Hub: Authentication fails if two-factor auth is required
I tried to use hub to create a pull request, but got an error:
$ hub pull-request -i 350
github.com username: wichert
github.com password for wichert (never stored): stty: standard input: unable to perform all requested operations
Error creating pull request: Unauthorized (HTTP 401)
This is most likely because I have github configured to require two-factor authentication. And indeed in the security history I see this:
wichert
All 21 comments
It might not be related to 2FA. In the output you pasted there is stty: standard input: unable to perform all requested operations, which I see for the first time and should not be shown. This points to the fact that your password might not have been collected correctly in the first place.
Can you give me more information about your system version and your shell?
mislav
on 21 Nov 2013
This is an OSX 10.9/Mavericks system. The shell is bash 4.2.45. Both the shell and hub were installed via MacPorts.
wichert
on 21 Nov 2013
I have the same issue with hub version 1.10.6 on OS X 10.9.
Here's what I did:
$ hub fork
github.com username: dasevilla
github.com password for dasevilla (never stored):
Error creating fork: Unauthorized (HTTP 401)
dasevilla
on 23 Nov 2013
Confirmed this is an issue with 2FA. I received the exact same response @dasevilla pasted above.
I disabled 2FA temporarily, went back to try hub and authenticated successfully. I've re-enabled 2FA and am successfully using hub now.
jpfuentes2
on 27 Nov 2013
Disabling 2FA, authenticating hub, and enabling 2FA worked for me as well.
dasevilla
on 28 Nov 2013
I had the 401 issue with 1.10.6, because hub never asked for the 2FA code.
Using the source from the current HEAD, installed using homebrew's brew upgrade --HEAD hub, I got as far as hub asking for the 2FA code.
For some reason, github never sent me any 2FA code by sms when hub requested it, as noted in the security history. Solved it by opening a private browser window, heading to github.com and performing the first step of logging in on the website. Instead of using the new sms auth token on the website, I used it for hub.
Voil脿, "oauth_access.create: hub (API)".
joelpurra
on 2 Dec 2013
Yeah, 2FA really seems kind of broken right now. I'll need to change the way hub authenticated completely to put an end to these and similar authentication woes. Right now, you can use GitHub's web interface to create a token manually that you can paste to ~/.config/hub:
---
github.com:
- oauth_token: TOKEN
user: mislav
@mislav where do you create the token?
cyrusstoller
on 4 Dec 2013
@cyrusstoller https://github.com/settings/applications
fuadsaud
on 10 Dec 2013
@mislav Couldn't the flow change to
$ hub fork
Are you using Two-Factor Authentication on github.com? [yN]: y
github.com username: afeld
github.com personal access token (generate at https://github.com/settings/applications): 123456
?
afeld
on 11 Dec 2013
@afeld Detecting whether 2FA is enabled for your account is not the problem. However, I have other problems related to 2FA that I need to sort out. Expect an update soon
mislav
on 11 Dec 2013
Even a warning after a 401 like "See https://github.com/github/hub/issues/435 if you have 2FA enabled" would be an improvement in the short term. Just so that people don't throw up their hands and walk away from it.
afeld
on 11 Dec 2013
This is very similar to how Composer (PHP dependency manager) handles GitHub 2FA. Here's the related discussion: https://github.com/composer/composer/issues/2280 Still not resolved.
hkdobrev
on 11 Dec 2013
@lawipac Composer has had 2FA support for many months now. However, this project is not Composer nor related to it at all. So, it's not an appropriate place to rant about your troubles with using Composer. If you need to report a bug to them, go to their issue tracker.
mislav
on 7 Jan 2015
In case Google search brings anyone else to this thread: I had this issue today with not being able to login via Git Shell until I disabled 2FA. A coworker suggested using a personal access token for specific apps to prevent this from happening in the future. https://help.github.com/articles/creating-an-access-token-for-command-line-use/
Does that sound about right?
rschuster3
on 19 Oct 2015
@rschuster3 Were you using hub or just plain git push/pull/clone? Where did you put the token?
mislav
on 19 Oct 2015
Just plain git push/pull/clone. I haven't made the token yet (since I was able to authenticate after I disabled 2FA) but it's on my to-do list for today.
rschuster3
on 19 Oct 2015
just did it myself. Create the token and enter it just as you would your password when signing in via Git Bash and you're good to go.
fslone-nomi
on 19 Oct 2015
All righty, I'll go ahead and set it up now. The shell is oddly asking me to authenticate again for a push I want to make. I say "oddly" because I'm not asked to authenticate normally. Will post here again if I have issues with the token. Thanks!
rschuster3
on 19 Oct 2015
might want to look into caching you credentials to help with that
https://help.github.com/articles/caching-your-github-password-in-git/
fslone-nomi
on 19 Oct 2015
The link provided by @rschuster3 works perfectly for my git kraken pulls issues after setting up 2 factor.
corlaez
on 20 Dec 2017
Related issues
le0nik
路
4Comments
segevfiner
路
4Comments
mshick
路
3Comments
stsewd
路
4Comments
kurko
路
4Comments
Most helpful comment
just did it myself. Create the token and enter it just as you would your password when signing in via Git Bash and you're good to go.