminal Login Nodes
    • Cloud Services
  • Quick Links
    • Contact ITSG
    • Available Software
    • Azure Dev Tools for Teaching
    • Cornell Drop Box
    • Cornell Box
    • Exchange Account Manager
    • Governance Policies
    • Identity Management
    • Outlook Web Access
    • Phishing Email Examples
    • IT Policies

Github Authentication

Contents

  • 1 Summary
  • 2 Background
  • 3 Workflows affected
  • 4 Command line Git access over HTTPS
  • 5 Using Personal Access Tokens
  • 6 Using SSH Keys
  • 7 Git Clients

Summary

On July 15, 2021, Cornell’s Github Enterprise service will be updated for enhanced security. This change will mirror the upcoming change to token authentication on the main Github.com website. This change may impact some users depending on how they interact with Cornell’s Github Enterprise service.

If you use your Cornell netid and Cornell password for authentication during Git operations, you must switch to token-based authentication or SSH-based authentication.

Logging into the website interface will continue to work, albeit using Cornell’s Two-Step login.

If you need assistance, please submit a ticket to the COECIS Help Desk.

Background

Beginning July 13, 2021, we will no longer accept account passwords when authenticating Git operations and will require the use of token-based authentication, such as a personal access token (for developers) or an OAuth or GitHub App installation token (for integrators) for all authenticated Git operations on github.coecis.cornell.edu. You may also continue using SSH keys where you prefer.

Tokens offer a number of security benefits over password-based authentication:

  1. Unique – tokens are specific to GitHub and can be generated per use or per device
  2. Revocable – tokens can can be individually revoked at any time without needing to update unaffected credentials
  3. Limited – tokens can be narrowly scoped to allow only the access necessary for the use case
  4. Random – tokens are not subject to the types of dictionary or brute force attempts that simpler passwords that you need to remember or enter regularly might be

Workflows affected

  • Command line Git access over HTTPS
  • Desktop applications using Git (GitHub Desktop is unaffected)
  • Any apps/services that access Git repositories directly using your Cornell NetID and password

Command line Git access over HTTPS

Many people have historically cloned a repository to their computer using HTTPS and the standard command-line tool ‘git’ or another git client. For those users, they were prompted to enter their Cornell username and password during the git operations.

This functionality will no longer work and you will need to change how you interact between your local and remote Git repository.

You must transition to using a Personal Access Token or to using SSH keys.

Using Personal Access Tokens

Any method of working with Github that previously used a username and password can be done using these Personal Access Token instructions.

You would use the same username, but when prompted for your password, you would enter your Personal Access Token. If you’re worried about having to repeatedly re-enter your Personal Access Token, you can configure your Git client to cache your credentials.

Using SSH Keys

Working with Github using SSH keys to push and pull their code will work just like it did before. If you wish to switch to this method, you can read more about it in Github’s detailed documentation.

In short, check to see if you already have an SSH key. If you don’t, generate one. Once you have a SSH key, add it into your Github Enterprise settings.

Then when you clone a repository on your computer, just make sure you clone it over SSH and all git interactions will take place using the SSH key authentication.

If you have any existing repositories configured to use HTTPS, it’s relatively easy to configure them to use SSH.

Git Clients

  • Many users already use Github Desktop to interact with the Github server. No changes are needed if you are using Github Desktop.
  • Github CLI is a command line Git client. It brings pull requests, issues, and other GitHub concepts to the terminal next to where you are already working with git and your code.

Learn more about the ITSG

IT Maintenance and Alerts

Sitemap

IT@Cornell Services

Request IT Help

Submit Ticket

Search this site

CIT Service Alerts

https://itservicealerts.hosting.cornell.edu/allalerts

Academic Units

  • College of Engineering
  • Cornell Ann S. Bowers College of Computing and Information Science
  • Cornell Tech Campus

IT Staff

  • Login to edit content
If you have a disability and are having trouble accessing information on this website or need materials in an alternate format, contact web-accessibility@cornell.edu for assistance.
Copyright © 2023 IT Support: CoE CIS Tech. Powered by WordPress. Theme: Accelerate by ThemeGrill.