Ask HN: Can GitHub be accessed through console-only for entire workflow?

33 points | by forgotmypw17 5 days ago

5 comments

  • tylerhou 5 days ago
    https://hub.github.com/hub.1.html#github-oauth-authenticatio...

    > Hub will prompt for GitHub username & password the first time it needs to access the API and exchange it for an OAuth token, which it saves in ~/.config/hub.

    And if you don't want to use Hub for all your Git operations, you can extract the token from the file after using Hub once, or call the OAuth endpoint directly by reusing Hub's code: https://github.com/github/hub/blob/c8e68d548a39ec0fab6f674a6...

    • pwg 5 days ago
      In the paragraph that starts: "Beginning August 13, 2021" there is a link "such as a personal access token".

      Clicking it goes to a page about how to authenticate. One of the options is:

      Connecting over SSH

      If you clone with SSH, you must generate SSH keys on each computer you use to push or pull from GitHub.

      So just generate some ssh keys and setup ssh auth and you should be able to continue using the command line to push/pull from github.

      • wnoise 5 days ago
        > If you clone with SSH, you must generate SSH keys on each computer you use to push or pull from GitHub.

        Or, of course, copy the keys.

        • rovr138 5 days ago
          Depends on the computer and their needs.

          There are definitely computers I wouldn’t put my key on and would prefer a new one and uploading that one.

          • wnoise 4 days ago
            Once done with whatever task requires it, do you then immediately revoke access by that key?

            Having two keys with the same access means you still have a key on that questionable system that can do the same things, and exactly the same security concerns.

            • rovr138 3 days ago
              Usually, yes.

              It’s usually when I’m working on a computer I don’t control root on. No idea what’s running there.

              So just create a disposable key, add it, do whatever I need then I can just revoke access to whatever that key had access to.

            • hedora 5 days ago
              ssh-agent works well for many of those use cases.
        • max_hammer 5 days ago
          I am using SSH key authentication.

          I use `maggit` + `forge` in Emacs for all operations

          • kubanczyk 2 days ago
            For me `forge` says "Opening TLS connection [...]" and that's it. Nothing else happens and no error visible anywhere. Tips?
          • I_complete_me 5 days ago
            I think this does what you need: https://cli.github.com/
            • hprotagonist 5 days ago
              magit-forge is real close.