I have run ssh -T git#github.com to check my connection SSH connection, and I got the following result -
Hi e***! You've successfully authenticated, but GitHub does not provide shell access.
Now, this is not my GitHub user and I don't know how to change it.
To work with ssh or any asymmetric key encryption protocols, you should get a grasp of the concept of how public and private key pair works. Only until then, what I will say below makes sense:
The command ssh -T git#github.com shows the user who has added your public key to their account. What this command does is it sends your public key to Github's server, GitHub then tries to verify if you are actually the owner of this public key (by testing your private key with some encrypted data). If so, it finds the account in its database that associates with this public key and returns the result that you're seeing on the screen.
Should you be worried? No, because your public key is supposed to be public, and anyone could grab your key and unintentionally add that to their GitHub account. Other than you can access their GitHub's private repositories, they can do nothing to your computer or your GitHub account.
If you still have read and write access to your GitHub's repositories (e.g., git clone or git push), there's nothing else to do.
Edit:
If you've already added your public key to your GitHub account and ssh -T git#github.com still outputs their GitHub's account name, I think it's because GitHub finds their account first and return that right away.
Related
Very recently I have activated the two-factor authentication on GitHub. Then after I tried to push my work (using git bash)to a new repository and it displays a error as the username or password is incorrect. How can I overcome this issue?
It's likely that you're still using your username and password stored in a credential manager for pushing to GitHub, and that won't work when you're using two-factor authentication. The Git FAQ explains how to empty your credentials (replace your-username):
$ echo url=https://your-username#github.com | git credential reject
Then, the next time you push, Git will prompt your for your credentials. Go to https://github.com/settings/tokens and create a personal access token with the repo and workflow scopes, and then give Git your username when it asks and the personal access token for your password. Don't specify your actual password, since that won't work.
On Windows, you may see a graphical prompt to sign into GitHub; you can just close that window and follow the steps above.
I am a hardware guy first and software second so GitHub is not my forte.
I had Altium Designer setup with my GitHub server for version control. When GitHub forced 2FA recently it broke the link to Altium which, unfortunately doesn't have stellar GitHub integration.
There are 6 fields I am allowed to enter in Altium to point it to my (GitHub) server:
1.) Method (HTTP, HTTPS, file, svn)
2.) Server (URL)
3.) Port
4.) Repo Subfolder
5.) username
6.) Password
Again, nothing changed except moving to 2FA. Now, when I attempt to login it obviously says it could not connect to the server because Altium has no provisions to provide a token during the login process.
I read the article at GitHub here: https://docs.github.com/en/free-pro-team#latest/github/authenticating-to-github/using-ssh-over-the-https-port
But I have no idea if that will do anything for me. Is there a way to route my Altium server connection to use my SSH key outside of the Altium environment? Or perhaps another way to "whitelist" my desktop in GitHub for SSO?
GitHub has not forced 2FA on for users. That wouldn't be useful, because people could just not set up a second factor. It's possible your organization has required this, though.
However, GitHub is deprecating the use of a plain password when using Git over HTTPS in favor of a token. Using a plain password was already forbidden for users who use 2FA, since there's no place to send a 2FA code (and for automated systems, doing that would be very inconvenient).
In this case, it's easy to keep using HTTPS: just generate a personal access token (in the developer settings) with the repo scope and paste it into the password field. Git doesn't know the difference between a password and a token; they're both the same to it. This also has a bunch of other benefits:
If you change your password, the token isn't automatically cleaned up, so you don't have to change Altium Designer.
If you decide you want to revoke that token, you can do so independently of changing your password.
If you're using SSO, you need to enable that token for SSO using the drop-down before it can be used to access protected resources.
I have a private hosted registry at www.myDockerRepo.company.com:2222. To login to this repository I follow these steps
docker login www.myDockerRepo.company.com:2222
username : xxx
password : ***
email : xyz#company.com
WARNING: login credentials saved in /home/vagrant/.docker/config.json
Login Succeeded
Can these credentials be saved before hand in the config.json so that clients dont need to manually enter these credentials n every login? What is the best practice to login to private registries?
Yes, you can manually add the creds to the config. Just copy the file over from a host that you already logged in with.
As far as best practices, they depend on the setup, but most common is to use a generic system account for your registry that is only used by the hosts, and then when setting up the hosts and installing docker, drop in the config file for that system user. Then all pushes and pulls from those servers will be with that account.
If you try and reuse a user account, things will break if that user changes their password. It also allows you to have different permissions for hosts, maybe pull only access vs push, etc.
Since we've turned off passwords for security purposes, I was hoping there was a script or some other way to automatically add WHM authorized keys to account level ssh public keys and have them automatically authorized.
You muste be to create a script post create acct (/scripts/postwwwacct example) or standarized script. See more on https://documentation.cpanel.net/display/SDK/Guide+to+Standardized+Hooks+-+Script+Hooks
If I interact with Github over SSH using the git account, how does it know which files to let me access?
Is it possible on the server to detect which specific key in the authorized_keys file was used to authenticate a user? My understanding of SSH is that once my key is authenticated, I'm logged in as the git user and should have access to everything that user account has access to.
Update:
I figured gitosis had to be doing something similar in nature and so I checked out the source. As ephemient says, associating a command with a public key seems like the way to go. You can set it up so that the command receives the user's name as an argument and figure out permissions based on that.
Of course I do not know what github does but https://wincent.com/wiki/Git_repository_access_control explains the how.