jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 11:26:57 -05:00
Code Issues Projects Releases Wiki Activity

Hello git history spelunker!

Browse Source 
Are you looking for something? Here is all of the GitHub Docs history in one single commit. Enjoy! 🎉
This commit is contained in:
Vanessa Yuen
2020-09-27 14:10:11 +02:00
parent fa8bb2322f
commit 3df90fc9b8
28386 changed files with 1723440 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
content/github/authenticating-to-github/about-anonymized-image-urls.md Normal file
View File

@@ -0,0 +1,92 @@
---
title: About anonymized image URLs
intro: 'If you upload an image to {{ site.data.variables.product.product_name }}, the URL of the image will be modified so your information is not trackable.'
redirect_from:
- /articles/why-do-my-images-have-strange-urls/
- /articles/about-anonymized-image-urls
versions:
free-pro-team: '*'
---
To host your images, {{ site.data.variables.product.product_name }} uses the [open-source project Camo](https://github.com/atmos/camo). Camo generates an anonymous URL proxy for each image that starts with ```https://camo.githubusercontent.com/``` and hides your browser details and related information from other users.
Anyone who receives your anonymized image URL, directly or indirectly, may view your image. To keep sensitive images private, restrict them to a private network or a server that requires authentication instead of using Camo.
### Troubleshooting issues with Camo
In rare circumstances, images that are processed through Camo might not appear on {{ site.data.variables.product.prodname_dotcom }}. Here are some steps you can take to determine where the problem lies.
{% windows %}
{% tip %}
Windows users will either need to use the Git Powershell (which is installed alongside [{{ site.data.variables.product.prodname_desktop }}](https://desktop.github.com/)) or download [curl for Windows](http://curl.haxx.se/download.html).
{% endtip %}
{% endwindows %}
#### An image is not showing up
If an image is showing up in your browser but not on {{ site.data.variables.product.prodname_dotcom }}, you can try requesting the image locally.
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
2. Request the image headers using `curl`.
```shell
$ curl -I https://www.my-server.com/images/some-image.png
> HTTP/1.1 200 OK
> Date: Fri, 06 Jun 2014 07:27:43 GMT
> Expires: Sun, 06 Jul 2014 07:27:43 GMT
> Content-Type: image/x-png
> Server: Google Frontend
> Content-Length: 6507
```
3. Check the value of `Content-Type`. In this case, it's `image/x-png`.
4. Check that content type against [the list of types supported by Camo](https://github.com/atmos/camo/blob/master/mime-types.json).
If your content type is not supported by Camo, you can try several actions:
* If you own the server that's hosting the image, modify it so that it returns a correct content type for images.
* If you're using an external service for hosting images, contact support for that service.
* Make a pull request to Camo to add your content type to the list.
#### An image that changed recently is not updating
If you changed an image recently and it's showing up in your browser but not {{ site.data.variables.product.prodname_dotcom }}, you can try resetting the cache of the image.
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
2. Request the image headers using `curl`.
```shell
$ curl -I https://www.my-server.com/images/some-image.png
> HTTP/1.1 200 OK
> Expires: Fri, 01 Jan 1984 00:00:00 GMT
> Content-Type: image/png
> Content-Length: 2339
> Server: Jetty(8.y.z-SNAPSHOT)
```
Check the value of `Cache-Control`. In this example, there's no `Cache-Control`. In that case:
* If you own the server that's hosting the image, modify it so that it returns a `Cache-Control` of `no-cache` for images.
* If you're using an external service for hosting images, contact support for that service.
If `Cache-Control` *is* set to `no-cache`, contact {{ site.data.variables.contact.contact_support }} or search the {{ site.data.variables.contact.community_support_forum }}.
#### Removing an image from Camo's cache
Purging the cache forces every {{ site.data.variables.product.prodname_dotcom }} user to re-request the image, so you should use it very sparingly and only in the event that the above steps did not work.
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
2. Purge the image using `curl -X PURGE` on the Camo URL.
```shell
$ curl -X PURGE https://camo.githubusercontent.com/4d04abe0044d94fefcf9af2133223....
> {"status": "ok", "id": "216-8675309-1008701"}
```
#### Viewing images on private networks
If an image is being served from a private network or from a server that requires authentication, it can't be viewed by {{ site.data.variables.product.prodname_dotcom }}. In fact, it can't be viewed by any user without asking them to log into the server.
To fix this, please move the image to a service that is publicly available.
### Further reading
- "[Proxying user images](https://github.com/blog/1766-proxying-user-images)" on {{ site.data.variables.product.prodname_blog }}

53
content/github/authenticating-to-github/about-authentication-to-github.md Normal file
View File

@@ -0,0 +1,53 @@
---
title: About authentication to GitHub
intro: 'You can securely access your account''s resources by authenticating to {{ site.data.variables.product.product_name }}, using different credentials depending on where you authenticate.'
versions:
free-pro-team: '*'
enterprise-server: '*'
---
### About authentication to {{ site.data.variables.product.prodname_dotcom }}
To keep your account secure, you must authenticate before you can access certain resources on {{ site.data.variables.product.product_name }}. When you authenticate to {{ site.data.variables.product.product_name }}, you supply or confirm credentials that are unique to you to prove that you are exactly who you declare to be.
You can access your resources in {{ site.data.variables.product.product_name }} in a variety of ways: in the browser, via {{ site.data.variables.product.prodname_desktop }} or another desktop application, with the API, or via the command line. Each way of accessing {{ site.data.variables.product.product_name }} supports different modes of authentication.
- Username and password with two-factor authentication
- Personal access token
- SSH key
### Authenticating in your browser
You can authenticate to {{ site.data.variables.product.product_name }} in your browser in different ways.
- **Username and password only**
- You'll create a password when you create your user account on {{ site.data.variables.product.product_name }}. We recommend that you use a password manager to generate a random and unique password. For more information, see "[Creating a strong password](/github/authenticating-to-github/creating-a-strong-password)."
- **Two-factor authentication (2FA)** (recommended)
- If you enable 2FA, we'll also prompt you to provide a code that's generated by an application on your mobile device or sent as a text message (SMS) after you successfully enter your username and password. For more information, see "[Accessing {{ site.data.variables.product.prodname_dotcom }} using two-factor authentication](/github/authenticating-to-github/accessing-github-using-two-factor-authentication#providing-a-2fa-code-when-signing-in-to-the-website)."
- In addition to authentication with a mobile application or a text message, you can optionally add a secondary method of authentication with a security key using WebAuthn. For more information, see "[Configuring two-factor authentication using a security key](/github/authenticating-to-github/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)."
### Authenticating with {{ site.data.variables.product.prodname_desktop }}
You can authenticate with {{ site.data.variables.product.prodname_desktop }} using your browser. For more information, see "[Authenticating to {{ site.data.variables.product.prodname_dotcom }}](/desktop/getting-started-with-github-desktop/authenticating-to-github)."
### Authenticating with the API
You can authenticate with the {{ site.data.variables.product.product_name }} API in different ways.
- **Personal access tokens**
- In limited situations, such as testing, you can use a personal access token to access the API. Using a personal access token enables you to revoke access at any time. For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
- **Web application flow**
- For OAuth Apps in production, you should authenticate using the web application flow. For more information, see "[Authorizing OAuth Apps](/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow)."
- **GitHub Apps**
- For GitHub Apps in production, you should authenticate on behalf of the app installation. For more information, see "[Authenticating with {{ site.data.variables.product.prodname_github_apps }}](/apps/building-github-apps/authenticating-with-github-apps/)."
### Authenticating with the command line
You can access repositories on {{ site.data.variables.product.product_name }} from the command line in two ways, HTTPS and SSH, and both have a different way of authenticating. The method of authenticating is determined based on whether you choose an HTTPS or SSH remote URL when you clone the repository. For more information about which way to access, see "[Which remote URL should I use?](/github/using-git/which-remote-url-should-i-use)"
* You can work with all repositories on {{ site.data.variables.product.product_name }} over HTTPS, even if you are behind a firewall or proxy. Every time you use Git to authenticate with {{ site.data.variables.product.product_name }}, you'll be prompted to enter your credentials to authenticate with {{ site.data.variables.product.product_name }}, unless you cache them with a [credential helper](/github/using-git/caching-your-github-credentials-in-git). {{ site.data.reusables.user_settings.password-authentication-deprecation }}
* You can work with all repositories on {{ site.data.variables.product.product_name }} over SSH, although firewalls and proxys might refuse to allow SSH connections. Using SSH requires you to generate an SSH public/private keypair on your local machine and add the public key to your {{ site.data.variables.product.product_name }} account. Every time you use Git to authenticate with {{ site.data.variables.product.product_name }}, you'll be prompted to enter your SSH key passphrase, unless you've [stored the key](/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent). For more information, see "[Generating a new SSH key and adding it to the ssh-agent](/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)."
{% if currentVersion == "free-pro-team@latest" %}To use a personal access token or SSH key to access resources owned by an organization that uses SAML single sign-on, you must also authorize the personal token or SSH key. For more information, see "[Authorizing a personal access token for use with SAML single sign-on](/github/authenticating-to-github/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)" or "[Authorizing an SSH key for use with SAML single sign-on](/github/authenticating-to-github/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)."{% endif %}

31
content/github/authenticating-to-github/about-authentication-with-saml-single-sign-on.md Normal file
View File

@@ -0,0 +1,31 @@
---
title: About authentication with SAML single sign-on
intro: 'You can access an organization that uses SAML single sign-on (SSO) by authenticating through an identity provider (IdP). To authenticate with the API or Git on the command line when an organization enforces SAML SSO, you must authorize your personal access token or SSH key.'
product: '{{ site.data.reusables.gated-features.saml-sso }}'
redirect_from:
- /articles/about-authentication-with-saml-single-sign-on
versions:
free-pro-team: '*'
---
{{ site.data.reusables.saml.dotcom-saml-explanation }} Organization owners can invite your user account on {{ site.data.variables.product.prodname_dotcom }} to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on {{ site.data.variables.product.prodname_dotcom }}.
When you access resources within an organization that uses SAML SSO, {{ site.data.variables.product.prodname_dotcom }} will redirect you to the organization's SAML IdP to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to {{ site.data.variables.product.prodname_dotcom }}, where you can access the organization's resources.
{{ site.data.reusables.saml.outside-collaborators-exemption }}
If you have recently authenticated with your organization's SAML IdP in your browser, you are automatically authorized when you access a {{ site.data.variables.product.prodname_dotcom }} organization that uses SAML SSO. If you haven't recently authenticated with your organization's SAML IdP in your browser, you must authenticate at the SAML IdP before you can access the organization.
You must periodically authenticate with your SAML IdP to authenticate and gain access to the organization's resources on {{ site.data.variables.product.prodname_dotcom }}. The duration of this login period is specified by your IdP and is generally 24 hours. This periodic login requirement limits the length of access and requires you to re-identify yourself to continue. You can view and manage your active SAML sessions in your security settings. For more information, see "[Viewing and managing your active SAML sessions](/articles/viewing-and-managing-your-active-saml-sessions)."
To use the API or Git on the command line to access protected content in an organization that uses SAML SSO, you will need to use an authorized personal access token over HTTPS or an authorized SSH key. {{ site.data.variables.product.prodname_oauth_app }} access tokens are authorized by default.
If you don't have a personal access token or an SSH key, you can create a personal access token for the command line or generate a new SSH key. For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)" or "[Generating a new SSH key and adding it to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)."
To use a new or existing personal access token or SSH key with an organization that enforces SAML SSO, you will need to authorize the token or authorize the SSH key for use with a SAML SSO organization. For more information, see "[Authorizing a personal access token for use with SAML single sign-on](/articles/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)" or "[Authorizing an SSH key for use with SAML single sign-on](/articles/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)."
You must have an active SAML session each time you authorize an {{ site.data.variables.product.prodname_oauth_app }}.
### Further reading
- "[About identity and access management with SAML single sign-on](/github/setting-up-and-managing-organizations-and-teams/about-identity-and-access-management-with-saml-single-sign-on)"

70
content/github/authenticating-to-github/about-commit-signature-verification.md Normal file
View File

@@ -0,0 +1,70 @@
---
title: About commit signature verification
intro: 'Using GPG{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.14" %} or S/MIME{% endif %}, you can sign tags and commits locally. These tags or commits are marked as verified on {{ site.data.variables.product.product_name }} so other people can trust that the changes come from a trusted source.'
redirect_from:
- /articles/about-gpg-commit-and-tag-signatures/
- /articles/about-gpg/
- /articles/about-commit-signature-verification
versions:
free-pro-team: '*'
enterprise-server: '*'
---
### About commit signature verification
You can sign commits and tags locally, so other people can verify that your work comes from a trusted source. If a commit or tag has a GPG or S/MIME signature that is cryptographically verifiable, {{ site.data.variables.product.product_name }} marks the commit or tag as verified.
![Verified commit](/assets/images/help/commits/verified-commit.png)
If a commit or tag has a signature that cannot be verified, {{ site.data.variables.product.product_name }} marks the commit or tag as unverified.
Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified. For more information, see "[About required commit signing](/articles/about-required-commit-signing)."
You can check the verification status of your signed commits or tags on {{ site.data.variables.product.product_name }} and view why your commit signatures might be unverified. For more information, see "[Checking your commit and tag signature verification status](/articles/checking-your-commit-and-tag-signature-verification-status)."
{% if currentVersion == "free-pro-team@latest" %} {{ site.data.variables.product.product_name }} will automatically use GPG to sign commits you make using the {{ site.data.variables.product.product_name }} web interface, except for when you squash and merge a pull request that you are not the author of. Commits signed by {{ site.data.variables.product.product_name }} will have a verified status on {{ site.data.variables.product.product_name }}. You can verify the signature locally using the public key available at https://github.com/web-flow.gpg.{% endif %}
### GPG commit signature verification
You can use GPG to sign commits with a GPG key that you generate yourself.
{{ site.data.variables.product.product_name }} uses OpenPGP libraries to confirm that your locally signed commits and tags are cryptographically verifiable against a public key you have added to your {{ site.data.variables.product.product_name }} account.
To sign commits using GPG and have those commits verified on {{ site.data.variables.product.product_name }}, follow these steps:
1. [Check for existing GPG keys](/articles/checking-for-existing-gpg-keys)
2. [Generate a new GPG key](/articles/generating-a-new-gpg-key)
3. [Add a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)
4. [Tell Git about your signing key](/articles/telling-git-about-your-signing-key)
5. [Sign commits](/articles/signing-commits)
6. [Sign tags](/articles/signing-tags)
### S/MIME commit signature verification
You can use S/MIME to sign commits with an X.509 key issued by your organization.
{{ site.data.variables.product.product_name }} uses [the Debian ca-certificates package](https://packages.debian.org/hu/jessie/ca-certificates), the same trust store used by Mozilla browsers, to confirm that your locally signed commits and tags are cryptographically verifiable against a public key in a trusted root certificate.
{{ site.data.reusables.gpg.smime-git-version }}
To sign commits using S/MIME and have those commits verified on {{ site.data.variables.product.product_name }}, follow these steps:
1. [Tell Git about your signing key](/articles/telling-git-about-your-signing-key)
2. [Sign commits](/articles/signing-commits)
3. [Sign tags](/articles/signing-tags)
You don't need to upload your public key to {{ site.data.variables.product.product_name }}.
{% if currentVersion == "free-pro-team@latest" %}
### Signature verification for bots
Organizations and {{ site.data.variables.product.prodname_github_app }}s that require commit signing can use bots to sign commits. If a commit or tag has a bot signature that is cryptographically verifiable, {{ site.data.variables.product.product_name }} marks the commit or tag as verified.
Signature verification for bots will only work if the request is verified and authenticated as the {{ site.data.variables.product.prodname_github_app }} or bot and contains no custom author information, custom committer information, and no custom signature information, such as Commits API.
{% endif %}
### Further reading
- "[Signing commits](/articles/signing-commits)"
- "[Signing tags](/articles/signing-tags)"
- "[Troubleshooting commit signature verification](/articles/troubleshooting-commit-signature-verification)"

24
content/github/authenticating-to-github/about-githubs-ip-addresses.md Normal file
View File

@@ -0,0 +1,24 @@
---
title: About GitHub's IP addresses
intro: '{{ site.data.variables.product.product_name }} serves applications from multiple IP address ranges, which are available using the API.'
redirect_from:
- /articles/what-ip-addresses-does-github-use-that-i-should-whitelist/
- /categories/73/articles/
- /categories/administration/
- /articles/github-s-ip-addresses/
- /articles/about-github-s-ip-addresses
- /articles/about-githubs-ip-addresses
versions:
free-pro-team: '*'
---
You can retrieve a list of {{ site.data.variables.product.prodname_dotcom }}'s IP addresses from the [meta](https://api.github.com/meta) API endpoint. For more information, see "[Meta](/v3/meta/)."
These ranges are in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation). You can use an online conversion tool such as this [CIDR / VLSM Supernet Calculator](http://www.subnet-calculator.com/cidr.php) to convert from CIDR notation to IP address ranges.
We make changes to our IP addresses from time to time, and will keep this API up to date. We do not recommend allowing by IP address, however if you use these IP ranges we strongly encourage regular monitoring of our API.
For applications to function, you must allow TCP ports 22, 80, 443, and 9418 via our IP ranges for `github.com`.
### Further reading
- "[Troubleshooting connectivity problems](/articles/troubleshooting-connectivity-problems)"

33
content/github/authenticating-to-github/about-ssh.md Normal file
View File

@@ -0,0 +1,33 @@
---
title: About SSH
intro: 'Using the SSH protocol, you can connect and authenticate to remote servers and services. With SSH keys, you can connect to {{ site.data.variables.product.product_name }} without supplying your username or password at each visit.'
redirect_from:
- /articles/about-ssh
versions:
free-pro-team: '*'
enterprise-server: '*'
---
When you set up SSH, you'll [generate an SSH key and add it to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) and then [add the key to your {{ site.data.variables.product.product_name }} account](/articles/adding-a-new-ssh-key-to-your-github-account). Adding the SSH key to the ssh-agent ensures that your SSH key has an extra layer of security through the use of a passphrase. For more information, see "[Working with SSH key passphrases](/articles/working-with-ssh-key-passphrases)."
{% if currentVersion == "free-pro-team@latest" %}To use your SSH key with a repository owned by an organization that uses SAML single sign-on, you'll need to authorize it first. For more information, see "[Authorizing an SSH key for use with SAML single sign-on](/articles/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)."{% endif %}
We recommend that you regularly [review your SSH keys list](/articles/reviewing-your-ssh-keys) and revoke any that are invalid or have been compromised.
{% if currentVersion == "free-pro-team@latest" %}
If you haven't used your SSH key for a year, then {{ site.data.variables.product.prodname_dotcom }} will automatically delete your inactive SSH key as a security precaution. For more information, see "[Deleted or missing SSH keys](/articles/deleted-or-missing-ssh-keys)."
{% endif %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.18" %}
If you're a member of an organization that provides SSH certificates, you can use your certificate to access that organization's repositories without adding the certificate to your {{ site.data.variables.product.product_name }} account. For more information, see "[About SSH certificate authorities](/articles/about-ssh-certificate-authorities)."
{% endif %}
### Further reading
- "[Checking for existing SSH keys](/articles/checking-for-existing-ssh-keys)"
- "[Testing your SSH connection](/articles/testing-your-ssh-connection)"
- "[Working with SSH key passphrases](/articles/working-with-ssh-key-passphrases)"
- "[Troubleshooting SSH](/articles/troubleshooting-ssh)"
{%- if currentVersion == "free-pro-team@latest" %}
- "[Authorizing an SSH key for use with SAML single sign-on](/articles/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)"
{%- endif %}

39
content/github/authenticating-to-github/about-two-factor-authentication.md Normal file
View File

@@ -0,0 +1,39 @@
---
title: About two-factor authentication
intro: 'Two-factor authentication, or 2FA, is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to.'
redirect_from:
- /articles/about-two-factor-authentication
versions:
free-pro-team: '*'
enterprise-server: '*'
---
For {{ site.data.variables.product.product_name }}, the second form of authentication is a code that's generated by an application on your mobile device{% if currentVersion == "free-pro-team@latest" %} or sent as a text message (SMS){% endif %}. After you enable 2FA, {{ site.data.variables.product.product_name }} generates an authentication code any time someone attempts to sign into your {{ site.data.variables.product.product_name }} account. The only way someone can sign into your account is if they know both your password and have access to the authentication code on your phone.
{{ site.data.reusables.two_fa.after-2fa-add-security-key }}
You can also configure additional recovery methods in case you lose access to your two-factor authentication credentials. For more information on setting up 2FA, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)" and "[Configuring two-factor authentication recovery methods](/articles/configuring-two-factor-authentication-recovery-methods)."
We **strongly** urge you to enable 2FA for the safety of your account, not only on {{ site.data.variables.product.product_name }}, but on other websites and apps that support 2FA. You can enable 2FA to access {{ site.data.variables.product.product_name }} and {{ site.data.variables.product.prodname_desktop }}.
For more information, see "[Accessing {{ site.data.variables.product.prodname_dotcom }} using two-factor authentication](/articles/accessing-github-using-two-factor-authentication)."
### Two-factor authentication recovery codes
{{ site.data.reusables.two_fa.about-recovery-codes }} For more information, see "[Recovering your account if you lose your 2FA credentials](/articles/recovering-your-account-if-you-lose-your-2fa-credentials)."
{% if currentVersion == "free-pro-team@latest" %}
{% warning %}
**Warning**: {{ site.data.reusables.two_fa.support-may-not-help }} For more information, see "[Recovering your account if you lose your 2FA credentials](/articles/recovering-your-account-if-you-lose-your-2fa-credentials)."
{% endwarning %}
{% endif %}
### Requiring two-factor authentication in your organization
Organization owners can require that organization members{% if currentVersion == "free-pro-team@latest" %}, billing managers,{% endif %} and outside collaborators use two-factor authentication to secure their personal accounts. For more information, see "[Requiring two-factor authentication in your organization](/articles/requiring-two-factor-authentication-in-your-organization)."
{{ site.data.reusables.two_fa.auth_methods_2fa }}

67
content/github/authenticating-to-github/accessing-github-using-two-factor-authentication.md Normal file
View File

@@ -0,0 +1,67 @@
---
title: Accessing GitHub using two-factor authentication
intro: 'With 2FA enabled, you''ll be asked to provide your 2FA authentication code, as well as your password, when you sign in to {{ site.data.variables.product.product_name }}.'
redirect_from:
- /articles/providing-your-2fa-security-code/
- /articles/providing-your-2fa-authentication-code/
- /articles/authenticating-to-github-using-fido-u2f-via-nfc/
- /articles/accessing-github-using-two-factor-authentication
versions:
free-pro-team: '*'
enterprise-server: '*'
---
With two-factor authentication enabled, you'll need to provide an authentication code when accessing {{ site.data.variables.product.product_name }} through your browser. If you access {{ site.data.variables.product.product_name }} using other methods, such as the API or the command line, you'll need to use an alternative form of authentication. For more information, see "[About authentication to {{ site.data.variables.product.prodname_dotcom }}](/github/authenticating-to-github/about-authentication-to-github)."
### Providing a 2FA code when signing in to the website
After you sign in to {{ site.data.variables.product.product_name }} using your password, you'll be prompted to provide an authentication code from {% if currentVersion == "free-pro-team@latest" %}a text message or{% endif %} your TOTP app.
{{ site.data.variables.product.product_name }} will only ask you to provide your 2FA authentication code again if you've logged out, are using a new device, or your session expires.
#### Generating a code through a TOTP application
If you chose to set up two-factor authentication using a TOTP application on your smartphone, you can generate an authentication code for {{ site.data.variables.product.product_name }} at any time. In most cases, just launching the application will generate a new code. You should refer to your application's documentation for specific instructions.
If you delete the mobile application after configuring two-factor authentication, you'll need to provide your recovery code to get access to your account. For more information, see "[Recovering your account if you lose your two-factor authentication credentials](/articles/recovering-your-account-if-you-lose-your-2fa-credentials)"
{% if currentVersion == "free-pro-team@latest" %}
#### Receiving a text message
If you set up two-factor authentication via text messages, {{ site.data.variables.product.product_name }} will send you a text message with your authentication code.
{% endif %}
### Using two-factor authentication with the command line
After you've enabled 2FA, you must use a personal access token or SSH key instead of your password when accessing {{ site.data.variables.product.product_name }} on the command line.
#### Authenticating on the command line using HTTPS
After you've enabled 2FA, you must create a personal access token to use as a password when authenticating to {{ site.data.variables.product.product_name }} on the command line using HTTPS URLs.
When prompted for a username and password on the command line, use your {{ site.data.variables.product.product_name }} username and personal access token. The command line prompt won't specify that you should enter your personal access token when it asks for your password.
For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
#### Authenticating on the command line using SSH
Enabling 2FA doesn't change how you authenticate to {{ site.data.variables.product.product_name }} on the command line using SSH URLs. For more information about setting up and using an SSH key, see "[Connecting to {{ site.data.variables.product.prodname_dotcom }} with SSH](/articles/connecting-to-github-with-ssh/)."
### Using two-factor authentication to access a repository using Subversion
When you access a repository via Subversion, you must provide a personal access token instead of entering your password. For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
### Troubleshooting
If you lose access to your two-factor authentication credentials, you can use your recovery codes or another recovery method (if you've set one up) to regain access to your account. For more information, see "[Recovering your account if you lose your 2FA credentials](/articles/recovering-your-account-if-you-lose-your-2fa-credentials)."
If your authentication fails several times, you may wish to synchronize your phone's clock with your mobile provider. Often, this involves checking the "Set automatically" option on your phone's clock, rather than providing your own time zone.
### Further reading
- "[About two-factor authentication](/articles/about-two-factor-authentication)"
- "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)"
- "[Configuring two-factor authentication recovery methods](/articles/configuring-two-factor-authentication-recovery-methods)"
- "[Recovering your account if you lose your two-factor authentication credentials](/articles/recovering-your-account-if-you-lose-your-2fa-credentials)"

37
content/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account.md Normal file
View File

@@ -0,0 +1,37 @@
---
title: Adding a new GPG key to your GitHub account
intro: 'To configure your {{ site.data.variables.product.product_name }} account to use your new (or existing) GPG key, you''ll also need to add it to your {{ site.data.variables.product.product_name }} account.'
redirect_from:
- /articles/adding-a-new-gpg-key-to-your-github-account
versions:
free-pro-team: '*'
enterprise-server: '*'
---
Before adding a new GPG key to your {{ site.data.variables.product.product_name }} account, you should have:
- [Checked for existing GPG keys](/articles/checking-for-existing-gpg-keys)
- [Generated and copied a new GPG key](/articles/generating-a-new-gpg-key)
{{ site.data.reusables.gpg.supported-gpg-key-algorithms }}
When verifying a signature, we extract the signature and attempt to parse its key-id. We match the key-id with keys uploaded to {{ site.data.variables.product.product_name }}. Until you upload your GPG key to {{ site.data.variables.product.product_name }}, we cannot verify your signatures.
### Adding a GPG key
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
3. Click **New GPG key**.
![GPG Key button](/assets/images/help/settings/gpg-add-gpg-key.png)
4. In the "Key" field, paste the GPG key you copied when you [generated your GPG key](/articles/generating-a-new-gpg-key).
![The key field](/assets/images/help/settings/gpg-key-paste.png)
5. Click **Add GPG key**.
![The Add key button](/assets/images/help/settings/gpg-add-key.png)
6. To confirm the action, enter your {{ site.data.variables.product.product_name }} password.
### Further reading
* "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
* "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
* "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
* "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
* "[Signing commits and tags using GPG keys](/articles/signing-commits-and-tags-using-gpg)"

117
content/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account.md Normal file
View File

@@ -0,0 +1,117 @@
---
title: Adding a new SSH key to your GitHub account
intro: 'To configure your {{ site.data.variables.product.product_name }} account to use your new (or existing) SSH key, you''ll also need to add it to your {{ site.data.variables.product.product_name }} account.'
redirect_from:
- /articles/adding-a-new-ssh-key-to-your-github-account
versions:
free-pro-team: '*'
enterprise-server: '*'
---
Before adding a new SSH key to your {{ site.data.variables.product.product_name }} account, you should have:
* [Checked for existing SSH keys](/articles/checking-for-existing-ssh-keys)
* [Generated a new SSH key and added it to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)
After adding a new SSH key to your {{ site.data.variables.product.product_name }} account, you can reconfigure any local repositories to use SSH. For more information, see "[Switching remote URLs from HTTPS to SSH](/articles/changing-a-remote-s-url/#switching-remote-urls-from-https-to-ssh)."
{{ site.data.reusables.ssh.dsa-support }}
{% mac %}
1. Copy the SSH key to your clipboard.
If your SSH key file has a different name than the example code, modify the filename to match your current setup. When copying your key, don't add any newlines or whitespace.
```shell
$ pbcopy < ~/.ssh/id_rsa.pub
# Copies the contents of the id_rsa.pub file to your clipboard
```
{% tip %}
**Tip:** If `pbcopy` isn't working, you can locate the hidden `.ssh` folder, open the file in your favorite text editor, and copy it to your clipboard.
{% endtip %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
4. Click **New SSH key** or **Add SSH key**.
![SSH Key button](/assets/images/help/settings/ssh-add-ssh-key.png)
5. In the "Title" field, add a descriptive label for the new key. For example, if you're using a personal Mac, you might call this key "Personal MacBook Air".
6. Paste your key into the "Key" field.
![The key field](/assets/images/help/settings/ssh-key-paste.png)
7. Click **Add SSH key**.
![The Add key button](/assets/images/help/settings/ssh-add-key.png)
{{ site.data.reusables.user_settings.sudo-mode-popup }}
{% endmac %}
{% windows %}
1. Copy the SSH key to your clipboard.
If your SSH key file has a different name than the example code, modify the filename to match your current setup. When copying your key, don't add any newlines or whitespace.
```shell
$ clip < ~/.ssh/id_rsa.pub
# Copies the contents of the id_rsa.pub file to your clipboard
```
{% tip %}
**Tip:** If `clip` isn't working, you can locate the hidden `.ssh` folder, open the file in your favorite text editor, and copy it to your clipboard.
{% endtip %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
4. Click **New SSH key** or **Add SSH key**.
![SSH Key button](/assets/images/help/settings/ssh-add-ssh-key.png)
5. In the "Title" field, add a descriptive label for the new key. For example, if you're using a personal Mac, you might call this key "Personal MacBook Air".
6. Paste your key into the "Key" field.
![The key field](/assets/images/help/settings/ssh-key-paste.png)
7. Click **Add SSH key**.
![The Add key button](/assets/images/help/settings/ssh-add-key.png)
8. If prompted, confirm your {{ site.data.variables.product.product_name }} password.
![Sudo mode dialog](/assets/images/help/settings/sudo_mode_popup.png)
{% endwindows %}
{% linux %}
1. Copy the SSH key to your clipboard.
If your SSH key file has a different name than the example code, modify the filename to match your current setup. When copying your key, don't add any newlines or whitespace.
```shell
$ sudo apt-get install xclip
# Downloads and installs xclip. If you don't have `apt-get`, you might need to use another installer (like `yum`)
$ xclip -sel clip < ~/.ssh/id_rsa.pub
# Copies the contents of the id_rsa.pub file to your clipboard
```
{% tip %}
**Tip:** If `xclip` isn't working, you can locate the hidden `.ssh` folder, open the file in your favorite text editor, and copy it to your clipboard.
{% endtip %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
4. Click **New SSH key** or **Add SSH key**.
![SSH Key button](/assets/images/help/settings/ssh-add-ssh-key.png)
5. In the "Title" field, add a descriptive label for the new key. For example, if you're using a personal Mac, you might call this key "Personal MacBook Air".
6. Paste your key into the "Key" field.
![The key field](/assets/images/help/settings/ssh-key-paste.png)
7. Click **Add SSH key**.
![The Add key button](/assets/images/help/settings/ssh-add-key.png)
8. If prompted, confirm your {{ site.data.variables.product.product_name }} password.
![Sudo mode dialog](/assets/images/help/settings/sudo_mode_popup.png)
{% endlinux %}
{% if currentVersion == "free-pro-team@latest" %}
### Further reading
- "[Authorizing an SSH key for use with SAML single sign-on](/articles/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)"
{% endif %}

50
content/github/authenticating-to-github/associating-an-email-with-your-gpg-key.md Normal file
View File

@@ -0,0 +1,50 @@
---
title: Associating an email with your GPG key
intro: 'Your GPG key must be associated with a {{ site.data.variables.product.product_name }} verified email that matches your committer identity.'
redirect_from:
- /articles/associating-an-email-with-your-gpg-key
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{% note %}
If you're using a GPG key that matches your committer identity and your verified email address associated with your {{ site.data.variables.product.product_name }} account, then you can begin signing commits and signing tags.
{% endnote %}
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
{{ site.data.reusables.gpg.list-keys-with-note }}
{{ site.data.reusables.gpg.copy-gpg-key-id }}
4. Enter `gpg --edit-key GPG key ID`, substituting in the GPG key ID you'd like to use. In the following example, the GPG key ID is `3AA5C34371567BD2`:
```shell
$ gpg --edit-key <em>3AA5C34371567BD2</em>
```
5. Enter `gpg> adduid` to add the user ID details.
```shell
$ gpg> adduid
```
6. Follow the prompts to supply your real name, email address, and any comments. You can modify your entries by choosing `N`, `C`, or `E`. {{ site.data.reusables.gpg.private-email }} {% if currentVersion == "free-pro-team@latest" %} For more information, see "[Setting your commit email address](/articles/setting-your-commit-email-address)."{% endif %}
```shell
Real Name: <em>Octocat</em>
Email address: <em>octocat@github.com</em>
Comment: <em>GitHub key</em>
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
```
7. Enter `O` to save your selections.
8. Enter your key's passphrase.
9. Enter `gpg --armor --export GPG key ID`, substituting in the GPG key ID you'd like to use. In the following example, the GPG key ID is `3AA5C34371567BD2`:
```shell
$ gpg --armor --export <em>3AA5C34371567BD2</em>
# Prints the GPG key, in ASCII armor format
```
10. Upload the GPG key by [adding it to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account).
### Further reading
- "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
- "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
- "[Using a verified email address in your GPG key](/articles/using-a-verified-email-address-in-your-gpg-key)"
- "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
- "[Signing commits](/articles/signing-commits)"
- "[Signing tags](/articles/signing-tags)"

11
content/github/authenticating-to-github/authenticating-with-saml-single-sign-on.md Normal file
View File

@@ -0,0 +1,11 @@
---
title: Authenticating with SAML single sign-on
intro: 'You can authenticate to a {{ site.data.variables.product.product_name }} organization with SAML single sign-on (SSO) and view your active sessions.'
mapTopic: true
redirect_from:
- /articles/authenticating-to-a-github-organization-with-saml-single-sign-on/
- /articles/authenticating-with-saml-single-sign-on
versions:
free-pro-team: '*'
---

25
content/github/authenticating-to-github/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on.md Normal file
View File

@@ -0,0 +1,25 @@
---
title: Authorizing a personal access token for use with SAML single sign-on
intro: 'To use a personal access token with an organization that uses SAML single sign-on (SSO), you must first authorize the token.'
redirect_from:
- /articles/authorizing-a-personal-access-token-for-use-with-a-saml-single-sign-on-organization/
- /articles/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on
versions:
free-pro-team: '*'
---
You can authorize an existing personal access token, or [create a new personal access token](/github/authenticating-to-github/creating-a-personal-access-token) and then authorize it.
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.developer_settings }}
{{ site.data.reusables.user_settings.personal_access_tokens }}
3. Next to the token you'd like to authorize, click **Enable SSO** or **Disable SSO**.
![SSO token authorize button](/assets/images/help/settings/sso-allowlist-button.png)
4. Find the organization you'd like to authorize the access token for.
4. Click **Authorize**.
![Token authorize button](/assets/images/help/settings/token-authorize-button.png)
### Further reading
- "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)"
- "[About authentication with SAML single sign-on](/articles/about-authentication-with-saml-single-sign-on)"

30
content/github/authenticating-to-github/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md Normal file
View File

@@ -0,0 +1,30 @@
---
title: Authorizing an SSH key for use with SAML single sign-on
intro: 'To use an SSH key with an organization that uses SAML single sign-on (SSO), you must first authorize the key.'
redirect_from:
- /articles/authorizing-an-ssh-key-for-use-with-a-saml-single-sign-on-organization/
- /articles/authorizing-an-ssh-key-for-use-with-saml-single-sign-on
versions:
free-pro-team: '*'
---
You can authorize an existing SSH key, or create a new SSH key and then authorize it. For more information about creating a new SSH key, see "[Generating a new SSH key and adding it to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)."
{% note %}
**Note:** If your SSH key authorization is revoked by an organization, you will not be able to reauthorize the same key. You will need to create a new SSH key and authorize it. For more information about creating a new SSH key, see "[Generating a new SSH key and adding it to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)."
{% endnote %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
3. Next to the SSH key you'd like to authorize, click **Enable SSO** or **Disable SSO**.
![SSO token authorize button](/assets/images/help/settings/ssh-sso-button.png)
4. Find the organization you'd like to authorize the SSH key for.
5. Click **Authorize**.
![Token authorize button](/assets/images/help/settings/ssh-sso-authorize.png)
### Further reading
- "[Checking for existing SSH keys](/articles/checking-for-existing-ssh-keys)"
- "[About authentication with SAML single sign-on](/articles/about-authentication-with-saml-single-sign-on)"

85
content/github/authenticating-to-github/authorizing-oauth-apps.md Normal file
View File

@@ -0,0 +1,85 @@
---
title: Authorizing OAuth Apps
intro: 'You can connect your {{ site.data.variables.product.product_name }} identity to third-party applications using OAuth. When authorizing an {{ site.data.variables.product.prodname_oauth_app }}, you should ensure you trust the application, review who it''s developed by, and review the kinds of information the application wants to access.'
redirect_from:
- /articles/authorizing-oauth-apps
versions:
free-pro-team: '*'
enterprise-server: '*'
---
When an {{ site.data.variables.product.prodname_oauth_app }} wants to identify you by your {{ site.data.variables.product.product_name }} account, you'll see a page with the app's developer contact information and a list of the specific data that's being requested.
{% if currentVersion == "free-pro-team@latest" %}
{% tip %}
**Tip:** You must [verify your email address](/articles/verifying-your-email-address) before you can authorize an {{ site.data.variables.product.prodname_oauth_app }}.
{% endtip %}
{% endif %}
### {{ site.data.variables.product.prodname_oauth_app }} access
{{ site.data.variables.product.prodname_oauth_app }}s can have *read* or *write* access to your {{ site.data.variables.product.product_name }} data.
- **Read access** only allows an app to *look at* your data.
- **Write access** allows an app to *change* your data.
{% tip %}
**Tip:** {{ site.data.reusables.user_settings.review_oauth_tokens_tip }}
{% endtip %}
#### About OAuth scopes
*Scopes* are named groups of permissions that an {{ site.data.variables.product.prodname_oauth_app }} can request to access both public and non-public data.
When you want to use an {{ site.data.variables.product.prodname_oauth_app }} that integrates with {{ site.data.variables.product.product_name }}, that app lets you know what type of access to your data will be required. If you grant access to the app, then the app will be able to perform actions on your behalf, such as reading or modifying data. For example, if you want to use an app that requests `user:email` scope, the app will have read-only access to your private email addresses. For more information, see "[About scopes for {{ site.data.variables.product.prodname_oauth_app }}s](//apps/building-integrations/setting-up-and-registering-oauth-apps/about-scopes-for-oauth-apps)."
{% tip %}
**Note:** Currently, you can't scope source code access to read-only.
{% endtip %}
#### Types of requested data
{{ site.data.variables.product.prodname_oauth_app }}s can request several types of data.
| Type of data | Description |
| --- | --- |
| Commit status | You can grant access for an app to report your commit status. Commit status access allows apps to determine if a build is a successful against a specific commit. Apps won't have access to your code, but they can read and write status information against a specific commit. |
| Deployments | Deployment status access allows apps to determine if a deployment is successful against a specific commit for public and private repositories. Apps won't have access to your code. |
| Gists | [Gist](https://gist.github.com) access allows apps to read or write to both your public and secret Gists. |
| Hooks | [Webhooks](/webhooks) access allows apps to read or write hook configurations on repositories you manage. |
| Notifications | Notification access allows apps to read your {{ site.data.variables.product.product_name }} notifications, such as comments on issues and pull requests. However, apps remain unable to access anything in your repositories. |
| Organizations and teams | Organization and teams access allows apps to access and manage organization and team membership. |
| Personal user data | User data includes information found in your user profile, like your name, e-mail address, and location. |
| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Apps can request access for either public or private repositories on a user-wide level. |
| Repository delete | Apps can request to delete repositories that you administer, but they won't have access to your code. |
### Requesting updated permissions
When {{ site.data.variables.product.prodname_oauth_app }}s request new access permissions, they will notify you of the differences between their current permissions and the new permissions.
{% if currentVersion == "free-pro-team@latest" %}
### {{ site.data.variables.product.prodname_oauth_app }}s and organizations
When you authorize an {{ site.data.variables.product.prodname_oauth_app }} for your personal user account, you'll also see how the authorization will affect each organization you're a member of.
- **For organizations *with* {{ site.data.variables.product.prodname_oauth_app }} access restrictions, you can request that organization admins approve the application for use in that organization.** If the organization does not approve the application, then the application will only be able to access the organization's public resources. If you're an organization admin, you can [approve the application](/articles/approving-oauth-apps-for-your-organization) yourself.
- **For organizations *without* {{ site.data.variables.product.prodname_oauth_app }} access restrictions, the application will automatically be authorized for access to that organization's resources.** For this reason, you should be careful about which {{ site.data.variables.product.prodname_oauth_app }}s you approve for access to your personal account resources as well as any organization resources.
If you belong to any organizations that enforce SAML single sign-on, you must have an active SAML session for each organization each time you authorize an {{ site.data.variables.product.prodname_oauth_app }}.
### Further reading
- "[About {{ site.data.variables.product.prodname_oauth_app }} access restrictions](/articles/about-oauth-app-access-restrictions)"
- "[{{ site.data.variables.product.prodname_marketplace }} support](/articles/github-marketplace-support)"
{% endif %}

30
content/github/authenticating-to-github/changing-two-factor-authentication-delivery-methods-for-your-mobile-device.md Normal file
View File

@@ -0,0 +1,30 @@
---
title: Changing two-factor authentication delivery methods for your mobile device
intro: You can switch between receiving authentication codes through a text message or a mobile application.
redirect_from:
- /articles/changing-two-factor-authentication-delivery-methods/
- /articles/changing-two-factor-authentication-delivery-methods-for-your-mobile-device
versions:
free-pro-team: '*'
---
{% note %}
**Note:** Changing your two-factor authentication method invalidates your current two-factor method setup. However, this doesn't affect your recovery codes or fallback SMS configuration. You can update your recovery codes or fallback SMS configuration on in your personal account's security settings page if desired.
{% endnote %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.security }}
3. Next to "SMS delivery", click **Edit**.
![Edit SMS delivery options](/assets/images/help/2fa/edit-sms-delivery-option.png)
4. Under "Delivery options", click **Reconfigure two-factor authentication**.
![Switching your 2FA delivery options](/assets/images/help/2fa/2fa-switching-methods.png)
5. Decide whether to set up two-factor authentication using a TOTP mobile app or text message. For more information, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)."
- To set up two-factor authentication using a TOTP mobile app, click **Set up using an app**.
- To set up two-factor authentication using text message (SMS), click **Set up using SMS**.
### Further reading
- "[About two-factor authentication](/articles/about-two-factor-authentication)"
- "[Configuring two-factor authentication recovery methods](/articles/configuring-two-factor-authentication-recovery-methods)"

31
content/github/authenticating-to-github/checking-for-existing-gpg-keys.md Normal file
View File

@@ -0,0 +1,31 @@
---
title: Checking for existing GPG keys
intro: 'Before you generate a GPG key, you can check to see if you have any existing GPG keys.'
redirect_from:
- /articles/checking-for-existing-gpg-keys
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{{ site.data.reusables.gpg.supported-gpg-key-algorithms }}
{% note %}
**Note:** GPG does not come installed by default on OS X or Windows. To install GPG command line tools, see [GnuPG's Download page](https://www.gnupg.org/download/).
{% endnote %}
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
{{ site.data.reusables.gpg.list-keys-with-note }}
3. Check the command output to see if you have a GPG key pair.
* If there are no GPG key pairs or you don't want to use any that are available for signing commits and tags, then [generate a new GPG key](/articles/generating-a-new-gpg-key).
* If there's an existing GPG key pair and you want to use it to sign commits and tags, then [add your GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account).
### Further reading
* "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
* "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
* "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
* "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
* "[Signing commits](/articles/signing-commits)"
* "[Signing tags](/articles/signing-tags)"

34
content/github/authenticating-to-github/checking-for-existing-ssh-keys.md Normal file
View File

@@ -0,0 +1,34 @@
---
title: Checking for existing SSH keys
intro: 'Before you generate an SSH key, you can check to see if you have any existing SSH keys.'
redirect_from:
- /articles/checking-for-existing-ssh-keys
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{{ site.data.reusables.ssh.dsa-support }}
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
2. Enter `ls -al ~/.ssh` to see if existing SSH keys are present:
```shell
$ ls -al ~/.ssh
# Lists the files in your .ssh directory, if they exist
```
3. Check the directory listing to see if you already have a public SSH key. By default, the filenames of the public keys are one of the following:
- *id_rsa.pub*
- *id_ecdsa.pub*
- *id_ed25519.pub*{% if currentVersion != "free-pro-team@latest" and currentVersion ver_lt "enterprise-server@2.19" %}
- *id_dsa.pub*{% endif %}
If you don't have an existing public and private key pair, or don't wish to use any that are available to connect to {{ site.data.variables.product.product_name }}, then [generate a new SSH key](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
If you see an existing public and private key pair listed (for example *id_rsa.pub* and *id_rsa*) that you would like to use to connect to {{ site.data.variables.product.product_name }}, you can [add your SSH key to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/#adding-your-ssh-key-to-the-ssh-agent).
{% tip %}
**Tip:** If you receive an error that *~/.ssh* doesn't exist, don't worry! We'll create it when we [generate a new SSH key](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
{% endtip %}

39
content/github/authenticating-to-github/checking-your-commit-and-tag-signature-verification-status.md Normal file
View File

@@ -0,0 +1,39 @@
---
title: Checking your commit and tag signature verification status
intro: 'You can check the verification status of your commit and tag signatures on {{ site.data.variables.product.product_name }}.'
redirect_from:
- /articles/checking-your-gpg-commit-and-tag-signature-verification-status/
- /articles/checking-your-commit-and-tag-signature-verification-status
versions:
free-pro-team: '*'
enterprise-server: '*'
---
### Checking your commit signature verification status
1. On {{ site.data.variables.product.product_name }}, navigate to your pull request.
{{ site.data.reusables.repositories.review-pr-commits }}
3. Next to your commit's abbreviated commit hash, there is a box that shows whether your commit signature is verified or unverified.
![Signed commit](/assets/images/help/commits/gpg-signed-commit-verified-without-details.png)
4. To view more detailed information about the commit signature, click **Verified** or **Unverified**.
![Verified signed commit](/assets/images/help/commits/gpg-signed-commit_verified_details.png)
If your commit signature is unverified, you can learn more about why by clicking the **Unverified** box.
![Unverified signed commit](/assets/images/help/commits/gpg-signed-commit-unverified-details.png)
### Checking your tag signature verification status
{{ site.data.reusables.repositories.navigate-to-repo }}
{{ site.data.reusables.repositories.releases }}
2. At the top of the Releases page, click **Tags**.
![Tags page](/assets/images/help/releases/tags-list.png)
3. Next to your tag description, there is a box that shows whether your tag signature is verified or unverified.
![verified tag signature](/assets/images/help/commits/gpg-signed-tag-verified.png)
4. To view more detailed information about the tag signature, click **Verified** or **Unverified**. If your tag signature is unverified, you can learn more about why by clicking the **Unverified** box.
![Verified signed tag](/assets/images/help/commits/gpg-signed-tag-verified-details.png)
### Further reading
- "[About commit signature verification](/articles/about-commit-signature-verification)"
- "[Signing commits](/articles/signing-commits)"
- "[Signing tags](/articles/signing-tags)"

114
content/github/authenticating-to-github/configuring-two-factor-authentication-recovery-methods.md Normal file
View File

@@ -0,0 +1,114 @@
---
title: Configuring two-factor authentication recovery methods
intro: You can set up a variety of recovery methods to access your account if you lose your two-factor authentication credentials.
redirect_from:
- /articles/downloading-your-two-factor-authentication-recovery-codes/
- /articles/setting-a-fallback-authentication-number/
- /articles/about-recover-accounts-elsewhere/
- /articles/adding-a-fallback-authentication-method-with-recover-accounts-elsewhere/
- /articles/generating-and-storing-an-account-recovery-token/
- /articles/configuring-two-factor-authentication-recovery-methods
versions:
free-pro-team: '*'
enterprise-server: '*'
---
In addition to securely storing your two-factor authentication recovery codes, we strongly recommend configuring one or more additional recovery methods.
### Downloading your two-factor authentication recovery codes
{{ site.data.reusables.two_fa.about-recovery-codes }} You can also download your recovery codes at any point after enabling two-factor authentication.
To keep your account secure, don't share or distribute your recovery codes. We recommend saving them with a secure password manager, such as:
- [1Password](https://1password.com/)
- [Keeper](https://keepersecurity.com/)
- [LastPass](https://lastpass.com/)
If you generate new recovery codes or disable and re-enable 2FA, the recovery codes in your security settings automatically update.
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.security }}
{{ site.data.reusables.two_fa.show-recovery-codes }}
4. Save your recovery codes in a safe place. Your recovery codes can help you get back into your account if you lose access.
- To save your recovery codes on your device, click **Download**.
- To save a hard copy of your recovery codes, click **Print**.
- To copy your recovery codes for storage in a password manager, click **Copy**.
![List of recovery codes with option to download, print, or copy the codes](/assets/images/help/2fa/download-print-or-copy-recovery-codes-before-continuing.png)
### Generating a new set of recovery codes
Once you use a recovery code to regain access to your account, it cannot be reused. If you've used all 16 recovery codes, you can generate another list of codes. Generating a new set of recovery codes will invalidate any codes you previously generated.
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.security }}
{{ site.data.reusables.two_fa.show-recovery-codes }}
3. To create another batch of recovery codes, click **Generate new recovery codes**.
![Generate new recovery codes button](/assets/images/help/2fa/generate-new-recovery-codes.png)
### Configuring a security key as an additional two-factor authentication method
You can set up a security key as a secondary two-factor authentication method, and use the security key to regain access to your account. For more information, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)."
{% if currentVersion == "free-pro-team@latest" %}
### Setting a fallback authentication number
You can provide a second number for a fallback device. If you lose access to both your primary device and your recovery codes, a backup SMS number can get you back in to your account.
You can use a fallback number regardless of whether you've configured authentication via text message or TOTP mobile application.
{% warning %}
**Warning:** Using a fallback number is a last resort. We recommend configuring additional recovery methods if you set a fallback authentication number.
- Bad actors may attack cell phone carriers, so SMS authentication is risky.
- SMS messages are only supported for certain countries outside the US; for the list, see "[Countries where SMS authentication is supported](/articles/countries-where-sms-authentication-is-supported)".
{% endwarning %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.security }}
3. Next to "Fallback SMS number", click **Add**.
![Add fallback SMS number button](/assets/images/help/2fa/add-fallback-sms-number-button.png)
4. Under "Fallback SMS number", click **Add fallback SMS number**.
![Add fallback SMS number text](/assets/images/help/2fa/add_fallback_sms_number_text.png)
5. Select your country code and type your mobile phone number, including the area code. When your information is correct, click **Set fallback**.
![Set fallback SMS number](/assets/images/help/2fa/2fa-fallback-number.png)
After setup, the backup device will receive a confirmation SMS.
### Adding a fallback authentication method with Recover Accounts Elsewhere
You can generate an extra authentication credential for your account and store it with a partner recovery provider.
#### About Recover Accounts Elsewhere
With Recover Accounts Elsewhere, you can add an extra security factor to your {{ site.data.variables.product.product_name }} account in case you lose access to your two-factor authentication method or recovery codes.
Recover Accounts Elsewhere lets you associate your {{ site.data.variables.product.product_name }} account with your Facebook account. You can store an authentication credential in the form of an _account recovery token_ for your {{ site.data.variables.product.product_name }} account with Facebook.
If you lose access to your {{ site.data.variables.product.product_name }} account because you no longer have access to your two-factor authentication method or recovery codes, you can retrieve your account recovery token from the recovery provider to help prove that you're the owner of your {{ site.data.variables.product.product_name }} account.
After you retrieve your token, {{ site.data.variables.contact.contact_support }} may be able to disable two-factor authentication for your account. Then, you can provide or reset your password to regain access to your account.
When you generate or retrieve an account recovery token, an event is added to your account's audit log. For more information, see "[Reviewing your security log](/articles/reviewing-your-security-log)."
#### Generating and storing an account recovery token
You can generate an account recovery token and store it with a partner recovery provider.
1. Sign in to your Facebook account, then return to {{ site.data.variables.product.product_name }}.
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.security }}
4. To generate a new token, under "Recovery tokens," click **Store new token**. ![Button for storing a new recovery token](/assets/images/help/settings/store-new-recovery-token.png)
5. Read the information about account recovery tokens, then click **Connect with https://www.facebook.com**. ![Button for connecting a recovery token with Facebook](/assets/images/help/settings/connect-recovery-token-with-facebook.png)
6. After you're redirected to Facebook, read the information about turning on account recovery with Facebook before you click **Save as [_YOUR NAME_]**. (If you save multiple tokens within a short period of time, Facebook may skip this confirmation step after you save your first token.)
![Facebook page with button for turning on account recovery](/assets/images/help/settings/security-turn-on-rae-facebook.png)
{% endif %}
### Further reading
- "[About two-factor authentication](/articles/about-two-factor-authentication)"
- "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)"
- "[Accessing {{ site.data.variables.product.prodname_dotcom }} using two-factor authentication](/articles/accessing-github-using-two-factor-authentication)"
- "[Recovering your account if you lose your two-factor authentication credentials](/articles/recovering-your-account-if-you-lose-your-2fa-credentials)"

122
content/github/authenticating-to-github/configuring-two-factor-authentication.md Normal file
View File

@@ -0,0 +1,122 @@
---
title: Configuring two-factor authentication
intro: You can choose among multiple options to add a second source of authentication to your account.
redirect_from:
- /articles/configuring-two-factor-authentication-via-a-totp-mobile-app/
- /articles/configuring-two-factor-authentication-via-text-message/
- /articles/configuring-two-factor-authentication-via-fido-u2f/
- /articles/configuring-two-factor-authentication
versions:
free-pro-team: '*'
enterprise-server: '*'
---
You can configure two-factor authentication using a mobile app{% if currentVersion == "free-pro-team@latest" %} or via text message{% endif %}. You can also add a security key.
We strongly recommend using a time-based one-time password (TOTP) application to configure 2FA.{% if currentVersion == "free-pro-team@latest" %} TOTP applications are more reliable than SMS, especially for locations outside the United States.{% endif %} TOTP apps support the secure backup of your authentication codes in the cloud and can be restored if you lose access to your device.
{% warning %}
**Warning:**
- If you're a member{% if currentVersion == "free-pro-team@latest" %}, billing manager,{% endif %} or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA on {{ site.data.variables.product.product_location }}.
- If you disable 2FA, you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner.
{% endwarning %}
### Configuring two-factor authentication using a TOTP mobile app
A time-based one-time password (TOTP) application automatically generates an authentication code that changes after a certain period of time. We recommend using cloud-based TOTP apps such as:
- [1Password](https://support.1password.com/one-time-passwords/)
- [Authy](https://authy.com/guides/github/)
- [LastPass Authenticator](https://lastpass.com/auth/)
{% tip %}
**Tip**: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time. If 2FA is already enabled and you want to add another device, you must re-configure 2FA from your security settings.
{% endtip %}
1. Download a TOTP app.
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.security }}
{{ site.data.reusables.two_fa.enable-two-factor-authentication }}
5. On the Two-factor authentication page, click **Set up using an app**.
{{ site.data.reusables.two_fa.save_your_recovery_codes_during_2fa_setup }}
8. On the Two-factor authentication page, do one of the following:
- Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on {{ site.data.variables.product.product_name }}.
- If you can't scan the QR code, click **enter this text code** to see a code you can copy and manually enter on {{ site.data.variables.product.product_name }} instead.
![Click enter this code](/assets/images/help/2fa/totp-click-enter-code.png)
9. The TOTP mobile application saves your {{ site.data.variables.product.product_name }} account and generates a new authentication code every few seconds. On {{ site.data.variables.product.product_name }}, on the 2FA page, type the code and click **Enable**.
![TOTP Enable field](/assets/images/help/2fa/totp-enter-code.png)
{{ site.data.reusables.two_fa.test_2fa_immediately }}
{% if currentVersion == "free-pro-team@latest" %}
### Configuring two-factor authentication using text messages
If you're unable to authenticate using a TOTP mobile app, you can authenticate using SMS messages. You can also provide a second number for a fallback device. If you lose access to both your primary device and your recovery codes, a backup SMS number can get you back in to your account.
Before using this method, be sure that you can receive text messages. Carrier rates may apply.
{% warning %}
**Warning:** We **strongly recommend** using a TOTP application for two-factor authentication instead of SMS. {{ site.data.variables.product.product_name }} doesn't support sending SMS messages to phones in every country. Before configuring authentication via text message, review the list of countries where {{ site.data.variables.product.product_name }} supports authentication via SMS. For more information, see "[Countries where SMS authentication is supported](/articles/countries-where-sms-authentication-is-supported)".
{% endwarning %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.security }}
{{ site.data.reusables.two_fa.enable-two-factor-authentication }}
4. On the Two-factor authentication page, click **Set up using SMS**.
{{ site.data.reusables.two_fa.save_your_recovery_codes_during_2fa_setup }}
7. Select your country code and type your mobile phone number, including the area code. When your information is correct, click **Send authentication code**.
![2FA SMS screen](/assets/images/help/2fa/2fa_sms_photo.png)
8. You'll receive a text message with a security code. Type the code on the Two-factor authentication page, and click **Enable**.
![2FA SMS continue field](/assets/images/help/2fa/2fa-sms-code-enable.png)
{{ site.data.reusables.two_fa.test_2fa_immediately }}
{% endif %}
### Configuring two-factor authentication using a security key
{{ site.data.reusables.two_fa.after-2fa-add-security-key }}
On most devices and browsers, you can use a physical security key over USB or NFC. Some browsers can use the fingerprint reader, facial recognition, or password/PIN on your device as a security key.
Authentication with a security key is *secondary* to authentication with a TOTP application{% if currentVersion == "free-pro-team@latest" %} or a text message{% endif %}. If you lose your security key, you'll still be able to use your phone's code to sign in.
1. You must have already configured 2FA via a TOTP mobile app{% if currentVersion == "free-pro-team@latest" %} or via SMS{% endif %}.
2. Ensure that you have a {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.18" %}WebAuthn{% else %}FIDO U2F{% endif %} compatible security key inserted into your computer.
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.security }}
5. Next to "Security keys", click **Add**.
![Add security keys option](/assets/images/help/2fa/add-security-keys-option.png)
6. Under "Security keys", click **Register new security key**.
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.18" %}
![Registering a new security key](/assets/images/help/2fa/security-key-register.png)
{% else %}
![Registering a new FIDO U2F device](/assets/images/help/2fa/register_new_fido_u2f_device.png)
{% endif %}
7. Type a nickname for the security key, then click **Add**.
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.18" %}
![Providing a nickname for a security key](/assets/images/help/2fa/security-key-nickname.png)
{% else %}
![Providing a nickname for a FIDO U2F device](/assets/images/help/2fa/fido_u2f_nickname.png)
{% endif %}
8. Activate your security key, following your security key's documentation.
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.18" %}
![Prompt for a security key](/assets/images/help/2fa/security-key-prompt.png)
{% else %}
![Prompt for a FIDO U2F device](/assets/images/help/2fa/fido_u2f_prompt_key.png)
{% endif %}
9. Confirm that you've downloaded and can access your recovery codes. If you haven't already, or if you'd like to generate another set of codes, download your codes and save them in a safe place. If you lose access to your account, you can use your recovery codes to get back into your account. For more information, see "[Recovering your account if you lose your 2FA credentials](/articles/recovering-your-account-if-you-lose-your-2fa-credentials)."
![Download recovery codes button](/assets/images/help/2fa/2fa-recover-during-setup.png)
{{ site.data.reusables.two_fa.test_2fa_immediately }}
### Further reading
- "[About two-factor authentication](/articles/about-two-factor-authentication)"
- "[Configuring two-factor authentication recovery methods](/articles/configuring-two-factor-authentication-recovery-methods)"
- "[Accessing {{ site.data.variables.product.prodname_dotcom }} using two-factor authentication](/articles/accessing-github-using-two-factor-authentication)"
- "[Recovering your account if you lose your 2FA credentials](/articles/recovering-your-account-if-you-lose-your-2fa-credentials)"
- "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)"

18
content/github/authenticating-to-github/connecting-to-github-with-ssh.md Normal file
View File

@@ -0,0 +1,18 @@
---
title: Connecting to GitHub with SSH
intro: 'You can connect to {{ site.data.variables.product.product_name }} using SSH.'
redirect_from:
- /key-setup-redirect/
- /linux-key-setup/
- /mac-key-setup/
- /msysgit-key-setup/
- /articles/ssh-key-setup/
- /articles/generating-ssh-keys/
- /articles/generating-an-ssh-key/
- /articles/connecting-to-github-with-ssh
mapTopic: true
versions:
free-pro-team: '*'
enterprise-server: '*'
---

70
content/github/authenticating-to-github/connecting-with-third-party-applications.md Normal file
View File

@@ -0,0 +1,70 @@
---
title: Connecting with third-party applications
intro: 'You can connect your {{ site.data.variables.product.product_name }} identity to third-party applications using OAuth. When authorizing one of these applications, you should ensure you trust the application, review who it''s developed by, and review the kinds of information the application wants to access.'
redirect_from:
- /articles/connecting-with-third-party-applications
versions:
free-pro-team: '*'
enterprise-server: '*'
---
When a third-party application wants to identify you by your {{ site.data.variables.product.product_name }} login, you'll see a page with the developer contact information and a list of the specific data that's being requested.
### Contacting the application developer
Because an application is developed by a third-party who isn't {{ site.data.variables.product.product_name }}, we don't know exactly how an application uses the data it's requesting access to. You can use the developer information at the top of the page to contact the application admin if you have questions or concerns about their application.
![{{ site.data.variables.product.prodname_oauth_app }} owner information](/assets/images/help/platform/oauth_owner_bar.png)
If the developer has chosen to supply it, the right-hand side of the page provides a detailed description of the application, as well as its associated website.
![OAuth application information and website](/assets/images/help/platform/oauth_app_info.png)
### Types of application access and data
Applications can have *read* or *write* access to your {{ site.data.variables.product.product_name }} data.
- **Read access** only allows an application to *look at* your data.
- **Write access** allows an application to *change* your data.
#### About OAuth scopes
*Scopes* are named groups of permissions that an application can request to access both public and non-public data.
When you want to use a third-party application that integrates with {{ site.data.variables.product.product_name }}, that application lets you know what type of access to your data will be required. If you grant access to the application, then the application will be able to perform actions on your behalf, such as reading or modifying data. For example, if you want to use an app that requests `user:email` scope, the app will have read-only access to your private email addresses. For more information, see "[About scopes for {{ site.data.variables.product.prodname_oauth_app }}s](//apps/building-integrations/setting-up-and-registering-oauth-apps/about-scopes-for-oauth-apps)."
{% tip %}
**Note:** Currently, you can't scope source code access to read-only.
{% endtip %}
#### Types of requested data
There are several types of data that applications can request.
![OAuth access details](/assets/images/help/platform/oauth_access_types.png)
{% tip %}
**Tip:** {{ site.data.reusables.user_settings.review_oauth_tokens_tip }}
{% endtip %}
| Type of data | Description |
| --- | --- |
| Commit status | You can grant access for a third-party application to report your commit status. Commit status access allows applications to determine if a build is a successful against a specific commit. Applications won't have access to your code, but they <em>can</em> read and write status information against a specific commit. |
| Deployments | Deployment status access allows applicationss to determine if a deployment is successful against a specific commit for public and private repositories. Applicationss won't have access to your code. |
| Gists | [Gist](https://gist.github.com) access allows applications to read or write to both your public and secret Gists. |
| Hooks | [Webhooks](/webhooks) access allows applications to read or write hook configurations on repositories you manage. |
| Notifications | Notification access allows applicationss to read your {{ site.data.variables.product.product_name }} notifications, such as comments on issues and pull requests. However, applications remain unable to access anything in your repositories. |
| Organizations and teams | Organization and teams access allows apps to access and manage organization and team membership. |
| Personal user data | User data includes information found in your user profile, like your name, e-mail address, and location. |
| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Applications can request access for either public or private repositories on a user-wide level. |
| Repository delete | Applications can request to delete repositories that you administer, but they won't have access to your code. |
### Requesting updated permissions
Applications can request new access privileges. When asking for updated permissions, the application will notify you of the differences.
![Changing third-party application access](/assets/images/help/platform/oauth_existing_access_pane.png)

134
content/github/authenticating-to-github/countries-where-sms-authentication-is-supported.md Normal file
View File

@@ -0,0 +1,134 @@
---
title: Countries where SMS authentication is supported
intro: 'Because of delivery success rates, {{ site.data.variables.product.product_name }} only supports two-factor authentication via SMS for certain countries.'
redirect_from:
- /articles/countries-where-sms-authentication-is-supported
versions:
free-pro-team: '*'
---
If we don't support two-factor authentication via text message for your country of residence, you can set up authentication via a TOTP mobile application. For more information, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)."
### Supported countries for SMS authentication
If your country is not on this list, then we aren't currently able to reliably deliver text messages to your country. We update this list periodically.
<ul style="-webkit-column-count: 3; -moz-column-count: 3; column-count: 3;">
<li>Aland Islands</li>
<li>Algeria</li>
<li>Angola</li>
<li>Anguilla</li>
<li>Australia</li>
<li>Austria</li>
<li>Bahamas</li>
<li>Bahrain</li>
<li>Bangladesh</li>
<li>Belarus</li>
<li>Belgium</li>
<li>Benin</li>
<li>Bolivia</li>
<li>Bosnia and Herzegovina</li>
<li>Brunei</li>
<li>Bulgaria</li>
<li>Burundi</li>
<li>Cambodia</li>
<li>Canada</li>
<li>Cape Verde</li>
<li>Cayman Islands</li>
<li>Christmas Island</li>
<li>Cocos</li>
<li>Congo, Dem Rep</li>
<li>Croatia</li>
<li>Cyprus</li>
<li>Czech Republic</li>
<li>Denmark</li>
<li>Dominica</li>
<li>Dominican Republic</li>
<li>Ecuador</li>
<li>Equatorial Guinea</li>
<li>Estonia</li>
<li>Finland/Aland Islands</li>
<li>France</li>
<li>Gambia</li>
<li>Georgia</li>
<li>Germany</li>
<li>Ghana</li>
<li>Gibraltar</li>
<li>Greece</li>
<li>Guatemala</li>
<li>Guyana</li>
<li>Hungary</li>
<li>Iceland</li>
<li>India</li>
<li>Indonesia</li>
<li>Iran</li>
<li>Ireland</li>
<li>Israel</li>
<li>Italy</li>
<li>Ivory Coast</li>
<li>Jamaica</li>
<li>Japan</li>
<li>Jordan</li>
<li>Kazakhstan</li>
<li>Kuwait</li>
<li>Latvia</li>
<li>Libya</li>
<li>Liechtenstein</li>
<li>Lithuania</li>
<li>Luxembourg</li>
<li>Madagascar</li>
<li>Malawi</li>
<li>Malaysia</li>
<li>Maldives</li>
<li>Mali</li>
<li>Malta</li>
<li>Mauritius</li>
<li>Mexico</li>
<li>Monaco</li>
<li>Montenegro</li>
<li>Montserrat</li>
<li>Mozambique</li>
<li>Namibia</li>
<li>Netherlands</li>
<li>Netherlands Antilles</li>
<li>New Zealand</li>
<li>Nigeria</li>
<li>Norway</li>
<li>Philippines</li>
<li>Poland</li>
<li>Portugal</li>
<li>Qatar</li>
<li>Romania</li>
<li>Russia</li>
<li>Rwanda</li>
<li>Senegal</li>
<li>Serbia</li>
<li>Seychelles</li>
<li>Singapore</li>
<li>Slovakia</li>
<li>Slovenia</li>
<li>South Africa</li>
<li>South Korea</li>
<li>Spain</li>
<li>Sri Lanka</li>
<li>St Lucia</li>
<li>Sudan</li>
<li>Sweden</li>
<li>Switzerland</li>
<li>Taiwan</li>
<li>Tanzania</li>
<li>Togo</li>
<li>Trinidad and Tobago</li>
<li>Turks and Caicos Islands</li>
<li>Uganda</li>
<li>Ukraine</li>
<li>United Arab Emirates</li>
<li>United Kingdom</li>
<li>United States</li>
<li>Uzbekistan</li>
<li>Venezuela</li>
</ul>
### Further reading
- "[About two-factor authentication](/articles/about-two-factor-authentication)"

55
content/github/authenticating-to-github/creating-a-personal-access-token.md Normal file
View File

@@ -0,0 +1,55 @@
---
title: Creating a personal access token
intro: You should create a personal access token to use in place of a password with the command line or with the API.
redirect_from:
- /articles/creating-an-oauth-token-for-command-line-use/
- /articles/creating-an-access-token-for-command-line-use/
- /articles/creating-a-personal-access-token-for-the-command-line
- /github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
versions:
free-pro-team: '*'
enterprise-server: '*'
---
Personal access tokens (PATs) are an alternative to using passwords for authentication to {{ site.data.variables.product.product_name }} when using the [GitHub API](/v3/auth/#via-oauth-and-personal-access-tokens) or the [command line](#using-a-token-on-the-command-line).
{% if currentVersion == "free-pro-team@latest" %}If you want to use a PAT to access resources owned by an organization that uses SAML SSO, you must authorize the PAT. For more information, see "[About authentication with SAML single sign-on](/articles/about-authentication-with-saml-single-sign-on)" and "[Authorizing a personal access token for use with SAML single sign-on](/articles/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)."{% endif %}
{% if currentVersion == "free-pro-team@latest" %}{{ site.data.reusables.user_settings.removes-personal-access-tokens }}{% endif %}
### Creating a token
{% if currentVersion == "free-pro-team@latest" %}1. [Verify your email address](/articles/verifying-your-email-address), if it hasn't been verified yet.{% endif %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.developer_settings }}
{{ site.data.reusables.user_settings.personal_access_tokens }}
4. Click **Generate new token**.
![Generate new token button](/assets/images/help/settings/generate_new_token.png)
5. Give your token a descriptive name.
![Token description field](/assets/images/help/settings/token_description.png)
6. Select the scopes, or permissions, you'd like to grant this token. To use your token to access repositories from the command line, select **repo**.
![Selecting token scopes](/assets/images/help/settings/token_scopes.gif)
7. Click **Generate token**.
![Generate token button](/assets/images/help/settings/generate_token.png)
8. Click {% octicon "clippy" aria-label="The copy to clipboard icon" %} to copy the token to your clipboard. For security reasons, after you navigate off the page, you will not be able to see the token again.{% if currentVersion == "free-pro-team@latest" %}
![Newly created token](/assets/images/help/settings/personal_access_tokens.png){% else %}
![Newly created token](/assets/images/help/settings/personal_access_tokens_ghe.png){% endif %}
{% warning %}
**Warning:** Treat your tokens like passwords and keep them secret. When working with the API, use tokens as environment variables instead of hardcoding them into your programs.
{% endwarning %}
{% if currentVersion == "free-pro-team@latest" %}9. To use your token to authenticate to an organization that uses SAML SSO, [authorize the token for use with a SAML single-sign-on organization](/articles/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on).{% endif %}
### Using a token on the command line
{{ site.data.reusables.command_line.providing-token-as-password }}
Personal access tokens can only be used for HTTPS Git operations. If your repository uses an SSH remote URL, you will need to [switch the remote from SSH to HTTPS](/articles/changing-a-remote-s-url/#switching-remote-urls-from-ssh-to-https).
If you are not prompted for your username and password, your credentials may be cached on your computer. You can [update your credentials in the Keychain](/articles/updating-credentials-from-the-osx-keychain) to replace your old password with the token.
### Further reading
- "[About authentication to GitHub](/github/authenticating-to-github/about-authentication-to-github)"

31
content/github/authenticating-to-github/creating-a-strong-password.md Normal file
View File

@@ -0,0 +1,31 @@
---
title: Creating a strong password
intro: 'Secure your {{ site.data.variables.product.product_name }} account with a strong and unique password using a password manager.'
redirect_from:
- /articles/what-is-a-strong-password/
- /articles/creating-a-strong-password
versions:
free-pro-team: '*'
enterprise-server: '*'
---
You must choose or generate a password for your {{ site.data.variables.product.product_name }} account that is:
- Eight characters long, if it includes a number and a lowercase letter, or
- 16 characters long with any combination of characters
To keep your account secure, we recommend you follow these best practices:
- Use a password manager, such as [LastPass](https://lastpass.com/) or [1Password](https://1password.com/), to generate a password more than 16 characters.
- Generate a unique password for {{ site.data.variables.product.product_name }}. If you use your {{ site.data.variables.product.product_name }} password elsewhere and that service is compromised, then attackers or other malicious actors could use that information to access your {{ site.data.variables.product.product_name }} account.
- Configure two-factor authentication for your personal account. For more information, see "[About two-factor authentication](/articles/about-two-factor-authentication)."
- Never share your password, even with a potential collaborator. Each person should use their own personal account on {{ site.data.variables.product.product_name }}. For more information on ways to collaborate, see: "[Inviting collaborators to a personal repository](/articles/inviting-collaborators-to-a-personal-repository)," "[About collaborative development models](/articles/about-collaborative-development-models/)," or "[Collaborating with groups in organizations](/articles/collaborating-with-groups-in-organizations/)."
{{ site.data.reusables.repositories.blocked-passwords }}
You can only use your password to log on to {{ site.data.variables.product.product_name }} using your browser. When you authenticate to {{ site.data.variables.product.product_name }} with other means, such as the command line or API, you should use other credentials. For more information, see "[About authentication to {{ site.data.variables.product.prodname_dotcom }}](/github/authenticating-to-github/about-authentication-to-github)."
{% if currentVersion == "free-pro-team@latest" %}{{ site.data.reusables.user_settings.password-authentication-deprecation }}{% endif %}
### Further reading
- "[Caching your {{ site.data.variables.product.product_name }} credentials in Git](/github/using-git/caching-your-github-credentials-in-git/)"
- "[Keeping your account and data secure](/articles/keeping-your-account-and-data-secure/)"

14
content/github/authenticating-to-github/deleted-or-missing-ssh-keys.md Normal file
View File

@@ -0,0 +1,14 @@
---
title: Deleted or missing SSH keys
intro: 'As a security precaution, {{ site.data.variables.product.prodname_dotcom }} automatically deletes SSH keys that haven''t been used in a year.'
redirect_from:
- /articles/deleted-or-missing-ssh-keys
versions:
free-pro-team: '*'
---
{{ site.data.variables.product.prodname_dotcom }} automatically deletes inactive SSH keys to help keep accounts safe, such as after someone leaves a job or loses a computer.
You can check if you haven't used an SSH key in a year by reviewing your account's security log. For more information, see "[Reviewing your security log](/articles/reviewing-your-security-log/)."
After your inactive SSH key is deleted, you must generate a new SSH key and associate it with your account. For more information, see "[Generating a new SSH key and adding it to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/)" and "[Adding a new SSH key to your GitHub account](/articles/adding-a-new-ssh-key-to-your-github-account/)."

34
content/github/authenticating-to-github/disabling-two-factor-authentication-for-your-personal-account.md Normal file
View File

@@ -0,0 +1,34 @@
---
title: Disabling two-factor authentication for your personal account
intro: 'If you disable two-factor authentication for your personal account, you may lose access to organizations you belong to.'
redirect_from:
- /articles/disabling-two-factor-authentication-for-your-personal-account
versions:
free-pro-team: '*'
enterprise-server: '*'
---
We strongly recommend using two-factor authentication to secure your account. If you need to disable 2FA, we recommend re-enabling it as soon as possible.
{% warning %}
**Warning:** If you're a member{% if currentVersion == "free-pro-team@latest" %}, billing manager,{% endif %} or outside collaborator to a public repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication and contact an organization owner.
{% endwarning %}
If your organization requires two-factor authentication and you're a member, owner, or an outside collaborator on a private repository of your organization, you must first leave your organization before you can disable two-factor authentication.
To remove yourself from your organization:
- As an organization member or owner, see "[Removing yourself from an organization](/articles/removing-yourself-from-an-organization/)."
- As an outside collaborator, ask an organization owner or repository administrator to remove you from the organization's repositories. For more information, see "[Viewing people's roles in an organization](/articles/viewing-people-s-roles-in-an-organization)" and "[Removing an outside collaborator from an organization repository](/articles/removing-an-outside-collaborator-from-an-organization-repository/)."
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.security }}
3. Click **Disable**.
![Disable two-factor authentication button](/assets/images/help/2fa/disable-two-factor-authentication.png)
### Further reading
- "[About two-factor authentication](/articles/about-two-factor-authentication)"
- "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)"
- "[Configuring two-factor authentication recovery methods](/articles/configuring-two-factor-authentication-recovery-methods)"

46
content/github/authenticating-to-github/error-agent-admitted-failure-to-sign.md Normal file
View File

@@ -0,0 +1,46 @@
---
title: 'Error: Agent admitted failure to sign'
intro: 'In rare circumstances, connecting to {{ site.data.variables.product.product_name }} via SSH on Linux produces the error `"Agent admitted failure to sign using the key"`. Follow these steps to resolve the problem.'
redirect_from:
- /articles/error-agent-admitted-failure-to-sign-using-the-key/
- /articles/error-agent-admitted-failure-to-sign
versions:
free-pro-team: '*'
enterprise-server: '*'
---
When trying to SSH into {{ site.data.variables.product.product_location }} on a Linux computer, you may see the following message in your terminal:
```shell
$ ssh -vT git@{{ site.data.variables.command_line.codeblock }}
> ...
> Agent admitted failure to sign using the key.
> debug1: No more authentication methods to try.
> Permission denied (publickey).
```
For more details, see <a href="https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/201786" data-proofer-ignore>this issue report</a>.
### Resolution
You should be able to fix this error by loading your keys into your SSH agent with `ssh-add`:
```shell
# start the ssh-agent in the background
$ eval "$(ssh-agent -s)"
> Agent pid 59566
$ ssh-add
> Enter passphrase for /home/<em>you</em>/.ssh/id_rsa: <em>[tippy tap]</em>
> Identity added: /home/<em>you</em>/.ssh/id_rsa (/home/<em>you</em>/.ssh/id_rsa)
```
If your key does not have the default filename (`/.ssh/id_rsa`), you'll have to pass that path to `ssh-add`:
```shell
# start the ssh-agent in the background
$ eval "$(ssh-agent -s)"
> Agent pid 59566
$ ssh-add ~/.ssh/my_other_key
> Enter passphrase for /home/<em>you</em>/.ssh/my_other_key: <em>[tappity tap tap]</em>
> Identity added: /home/<em>you</em>/.ssh/my_other_key (/home/<em>you</em>/.ssh/my_other_key)
```

55
content/github/authenticating-to-github/error-bad-file-number.md Normal file
View File

@@ -0,0 +1,55 @@
---
title: 'Error: Bad file number'
intro: This error usually means you were unable to connect to the server. Often this is caused by firewalls and proxy servers.
redirect_from:
- /articles/error-bad-file-number
versions:
free-pro-team: '*'
enterprise-server: '*'
---
When running remote Git commands or SSH, your connection might time out:
```shell
$ ssh -vT git@{{ site.data.variables.command_line.codeblock }}
> OpenSSH_5.8p1, OpenSSL 1.0.0d 8 Feb 2011
> debug1: Connecting to {{ site.data.variables.command_line.codeblock }} [207.97.227.239] port 22.
> debug1: connect to address 207.97.227.239 port 22: Connection timed out
> ssh: connect to host {{ site.data.variables.command_line.codeblock }} port 22: Connection timed out
> ssh: connect to host {{ site.data.variables.command_line.codeblock }} port 22: Bad file number
```
### Solving the issue
#### Use HTTPS
Often, the simplest solution is to simply avoid SSH entirely. Most firewalls and proxies allow HTTPS traffic without issue. To take advantage of this, change [the remote URL](/articles/which-remote-url-should-i-use) you're using:
```shell
$ git clone https://{{ site.data.variables.command_line.codeblock }}/<em>username</em>/<em>reponame</em>.git
> Cloning into 'reponame'...
> remote: Counting objects: 84, done.
> remote: Compressing objects: 100% (45/45), done.
> remote: Total 84 (delta 43), reused 78 (delta 37)
> Unpacking objects: 100% (84/84), done.
```
#### Test from a different network
If you can connect the computer to another network that doesn't have a firewall, you can try testing your SSH connection to {{ site.data.variables.product.product_name }}. If everything works as it should, contact your network administrator for help on changing the firewall settings to allow your SSH connection to {{ site.data.variables.product.product_name }} to succeed.
{% if currentVersion == "free-pro-team@latest" %}
#### Using SSH over the HTTPS port
If using HTTPS is not an option, and your firewall admin refuses to allow SSH connections, you can try using [SSH over the HTTPS port](/articles/using-ssh-over-the-https-port) instead.
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
### Further reading
- "[Troubleshooting connectivity problems](/articles/troubleshooting-connectivity-problems)"
{% endif %}

32
content/github/authenticating-to-github/error-key-already-in-use.md Normal file
View File

@@ -0,0 +1,32 @@
---
title: 'Error: Key already in use'
intro: 'This error occurs when you try to [add a key](/articles/adding-a-new-ssh-key-to-your-github-account) that''s already been added to another account or repository.'
redirect_from:
- /articles/error-key-already-in-use
versions:
free-pro-team: '*'
enterprise-server: '*'
---
### Finding where the key has been used
To determine where the key has already been used, open a terminal and type the `ssh` command. Use the `-i` flag to provide the path to the key you want to check:
```shell
$ ssh -T -ai <em>~/.ssh/id_rsa</em> git@{{ site.data.variables.command_line.codeblock }}
# Connect to {{ site.data.variables.product.product_location }} using a specific ssh key
> Hi <em>username</em>! You've successfully authenticated, but GitHub does not
> provide shell access.
```
The *username* in the response is the {{ site.data.variables.product.product_name }} account that the key is currently attached to. If the response looks something like "username/repo", the key has been attached to a repository as a [*deploy key*](/guides/managing-deploy-keys#deploy-keys).
### Fixing the issue
To resolve the issue, first remove the key from the other account or repository and then [add it to your account](/articles/adding-a-new-ssh-key-to-your-github-account).
If you don't have permissions to transfer the key, and can't contact a user who does, remove the keypair and [generate a brand new one](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
### Deploy keys
Once a key has been attached to one repository as a deploy key, it cannot be used on another repository. If you're running into this error while setting up deploy keys, see "[Managing deploy keys](/guides/managing-deploy-keys)."

249
content/github/authenticating-to-github/error-permission-denied-publickey.md Normal file
View File

@@ -0,0 +1,249 @@
---
title: 'Error: Permission denied (publickey)'
intro: 'A "Permission denied" error means that the server rejected your connection. There could be several reasons why, and the most common examples are explained below.'
redirect_from:
- /articles/error-permission-denied-publickey
versions:
free-pro-team: '*'
enterprise-server: '*'
---
### Should the `sudo` command be used with Git?
You should not be using the `sudo` command with Git. If you have a *very good reason* you must use `sudo`, then ensure you are using it with every command (it's probably just better to use `su` to get a shell as root at that point). If you [generate SSH keys](/articles/generating-an-ssh-key) without `sudo` and then try to use a command like `sudo git push`, you won't be using the same keys that you generated.
### Check that you are connecting to the correct server
Typing is hard, we all know it. Pay attention to what you type; you won't be able to connect to "githib.com" or "guthub.com". In some cases, a corporate network may cause issues resolving the DNS record as well.
To make sure you are connecting to the right domain, you can enter the following command:
```shell
$ ssh -vT git@{{ site.data.variables.command_line.codeblock }}
> OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
> debug1: Reading configuration data /Users/<em>you</em>/.ssh/config
> debug1: Reading configuration data /etc/ssh_config
> debug1: Applying options for *
> debug1: Connecting to {{ site.data.variables.command_line.codeblock }} [IP ADDRESS] port 22.
```
The connection should be made on port 22{% if currentVersion == "free-pro-team@latest" %}, unless you're overriding settings to use [SSH over HTTPS](/articles/using-ssh-over-the-https-port){% endif %}.
### Always use the "git" user
All connections, including those for remote URLs, must be made as the "git" user. If you try to connect with your {{ site.data.variables.product.product_name }} username, it will fail:
```shell
$ ssh -T <em>GITHUB-USERNAME</em>@{{ site.data.variables.command_line.codeblock }}
> Permission denied (publickey).
```
If your connection failed and you're using a remote URL with your {{ site.data.variables.product.product_name }} username, you can [change the remote URL to use the "git" user](/articles/changing-a-remote-s-url/).
You should verify your connection by typing:
```shell
$ ssh -T git@{{ site.data.variables.command_line.codeblock }}
> Hi <em>username</em>! You've successfully authenticated...
```
### Make sure you have a key that is being used
{% mac %}
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
2. Verify that you have a private key generated and loaded into SSH. If you're using OpenSSH 6.7 or older:
```shell
# start the ssh-agent in the background
$ eval "$(ssh-agent -s)"
> Agent pid 59566
$ ssh-add -l
> 2048 <em>a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>you</em>/.ssh/id_rsa (RSA)
```
If you're using OpenSSH 6.8 or newer:
```shell
# start the ssh-agent in the background
$ eval "$(ssh-agent -s)"
> Agent pid 59566
$ ssh-add -l -E md5
> 2048 <em>MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>you</em>/.ssh/id_rsa (RSA)
```
{% endmac %}
{% windows %}
{{ site.data.reusables.desktop.windows_git_bash }}
1. {{ site.data.reusables.desktop.windows_git_bash_turn_on_ssh_agent }}
{{ site.data.reusables.desktop.windows_git_for_windows_turn_on_ssh_agent }}
2. Verify that you have a private key generated and loaded into SSH. If you're using OpenSSH 6.7 or older:
```shell
$ ssh-add -l
> 2048 <em>a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>you</em>/.ssh/id_rsa (RSA)
```
If you're using OpenSSH 6.8 or newer:
```shell
$ ssh-add -l -E md5
> 2048 <em>MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>you</em>/.ssh/id_rsa (RSA)
```
{% endwindows %}
{% linux %}
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
2. Verify that you have a private key generated and loaded into SSH. If you're using OpenSSH 6.7 or older:
```shell
# start the ssh-agent in the background
$ eval "$(ssh-agent -s)"
> Agent pid 59566
$ ssh-add -l
> 2048 <em>a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>you</em>/.ssh/id_rsa (RSA)
```
If you're using OpenSSH 6.8 or newer:
```shell
# start the ssh-agent in the background
$ eval "$(ssh-agent -s)"
> Agent pid 59566
$ ssh-add -l -E md5
> 2048 <em>MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>you</em>/.ssh/id_rsa (RSA)
```
{% endlinux %}
The `ssh-add` command *should* print out a long string of numbers and letters. If it does not print anything, you will need to [generate a new SSH key](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) and associate it with {{ site.data.variables.product.product_name }}.
{% tip %}
**Tip**: On most systems the default private keys (`~/.ssh/id_rsa`{% if currentVersion != "free-pro-team@latest" and currentVersion ver_lt "enterprise-server@2.19" %}, `~/.ssh/id_dsa`{% endif %} and `~/.ssh/identity`) are automatically added to the SSH authentication agent. You shouldn't need to run `ssh-add path/to/key` unless you override the file name when you generate a key.
{% endtip %}
#### Getting more details
You can also check that the key is being used by trying to connect to `git@{{ site.data.variables.command_line.backticks }}`:
```shell
$ ssh -vT git@{{ site.data.variables.command_line.codeblock }}
> ...
> debug1: identity file /Users/<em>you</em>/.ssh/id_rsa type -1
> debug1: identity file /Users/<em>you</em>/.ssh/id_rsa-cert type -1
> debug1: identity file /Users/<em>you</em>/.ssh/id_dsa type -1
> debug1: identity file /Users/<em>you</em>/.ssh/id_dsa-cert type -1
> ...
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /Users/<em>you</em>/.ssh/id_rsa
> debug1: Trying private key: /Users/<em>you</em>/.ssh/id_dsa
> debug1: No more authentication methods to try.
> Permission denied (publickey).
```
In that example, we did not have any keys for SSH to use. The "-1" at the end of the "identity file" lines means SSH couldn't find a file to use. Later on, the "Trying private key" lines also indicate that no file was found. If a file existed, those lines would be "1" and "Offering public key", respectively:
```shell
$ ssh -vT git@{{ site.data.variables.command_line.codeblock }}
> ...
> debug1: identity file /Users/<em>you</em>/.ssh/id_rsa type 1
> ...
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /Users/<em>you</em>/.ssh/id_rsa
```
### Verify the public key is attached to your account
You must provide your public key to {{ site.data.variables.product.product_name }} to establish a secure connection.
{% mac %}
1. Open Terminal.
2. Start SSH agent in the background.
```shell
$ eval "$(ssh-agent -s)"
> Agent pid 59566
```
3. Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:
```shell
$ ssh-add -l
> 2048 <em>a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
If you're using OpenSSH 6.8 or newer:
```shell
$ ssh-add -l -E md5
> 2048 <em>MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
6. Compare the list of SSH keys with the output from the `ssh-add` command.
![SSH key listing in {{ site.data.variables.product.product_name }}](/assets/images/help/settings/ssh_key_listing.png)
{% endmac %}
{% windows %}
1. Open the command line.
2. Start SSH agent in the background.
```shell
$ ssh-agent -s
> Agent pid 59566
```
3. Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:
```shell
$ ssh-add -l
> 2048 <em>a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
If you're using OpenSSH 6.8 or newer:
```shell
$ ssh-add -l -E md5
> 2048 <em>MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
6. Compare the list of SSH keys with the output from the `ssh-add` command.
![SSH key listing in {{ site.data.variables.product.product_name }}](/assets/images/help/settings/ssh_key_listing.png)
{% endwindows %}
{% linux %}
1. Open Terminal.
2. Start SSH agent in the background.
```shell
$ eval "$(ssh-agent -s)"
> Agent pid 59566
```
3. Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:
```shell
$ ssh-add -l
> 2048 <em>a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
If you're using OpenSSH 6.8 or newer:
```shell
$ ssh-add -l -E md5
> 2048 <em>MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
6. Compare the list of SSH keys with the output from the `ssh-add` command.
![SSH key listing in {{ site.data.variables.product.product_name }}](/assets/images/help/settings/ssh_key_listing.png)
{% endlinux %}
If you don't see your public key in {{ site.data.variables.product.product_name }}, you'll need to [add your SSH key to {{ site.data.variables.product.product_name }}](/articles/adding-a-new-ssh-key-to-your-github-account) to associate it with your computer.
{% warning %}
**Warning**: If you see an SSH key you're not familiar with on {{ site.data.variables.product.product_name }}, delete it immediately and contact {{ site.data.variables.contact.contact_support }}, for further help. An unidentified public key may indicate a possible security concern. For more information, see "[Reviewing your SSH keys](/articles/reviewing-your-ssh-keys)."
{% endwarning %}

12
content/github/authenticating-to-github/error-permission-to-userrepo-denied-to-other-user.md Normal file
View File

@@ -0,0 +1,12 @@
---
title: 'Error: Permission to user/repo denied to other-user'
intro: This error means the key you are pushing with is attached to an account which does not have access to the repository.
redirect_from:
- /articles/error-permission-to-user-repo-denied-to-other-user
- /articles/error-permission-to-userrepo-denied-to-other-user
versions:
free-pro-team: '*'
enterprise-server: '*'
---
To fix this, the owner of the repository (`user`) needs to add your account (`other-user`) as a collaborator on the repository or to a team that has write access to the repository.

14
content/github/authenticating-to-github/error-permission-to-userrepo-denied-to-userother-repo.md Normal file
View File

@@ -0,0 +1,14 @@
---
title: 'Error: Permission to user/repo denied to user/other-repo'
intro: 'This error means the key you are pushing with is attached to another repository as a deploy key, and does not have access to the repository you are trying to push to.'
redirect_from:
- /articles/error-permission-to-user-repo-denied-to-user-other-repo
- /articles/error-permission-to-userrepo-denied-to-userother-repo
versions:
free-pro-team: '*'
enterprise-server: '*'
---
To fix this, remove the deploy key from the repository, and [add the key to your user account](/articles/adding-a-new-ssh-key-to-your-github-account) instead.
If the key you are using is intended to be a deploy key, check out [our guide on deploy keys](/guides/managing-deploy-keys) for more details.

32
content/github/authenticating-to-github/error-ssh-add-illegal-option----k.md Normal file
View File

@@ -0,0 +1,32 @@
---
title: 'Error: ssh-add: illegal option -- K'
intro: 'This error means your version of `ssh-add` does not support macOS keychain integration, which allows you to store your passphrase in the keychain.'
redirect_from:
- /articles/error-ssh-add-illegal-option-k
- /articles/error-ssh-add-illegal-option----k
versions:
free-pro-team: '*'
enterprise-server: '*'
---
The `-K` option is in Apple's standard version of `ssh-add`, which stores the passphrase in your keychain for you when you add an ssh key to the ssh-agent. If you have installed a different version of `ssh-add`, it may lack support for `-K`.
### Solving the issue
To add your SSH private key to the ssh-agent, you can specify the path to the Apple version of `ssh-add`:
```shell
$ /usr/bin/ssh-add -K ~/.ssh/id_rsa
```
{% note %}
**Note:** {{ site.data.reusables.ssh.add-ssh-key-to-ssh-agent }}
{% endnote %}
### Further reading
- "[Generating a new SSH key and adding it to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)"
- [Linux man page for SSH-ADD](http://man7.org/linux/man-pages/man1/ssh-add.1.html)
- To view Apple's man page for SSH-ADD, run `man ssh-add` in Terminal

24
content/github/authenticating-to-github/error-ssl-certificate-problem-verify-that-the-ca-cert-is-ok.md Normal file
View File

@@ -0,0 +1,24 @@
---
title: 'Error: SSL certificate problem, verify that the CA cert is OK'
intro: 'This error means your CA root certificate is out of date. If your CA root certificate needs to be updated, you won''t be able to push or pull from {{ site.data.variables.product.product_name }} repositories.'
redirect_from:
- /articles/error-ssl-certificate-problem-verify-that-the-ca-cert-is-ok
versions:
free-pro-team: '*'
---
The error you receive may look like the following:
```shell
$ git push -u github.master
> fatal: 'github.master' does not appear to be a git repository
> fatal: The remote end hung up unexpectedly
$ git pull -u github
> error: SSL certificate problem, verify that the CA cert is OK. Details:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/tqisjim/google-oauth.git/info/refs
> fatal: HTTP request failed
```
A "CA" is shorthand for a "certificate authority," a third-party group responsible for handling secure connections around the web. They establish digital "certificates," which are a way of ensuring that there are valid connections between two machines (like your computer and GitHub.com). Without a certificate, the security risk between two machines is greater.
When you receive this error, it likely means that your CA is out-of-date and needs to be updated. Generally, updating your operating system also updates your CA, and solves the problem.

24
content/github/authenticating-to-github/error-were-doing-an-ssh-key-audit.md Normal file
View File

@@ -0,0 +1,24 @@
---
title: 'Error: We''re doing an SSH key audit'
intro: This error means the SSH key you're using to perform a Git operation is unverified.
redirect_from:
- /articles/error-we-re-doing-an-ssh-key-audit
- /articles/error-were-doing-an-ssh-key-audit
versions:
free-pro-team: '*'
enterprise-server: '*'
---
When using an unverified key to perform Git operations, you will be prompted to perform an audit of your SSH keys.
```shell
ERROR: We're doing an SSH key audit.
Reason: unverified due to lack of use
Please visit https://github.com/settings/ssh
to approve this key so we know it's safe.
Fingerprint: ab:08:46:83:ff:f6:c4:f8:a9:4e:68:6b:94:17:f2:46
fatal: could not read from remote repository
```
### Solving the issue
To fix this, you need to [review your SSH keys](/articles/reviewing-your-ssh-keys) and either reject or approve the unverified key. Clicking the URL link in the error message brings you to the SSH Settings page, where the unverified SSH key is highlighted in the SSH key list.

62
content/github/authenticating-to-github/generating-a-new-gpg-key.md Normal file
View File

@@ -0,0 +1,62 @@
---
title: Generating a new GPG key
intro: 'If you don''t have an existing GPG key, you can generate a new GPG key to use for signing commits and tags.'
redirect_from:
- /articles/generating-a-new-gpg-key
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{{ site.data.reusables.gpg.supported-gpg-key-algorithms }}
### Generating a GPG key
{% note %}
**Note:** Before generating a new GPG key, make sure you've verified your email address. If you haven't verified your email address, you won't be able to sign commits and tags with GPG.{% if currentVersion == "free-pro-team@latest" %} For more information, see "[Verifying your email address](/articles/verifying-your-email-address)."{% endif %}
{% endnote %}
1. Download and install [the GPG command line tools](https://www.gnupg.org/download/) for your operating system. We generally recommend installing the latest version for your operating system.
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
3. Generate a GPG key pair. Since there are multiple versions of GPG, you may need to consult the relevant [_man page_](https://en.wikipedia.org/wiki/Man_page) to find the appropriate key generation command. Your key must use RSA.
- If you are on version 2.1.17 or greater, paste the text below to generate a GPG key pair.
```shell
$ gpg --full-generate-key
```
- If you are not on version 2.1.17 or greater, the `gpg --full-generate-key` command doesn't work. Paste the text below and skip to step 6.
```shell
$ gpg --default-new-key-algo rsa4096 --gen-key
```
4. At the prompt, specify the kind of key you want, or press `Enter` to accept the default `RSA and DSA`.
5. Enter the desired key size. Your key must be at least `4096` bits.
6. Enter the length of time the key should be valid. Press `Enter` to specify the default selection, indicating that the key doesn't expire.
7. Verify that your selections are correct.
8. Enter your user ID information.
{% note %}
**Note:** When asked to enter your email address, ensure that you enter the verified email address for your GitHub account. {{ site.data.reusables.gpg.private-email }} {% if currentVersion == "free-pro-team@latest" %} For more information, see "[Verifying your email address](/articles/verifying-your-email-address)" and "[Setting your commit email address](/articles/setting-your-commit-email-address)."{% endif %}
{% endnote %}
9. Type a secure passphrase.
{{ site.data.reusables.gpg.list-keys-with-note }}
{{ site.data.reusables.gpg.copy-gpg-key-id }}
10. Paste the text below, substituting in the GPG key ID you'd like to use. In this example, the GPG key ID is `3AA5C34371567BD2`:
```shell
$ gpg --armor --export <em>3AA5C34371567BD2</em>
# Prints the GPG key ID, in ASCII armor format
```
11. Copy your GPG key, beginning with `-----BEGIN PGP PUBLIC KEY BLOCK-----` and ending with `-----END PGP PUBLIC KEY BLOCK-----`.
12. [Add the GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account).
### Further reading
* "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
* "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
* "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
* "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
* "[Signing commits](/articles/signing-commits)"
* "[Signing tags](/articles/signing-tags)"

143
content/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md Normal file
View File

@@ -0,0 +1,143 @@
---
title: Generating a new SSH key and adding it to the ssh-agent
intro: 'After you''ve checked for existing SSH keys, you can generate a new SSH key to use for authentication, then add it to the ssh-agent.'
redirect_from:
- /articles/adding-a-new-ssh-key-to-the-ssh-agent/
- /articles/generating-a-new-ssh-key/
- /articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
versions:
free-pro-team: '*'
enterprise-server: '*'
---
If you don't already have an SSH key, you must [generate a new SSH key](#generating-a-new-ssh-key). If you're unsure whether you already have an SSH key, check for [existing keys](/articles/checking-for-existing-ssh-keys).
If you don't want to reenter your passphrase every time you use your SSH key, you can [add your key to the SSH agent](#adding-your-ssh-key-to-the-ssh-agent), which manages your SSH keys and remembers your passphrase.
### Generating a new SSH key
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
2. Paste the text below, substituting in your {{ site.data.variables.product.product_name }} email address.
```shell
$ ssh-keygen -t rsa -b 4096 -C "<em>your_email@example.com</em>"
```
This creates a new ssh key, using the provided email as a label.
```shell
> Generating public/private rsa key pair.
```
3. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location.
{% mac %}
```shell
> Enter a file in which to save the key (/Users/<em>you</em>/.ssh/id_rsa): <em>[Press enter]</em>
```
{% endmac %}
{% windows %}
```shell
> Enter a file in which to save the key (/c/Users/<em>you</em>/.ssh/id_rsa):<em>[Press enter]</em>
```
{% endwindows %}
{% linux %}
```shell
> Enter a file in which to save the key (/home/<em>you</em>/.ssh/id_rsa): <em>[Press enter]</em>
```
{% endlinux %}
4. At the prompt, type a secure passphrase. For more information, see ["Working with SSH key passphrases"](/articles/working-with-ssh-key-passphrases).
```shell
> Enter passphrase (empty for no passphrase): <em>[Type a passphrase]</em>
> Enter same passphrase again: <em>[Type passphrase again]</em>
```
### Adding your SSH key to the ssh-agent
Before adding a new SSH key to the ssh-agent to manage your keys, you should have [checked for existing SSH keys](/articles/checking-for-existing-ssh-keys) and [generated a new SSH key](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key). <span class="platform-mac">When adding your SSH key to the agent, use the default macOS `ssh-add` command, and not an application installed by [macports](https://www.macports.org/), [homebrew](http://brew.sh/), or some other external source.</span>
{% mac %}
1. {{ site.data.reusables.command_line.start_ssh_agent }}
2. If you're using macOS Sierra 10.12.2 or later, you will need to modify your `~/.ssh/config` file to automatically load keys into the ssh-agent and store passphrases in your keychain.
* First, check to see if your `~/.ssh/config` file exists in the default location.
```shell
$ open ~/.ssh/config
> The file /Users/<em>you</em>/.ssh/config does not exist.
```
* If the file doesn't exist, create the file.
```shell
$ touch ~/.ssh/config
```
* Open your `~/.ssh/config` file, then modify the file, replacing ` ~/.ssh/id_rsa` if you are not using the default location and name for your `id_rsa` key.
```
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
```
3. Add your SSH private key to the ssh-agent and store your passphrase in the keychain. {{ site.data.reusables.ssh.add-ssh-key-to-ssh-agent }}
```shell
$ ssh-add -K ~/.ssh/id_rsa
```
{% note %}
**Note:** The `-K` option is Apple's standard version of `ssh-add`, which stores the passphrase in your keychain for you when you add an ssh key to the ssh-agent.
If you don't have Apple's standard version installed, you may receive an error. For more information on resolving this error, see "[Error: ssh-add: illegal option -- K](/articles/error-ssh-add-illegal-option-k)."
{% endnote %}
4. [Add the SSH key to your GitHub account](/articles/adding-a-new-ssh-key-to-your-github-account).
{% endmac %}
{% windows %}
{{ site.data.reusables.desktop.windows_git_bash }}
1. Ensure the ssh-agent is running. You can use the "Auto-launching the ssh-agent" instructions in "[Working with SSH key passphrases](/articles/working-with-ssh-key-passphrases)", or start it manually:
```shell
# start the ssh-agent in the background
$ eval $(ssh-agent -s)
> Agent pid 59566
```
2. Add your SSH private key to the ssh-agent. {{ site.data.reusables.ssh.add-ssh-key-to-ssh-agent }}
{{ site.data.reusables.ssh.add-ssh-key-to-ssh-agent-commandline }}
3. [Add the SSH key to your GitHub account](/articles/adding-a-new-ssh-key-to-your-github-account).
{% endwindows %}
{% linux %}
1. {{ site.data.reusables.command_line.start_ssh_agent }}
2. Add your SSH private key to the ssh-agent. {{ site.data.reusables.ssh.add-ssh-key-to-ssh-agent }}
{{ site.data.reusables.ssh.add-ssh-key-to-ssh-agent-commandline }}
3. [Add the SSH key to your GitHub account](/articles/adding-a-new-ssh-key-to-your-github-account).
{% endlinux %}
### Further reading
- "[About SSH](/articles/about-ssh)"
- "[Working with SSH key passphrases](/articles/working-with-ssh-key-passphrases)"
{%- if currentVersion == "free-pro-team@latest" %}
- "[Authorizing an SSH key for use with SAML single sign-on](/articles/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)"
{%- endif %}

20
content/github/authenticating-to-github/githubs-ssh-key-fingerprints.md Normal file
View File

@@ -0,0 +1,20 @@
---
title: GitHub's SSH key fingerprints
intro: Public key fingerprints can be used to validate a connection to a remote server.
redirect_from:
- /articles/what-are-github-s-ssh-key-fingerprints/
- /articles/github-s-ssh-key-fingerprints
- /articles/githubs-ssh-key-fingerprints
versions:
free-pro-team: '*'
---
These are {{ site.data.variables.product.prodname_dotcom }}'s public key fingerprints (in hexadecimal format):
- `16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48` (RSA)
- `ad:1c:08:a4:40:e3:6f:9c:f5:66:26:5d:4b:33:5d:8c` (DSA)
These are the SHA256 hashes shown in OpenSSH 6.8 and newer (in base64 format):
- `SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8` (RSA)
- `SHA256:br9IjFspm1vxR3iA35FWE+4VTyz1hYVLIE2t1/CeyWQ` (DSA)

100
content/github/authenticating-to-github/index.md Normal file
View File

@@ -0,0 +1,100 @@
---
title: Authenticating to GitHub
shortTitle: Authentication
intro: 'Keep your account and data secure with features like two-factor authentication, SSH, and commit signature verification.'
redirect_from:
- /categories/56/articles/
- /categories/ssh/
- /mac-verify-ssh/
- /ssh-issues/
- /verify-ssh-redirect/
- /win-verify-ssh/
- /categories/92/articles/
- /categories/gpg/
- /categories/security/
- /categories/authenticating-to-github
versions:
free-pro-team: '*'
enterprise-server: '*'
---
### Table of Contents
{% topic_link_in_list /keeping-your-account-and-data-secure %}
{% link_in_list /about-authentication-to-github %}
{% link_in_list /creating-a-strong-password %}
{% link_in_list /updating-your-github-access-credentials %}
{% link_in_list /creating-a-personal-access-token %}
{% link_in_list /reviewing-your-ssh-keys %}
{% link_in_list /reviewing-your-deploy-keys %}
{% link_in_list /authorizing-oauth-apps %}
{% link_in_list /reviewing-your-authorized-integrations %}
{% link_in_list /connecting-with-third-party-applications %}
{% link_in_list /reviewing-your-authorized-applications-oauth %}
{% link_in_list /reviewing-your-security-log %}
{% link_in_list /removing-sensitive-data-from-a-repository %}
<!-- if currentVersion == "free-pro-team@latest" -->
{% link_in_list /about-anonymized-image-urls %}
{% link_in_list /about-githubs-ip-addresses %}
{% link_in_list /githubs-ssh-key-fingerprints %}
<!-- endif -->
{% link_in_list /sudo-mode %}
{% link_in_list /preventing-unauthorized-access %}
{% topic_link_in_list /securing-your-account-with-two-factor-authentication-2fa %}
{% link_in_list /about-two-factor-authentication %}
{% link_in_list /configuring-two-factor-authentication %}
{% link_in_list /configuring-two-factor-authentication-recovery-methods %}
{% link_in_list /accessing-github-using-two-factor-authentication %}
{% link_in_list /recovering-your-account-if-you-lose-your-2fa-credentials %}
<!-- if currentVersion == "free-pro-team@latest" -->
{% link_in_list /changing-two-factor-authentication-delivery-methods-for-your-mobile-device %}
{% link_in_list /countries-where-sms-authentication-is-supported %}
<!-- endif -->
{% link_in_list /disabling-two-factor-authentication-for-your-personal-account %}
<!-- if currentVersion == "free-pro-team@latest" -->
{% topic_link_in_list /authenticating-with-saml-single-sign-on %}
{% link_in_list /about-authentication-with-saml-single-sign-on %}
{% link_in_list /authorizing-an-ssh-key-for-use-with-saml-single-sign-on %}
{% link_in_list /authorizing-a-personal-access-token-for-use-with-saml-single-sign-on %}
{% link_in_list /viewing-and-managing-your-active-saml-sessions %}
<!-- endif -->
{% topic_link_in_list /connecting-to-github-with-ssh %}
{% link_in_list /about-ssh %}
{% link_in_list /checking-for-existing-ssh-keys %}
{% link_in_list /generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent %}
{% link_in_list /adding-a-new-ssh-key-to-your-github-account %}
{% link_in_list /testing-your-ssh-connection %}
{% link_in_list /working-with-ssh-key-passphrases %}
{% topic_link_in_list /troubleshooting-ssh %}
<!-- if currentVersion == "free-pro-team@latest" -->
{% link_in_list /using-ssh-over-the-https-port %}
<!-- endif -->
{% link_in_list /recovering-your-ssh-key-passphrase %}
<!-- if currentVersion == "free-pro-team@latest" -->
{% link_in_list /deleted-or-missing-ssh-keys %}
<!-- endif -->
{% link_in_list /error-permission-denied-publickey %}
{% link_in_list /error-bad-file-number %}
{% link_in_list /error-key-already-in-use %}
{% link_in_list /error-permission-to-userrepo-denied-to-other-user %}
{% link_in_list /error-permission-to-userrepo-denied-to-userother-repo %}
{% link_in_list /error-agent-admitted-failure-to-sign %}
{% link_in_list /error-ssh-add-illegal-option----k %}
<!-- if currentVersion == "free-pro-team@latest" -->
{% link_in_list /error-ssl-certificate-problem-verify-that-the-ca-cert-is-ok %}
<!-- endif -->
{% link_in_list /error-were-doing-an-ssh-key-audit %}
{% topic_link_in_list /managing-commit-signature-verification %}
{% link_in_list /about-commit-signature-verification %}
{% link_in_list /checking-for-existing-gpg-keys %}
{% link_in_list /generating-a-new-gpg-key %}
{% link_in_list /adding-a-new-gpg-key-to-your-github-account %}
{% link_in_list /telling-git-about-your-signing-key %}
{% link_in_list /associating-an-email-with-your-gpg-key %}
{% link_in_list /signing-commits %}
{% link_in_list /signing-tags %}
{% topic_link_in_list /troubleshooting-commit-signature-verification %}
{% link_in_list /checking-your-commit-and-tag-signature-verification-status %}
{% link_in_list /updating-an-expired-gpg-key %}
{% link_in_list /using-a-verified-email-address-in-your-gpg-key %}

11
content/github/authenticating-to-github/keeping-your-account-and-data-secure.md Normal file
View File

@@ -0,0 +1,11 @@
---
title: Keeping your account and data secure
intro: 'To protect your personal information, you should keep both your {{ site.data.variables.product.product_name }} account and any associated data secure.'
mapTopic: true
redirect_from:
- /articles/keeping-your-account-and-data-secure
versions:
free-pro-team: '*'
enterprise-server: '*'
---

13
content/github/authenticating-to-github/managing-commit-signature-verification.md Normal file
View File

@@ -0,0 +1,13 @@
---
title: Managing commit signature verification
intro: 'You can sign your work locally using GPG{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.14" %} or S/MIME{% endif %}. {{ site.data.variables.product.product_name }} will verify these signatures so other people will know that your commits come from a trusted source.{% if currentVersion == "free-pro-team@latest" %} {{ site.data.variables.product.product_name }} will automatically sign commits you make using the {{ site.data.variables.product.product_name }} web interface.{% endif %}'
redirect_from:
- /articles/generating-a-gpg-key/
- /articles/signing-commits-with-gpg/
- /articles/managing-commit-signature-verification
mapTopic: true
versions:
free-pro-team: '*'
enterprise-server: '*'
---

24
content/github/authenticating-to-github/preventing-unauthorized-access.md Normal file
View File

@@ -0,0 +1,24 @@
---
title: Preventing unauthorized access
intro: 'You may be alerted to a security incident in the media, such as the discovery of the [Heartbleed bug](http://heartbleed.com/), or your computer could be stolen while you''re signed in to {{ site.data.variables.product.product_location }}. In such cases, changing your password prevents any unintended future access to your account and projects.'
redirect_from:
- /articles/preventing-unauthorized-access
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{{ site.data.variables.product.product_name }} requires a password to perform sensitive actions, such as adding new SSH keys, authorizing applications, or modifying team members.
After changing your password, you should perform these actions to make sure that your account is secure:
- [Enable two-factor authentication](/articles/about-two-factor-authentication) on your account so that access requires more than just a password.
- [Review your SSH keys](/articles/reviewing-your-ssh-keys), [deploy keys](/articles/reviewing-your-deploy-keys), and [authorized integrations](/articles/reviewing-your-authorized-integrations) and revoke unauthorized or unfamiliar access in your SSH and Applications settings.
{% if currentVersion == "free-pro-team@latest" %}
- [Verify all your email addresses](/articles/verifying-your-email-address). If an attacker added their email address to your account, it could allow them to force an unintended password reset.
{% endif %}
- [Review your account's security log](/github/authenticating-to-github/reviewing-your-security-log). This provides an overview on various configurations made to your repositories. For example, you can ensure that no private repositories were turned public, or that no repositories were transferred.
- [Review the webhooks](/articles/creating-webhooks) on your repositories. Webhooks could allow an attacker to intercept pushes made to your repository.
- [Make sure that no new deploy keys](/guides/managing-deploy-keys/#deploy-keys) were created. This could enable outside servers access to your projects.
- Review recent commits made to your repositories.
- Review the list of collaborators for each repository.

103
content/github/authenticating-to-github/recovering-your-account-if-you-lose-your-2fa-credentials.md Normal file
View File

@@ -0,0 +1,103 @@
---
title: Recovering your account if you lose your 2FA credentials
intro: 'If you lose access to your two-factor authentication credentials, you can use your recovery codes, or another recovery option, to regain access to your account.'
redirect_from:
- /articles/recovering-your-account-if-you-lost-your-2fa-credentials/
- /articles/authenticating-with-an-account-recovery-token/
- /articles/recovering-your-account-if-you-lose-your-2fa-credentials
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{% if currentVersion == "free-pro-team@latest" %}
{% warning %}
**Warning**: {{ site.data.reusables.two_fa.support-may-not-help }}
{% endwarning %}
{% endif %}
### Using a two-factor authentication recovery code
Use one of your recovery codes to automatically regain entry into your account. You may have saved your recovery codes to a password manager or your computer's downloads folder. The default filename for recovery codes is `github-recovery-codes.txt`. For more information about recovery codes, see "[Configuring two-factor authentication recovery methods](/articles/configuring-two-factor-authentication-recovery-methods#downloading-your-two-factor-authentication-recovery-codes)."
{{ site.data.reusables.two_fa.username-password }}{% if currentVersion == "free-pro-team@latest" %}
2. Under "Having Problems?", click **Enter a two-factor recovery code**.
![Link to use a recovery code](/assets/images/help/2fa/2fa-recovery-code-link.png){% else %}
2. On the 2FA page, under "Don't have your phone?", click **Enter a two-factor recovery code**.
![Link to use a recovery code](/assets/images/help/2fa/2fa_recovery_dialog_box.png){% endif %}
3. Type one of your recovery codes, then click **Verify**.
![Field to type a recovery code and Verify button](/assets/images/help/2fa/2fa-type-verify-recovery-code.png)
{% if currentVersion == "free-pro-team@latest" %}
### Authenticating with a fallback number
If you lose access to your primary TOTP app or phone number, you can provide a two-factor authentication code sent to your fallback number to automatically regain access to your account.
{% endif %}
### Authenticating with a security key
If you configured two-factor authentication using a security key, you can use your security key as a secondary authentication method to automatically regain access to your account. For more information, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)."
{% if currentVersion == "free-pro-team@latest" %}
### Authenticating with a verified device, SSH token, or personal access token
If you lose access to the two-factor authentication credentials and don't have your two-factor authentication recovery codes, you can have a one-time password sent to your verified email address to begin the verification process and regain access to your account.
{% note %}
**Note**: For security reasons, regaining access to your account by authenticating with a one-time password can take 3-5 business days. Additional requests submitted during this time will not be reviewed.
{% endnote %}
You can use your two-factor authentication credentials or two-factor authentication recovery codes to regain access to your account anytime during the 3-5 day waiting period.
{{ site.data.reusables.two_fa.username-password }}
2. Under "Having Problems?", click **Can't access your two factor device or valid recovery codes?**
![Link if you don't have your 2fa device or recovery codes](/assets/images/help/2fa/no-access-link.png)
3. Click **I understand, get started** to request a reset of your authentication settings.
![Reset authentication settings button](/assets/images/help/2fa/reset-auth-settings.png)
4. Click **Send one-time password** to send a one-time password to all email addresses associated with your account.
![Send one-time password button](/assets/images/help/2fa/send-one-time-password.png)
5. Under "One-time password", type the temporary password from the recovery email {{ site.data.variables.product.prodname_dotcom }} sent.
![One-time password field](/assets/images/help/2fa/one-time-password-field.png)
6. Click **Verify email address**.
7. Choose an alternative verification factor.
- If you've used your current device to log into this account before and would like to use the device for verification, click **Verify this device**.
- If you've previously set up an SSH key on this account and would like to use the SSH key for verification, click **SSH key**.
- If you've previously set up a personal access token and would like to use the personal access token for verification, click **Personal access token**.
![Alternative verification buttons](/assets/images/help/2fa/alt-verifications.png)
8. A member of {{ site.data.variables.contact.github_support }} will review your request and email you within 3-5 business days. If your request is approved, you'll receive a link to complete your account recovery process. If your request is denied, the email will include a way to contact support with any additional questions.
### Authenticating with an account recovery token
If you lose access to the two-factor authentication methods for your {{ site.data.variables.product.product_name }} account, you can retrieve your account recovery token from a partner recovery provider and ask {{ site.data.variables.product.prodname_dotcom }} Support to review it.
If you don't have access to your two-factor authentication methods or recovery codes and you've stored an account recovery token with Facebook using Recover Accounts Elsewhere, you may be able to use your token to regain access to your account.
If you're unable to regain access to your account, generate a one-time password to regain access. For more information, see "[Authenticating with a verified device, SSH token, or personal access token](#authenticating-with-a-verified-device-ssh-token-or-personal-access-token)."
{% warning %}
**Warnings:**
- Before you retrieve an account recovery token, you should try using your [two-factor authentication codes](/articles/accessing-github-using-two-factor-authentication) or your two-factor authentication recovery codes to regain access to your account. For more information, see "[Recovering your account if you lose your 2FA credentials](/articles/recovering-your-account-if-you-lose-your-2fa-credentials)."
{% endwarning %}
1. On Facebook, navigate to your [Security Settings](https://www.facebook.com/settings?tab=security), then click **Recover Accounts Elsewhere**.
![Facebook security settings page with Recover Accounts Elsewhere link](/assets/images/help/settings/security-facebook-security-settings-page.png)
2. Click the recovery token associated with your {{ site.data.variables.product.product_name }} account.
![List of recovery tokens stored on Facebook](/assets/images/help/settings/security-github-rae-token-on-facebook.png)
3. To redeem your account recovery token, click **Recover This Account**. A new window will open, returning you to {{ site.data.variables.product.product_name }}.
![Modal box with information about your recovery token and Recover This Account button](/assets/images/help/settings/security-recover-account-facebook.png)
4. Contact {{ site.data.variables.contact.contact_support }} to let them know that your account recovery token is ready for review.
{% endif %}
### Further reading
- "[About two-factor authentication](/articles/about-two-factor-authentication)"
- "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)"
- "[Configuring two-factor authentication recovery methods](/articles/configuring-two-factor-authentication-recovery-methods)"
- "[Accessing {{ site.data.variables.product.prodname_dotcom }} using two-factor authentication](/articles/accessing-github-using-two-factor-authentication)"

38
content/github/authenticating-to-github/recovering-your-ssh-key-passphrase.md Normal file
View File

@@ -0,0 +1,38 @@
---
title: Recovering your SSH key passphrase
intro: 'If you''ve lost your SSH key passphrase, depending on the operating system you use, you may either recover it or you may need to generate a new SSH key passphrase.'
redirect_from:
- /articles/how-do-i-recover-my-passphrase/
- /articles/how-do-i-recover-my-ssh-key-passphrase/
- /articles/recovering-your-ssh-key-passphrase
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{% mac %}
If you [configured your SSH passphrase with the OS X Keychain](/articles/working-with-ssh-key-passphrases#saving-your-passphrase-in-the-keychain), you may be able to recover it.
1. In Finder, search for the **Keychain Access** app.
![Spotlight Search bar](/assets/images/help/setup/keychain-access.png)
2. In Keychain Access, search for **SSH**.
3. Double click on the entry for your SSH key to open a new dialog box.
4. In the lower-left corner, select **Show password**.
![Keychain access dialog](/assets/images/help/setup/keychain_show_password_dialog.png)
5. You'll be prompted for your administrative password. Type it into the "Keychain Access" dialog box.
6. Your password will be revealed.
{% endmac %}
{% windows %}
If you lose your SSH key passphrase, there's no way to recover it. You'll need to [generate a brand new SSH keypair](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) or [switch to HTTPS cloning](/articles/changing-a-remote-s-url/#switching-remote-urls-from-ssh-to-https) so you can use your GitHub password instead.
{% endwindows %}
{% linux %}
If you lose your SSH key passphrase, there's no way to recover it. You'll need to [generate a brand new SSH keypair](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) or [switch to HTTPS cloning](/articles/which-remote-url-should-i-use/#cloning-with-https-urls) so you can use your GitHub password instead.
{% endlinux %}

149
content/github/authenticating-to-github/removing-sensitive-data-from-a-repository.md Normal file
View File

@@ -0,0 +1,149 @@
---
title: Removing sensitive data from a repository
intro: 'If you commit sensitive data, such as a password or SSH key into a Git repository, you can remove it from the history. To entirely remove unwanted files from a repository''s history you can use either the `git filter-branch` command or the BFG Repo-Cleaner open source tool.'
redirect_from:
- /remove-sensitive-data/
- /removing-sensitive-data/
- /articles/remove-sensitive-data/
- /articles/removing-sensitive-data-from-a-repository
versions:
free-pro-team: '*'
enterprise-server: '*'
---
The `git filter-branch` command and the BFG Repo-Cleaner rewrite your repository's history, which changes the SHAs for existing commits that you alter and any dependent commits. Changed commit SHAs may affect open pull requests in your repository. We recommend merging or closing all open pull requests before removing files from your repository.
You can remove the file from the latest commit with `git rm`. For information on removing a file that was added with the latest commit, see "[Removing files from a repository's history](/articles/removing-files-from-a-repository-s-history)."
{% warning %}
**Warning: Once you have pushed a commit to {{ site.data.variables.product.product_name }}, you should consider any data it contains to be compromised.** If you committed a password, change it! If you committed a key, generate a new one.
This article tells you how to make commits with sensitive data unreachable from any branches or tags in your {{ site.data.variables.product.product_name }} repository. However, it's important to note that those commits may still be accessible in any clones or forks of your repository, directly via their SHA-1 hashes in cached views on {{ site.data.variables.product.product_name }}, and through any pull requests that reference them. You can't do anything about existing clones or forks of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on {{ site.data.variables.product.product_name }} by contacting {{ site.data.variables.contact.contact_support }}.
{% endwarning %}
### Purging a file from your repository's history
#### Using the BFG
The [BFG Repo-Cleaner](http://rtyley.github.io/bfg-repo-cleaner/) is a tool that's built and maintained by the open source community. It provides a faster, simpler alternative to `git filter-branch` for removing unwanted data. For example, to remove your file with sensitive data and leave your latest commit untouched, run:
```shell
$ bfg --delete-files <em>YOUR-FILE-WITH-SENSITIVE-DATA</em>
```
To replace all text listed in `passwords.txt` wherever it can be found in your repository's history, run:
```shell
$ bfg --replace-text passwords.txt
```
See the [BFG Repo-Cleaner](http://rtyley.github.io/bfg-repo-cleaner/)'s documentation for full usage and download instructions.
#### Using filter-branch
{% warning %}
**Warning:** If you run `git filter-branch` after stashing changes, you won't be able to retrieve your changes with other stash commands. Before running `git filter-branch`, we recommend unstashing any changes you've made. To unstash the last set of changes you've stashed, run `git stash show -p | git apply -R`. For more information, see [Git Tools Stashing](https://git-scm.com/book/en/v1/Git-Tools-Stashing).
{% endwarning %}
To illustrate how `git filter-branch` works, we'll show you how to remove your file with sensitive data from the history of your repository and add it to `.gitignore` to ensure that it is not accidentally re-committed.
1. If you don't already have a local copy of your repository with sensitive data in its history, [clone the repository](/articles/cloning-a-repository/) to your local computer.
```shell
$ git clone https://{{ site.data.variables.command_line.codeblock }}/<em>YOUR-USERNAME</em>/<em>YOUR-REPOSITORY</em>
> Initialized empty Git repository in /Users/<em>YOUR-FILE-PATH</em>/<em>YOUR-REPOSITORY</em>/.git/
> remote: Counting objects: 1301, done.
> remote: Compressing objects: 100% (769/769), done.
> remote: Total 1301 (delta 724), reused 910 (delta 522)
> Receiving objects: 100% (1301/1301), 164.39 KiB, done.
> Resolving deltas: 100% (724/724), done.
```
2. Navigate into the repository's working directory.
```shell
$ cd <em>YOUR-REPOSITORY</em>
```
3. Run the following command, replacing `PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA` with the **path to the file you want to remove, not just its filename**. These arguments will:
- Force Git to process, but not check out, the entire history of every branch and tag
- Remove the specified file, as well as any empty commits generated as a result
- **Overwrite your existing tags**
```shell
$ git filter-branch --force --index-filter \
"git rm --cached --ignore-unmatch <em>PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA</em>" \
--prune-empty --tag-name-filter cat -- --all
> Rewrite 48dc599c80e20527ed902928085e7861e6b3cbe6 (266/266)
> Ref 'refs/heads/master' was rewritten
```
{% note %}
**Note:** If the file with sensitive data used to exist at any other paths (because it was moved or renamed), you must run this command on those paths, as well.
{% endnote %}
4. Add your file with sensitive data to `.gitignore` to ensure that you don't accidentally commit it again.
```shell
$ echo "<em>YOUR-FILE-WITH-SENSITIVE-DATA</em>" >> .gitignore
$ git add .gitignore
$ git commit -m "Add <em>YOUR-FILE-WITH-SENSITIVE-DATA</em> to .gitignore"
> [master 051452f] Add <em>YOUR-FILE-WITH-SENSITIVE-DATA</em> to .gitignore
> 1 files changed, 1 insertions(+), 0 deletions(-)
```
5. Double-check that you've removed everything you wanted to from your repository's history, and that all of your branches are checked out.
6. Once you're happy with the state of your repository, force-push your local changes to overwrite your {{ site.data.variables.product.product_name }} repository, as well as all the branches you've pushed up:
```shell
$ git push origin --force --all
> Counting objects: 1074, done.
> Delta compression using 2 threads.
> Compressing objects: 100% (677/677), done.
> Writing objects: 100% (1058/1058), 148.85 KiB, done.
> Total 1058 (delta 590), reused 602 (delta 378)
> To https://{{ site.data.variables.command_line.codeblock }}/<em>YOUR-USERNAME</em>/<em>YOUR-REPOSITORY</em>.git
> + 48dc599...051452f master -> master (forced update)
```
7. In order to remove the sensitive file from [your tagged releases](/articles/about-releases), you'll also need to force-push against your Git tags:
```shell
$ git push origin --force --tags
> Counting objects: 321, done.
> Delta compression using up to 8 threads.
> Compressing objects: 100% (166/166), done.
> Writing objects: 100% (321/321), 331.74 KiB | 0 bytes/s, done.
> Total 321 (delta 124), reused 269 (delta 108)
> To https://{{ site.data.variables.command_line.codeblock }}/<em>YOUR-USERNAME</em>/<em>YOUR-REPOSITORY</em>.git
> + 48dc599...051452f master -> master (forced update)
```
8. Contact {{ site.data.variables.contact.contact_support }}, asking them to remove cached views and references to the sensitive data in pull requests on {{ site.data.variables.product.product_name }}.
9. Tell your collaborators to [rebase](https://git-scm.com/book/en/Git-Branching-Rebasing), *not* merge, any branches they created off of your old (tainted) repository history. One merge commit could reintroduce some or all of the tainted history that you just went to the trouble of purging.
10. After some time has passed and you're confident that `git filter-branch` had no unintended side effects, you can force all objects in your local repository to be dereferenced and garbage collected with the following commands (using Git 1.8.5 or newer):
```shell
$ git for-each-ref --format="delete %(refname)" refs/original | git update-ref --stdin
$ git reflog expire --expire=now --all
$ git gc --prune=now
> Counting objects: 2437, done.
> Delta compression using up to 4 threads.
> Compressing objects: 100% (1378/1378), done.
> Writing objects: 100% (2437/2437), done.
> Total 2437 (delta 1461), reused 1802 (delta 1048)
```
{% note %}
**Note:** You can also achieve this by pushing your filtered history to a new or empty repository and then making a fresh clone from {{ site.data.variables.product.product_name }}.
{% endnote %}
## Avoiding accidental commits in the future
There are a few simple tricks to avoid committing things you don't want committed:
- Use a visual program like [{{ site.data.variables.product.prodname_desktop }}](https://desktop.github.com/) or [gitk](https://git-scm.com/docs/gitk) to commit changes. Visual programs generally make it easier to see exactly which files will be added, deleted, and modified with each commit.
- Avoid the catch-all commands `git add .` and `git commit -a` on the command line—use `git add filename` and `git rm filename` to individually stage files, instead.
- Use `git add --interactive` to individually review and stage changes within each file.
- Use `git diff --cached` to review the changes that you have staged for commit. This is the exact diff that `git commit` will produce as long as you don't use the `-a` flag.
### Further reading
- [`git filter-branch` main page](https://git-scm.com/docs/git-filter-branch)
- [Pro Git: Git Tools - Rewriting History](https://git-scm.com/book/en/Git-Tools-Rewriting-History)

19
content/github/authenticating-to-github/reviewing-your-authorized-applications-oauth.md Normal file
View File

@@ -0,0 +1,19 @@
---
title: Reviewing your authorized applications (OAuth)
intro: 'You should review your authorized applications to verify that no new applications with expansive permissions are authorized, such as those that have access to your private repositories.'
redirect_from:
- /articles/reviewing-your-authorized-applications-oauth
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.access_applications }}
{{ site.data.reusables.user_settings.access_authorized_oauth_apps }}
{{ site.data.reusables.user_settings.review-oauth-apps }}
### Further reading
{% if currentVersion == "free-pro-team@latest" %}
- "[About integrations](/articles/about-integrations)"{% endif %}
- "[Reviewing your authorized integrations](/articles/reviewing-your-authorized-integrations)"

30
content/github/authenticating-to-github/reviewing-your-authorized-integrations.md Normal file
View File

@@ -0,0 +1,30 @@
---
title: Reviewing your authorized integrations
intro: You can review your authorized integrations to audit the access that each integration has to your account and data.
redirect_from:
- /articles/reviewing-your-authorized-integrations
versions:
free-pro-team: '*'
enterprise-server: '*'
---
### Reviewing your authorized {{ site.data.variables.product.prodname_oauth_app }}s
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.access_applications }}
{{ site.data.reusables.user_settings.access_authorized_oauth_apps }}
{{ site.data.reusables.user_settings.review-oauth-apps }}
### Reviewing your authorized {{ site.data.variables.product.prodname_github_app }}s
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.access_applications }}
3. Click the **Authorized {{ site.data.variables.product.prodname_github_app }}s** tab.
![Authorized {{ site.data.variables.product.prodname_github_app }}s tab](/assets/images/help/settings/settings-authorized-github-apps-tab.png)
3. Review the {{ site.data.variables.product.prodname_github_app }}s that have access to your account. For those that you don't recognize or that are out of date, click **Revoke**. To revoke all {{ site.data.variables.product.prodname_github_app }}s, click **Revoke all**.
![List of authorized {{ site.data.variables.product.prodname_github_app }}](/assets/images/help/settings/revoke-github-app.png)
### Further reading
{% if currentVersion == "free-pro-team@latest" %}
- "[About integrations](/articles/about-integrations)"{% endif %}
- "[Reviewing your authorized applications (OAuth)](/articles/reviewing-your-authorized-applications-oauth)"

18
content/github/authenticating-to-github/reviewing-your-deploy-keys.md Normal file
View File

@@ -0,0 +1,18 @@
---
title: Reviewing your deploy keys
intro: You should review deploy keys to ensure that there aren't any unauthorized (or possibly compromised) keys. You can also approve existing deploy keys that are valid.
redirect_from:
- /articles/reviewing-your-deploy-keys
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{{site.data.reusables.repositories.navigate-to-repo}}
{{site.data.reusables.repositories.sidebar-settings}}
3. In the left sidebar, click **Deploy keys**.
![Deploy keys setting](/assets/images/help/settings/settings-sidebar-deploy-keys.png)
4. On the Deploy keys page, take note of the deploy keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid deploy keys you'd like to keep, click **Approve**.
![Deploy key list](/assets/images/help/settings/settings-deploy-key-review.png)
For more information, see "[Managing deploy keys](/guides/managing-deploy-keys)."

247
content/github/authenticating-to-github/reviewing-your-security-log.md Normal file
View File

@@ -0,0 +1,247 @@
---
title: Reviewing your security log
intro: You can review the security log for your user account to better understand actions you've performed and actions others have performed that involve you.
redirect_from:
- /articles/reviewing-your-security-log
versions:
free-pro-team: '*'
enterprise-server: '*'
---
### Accessing your security log
The security log lists all actions performed within the last 90 days{% if currentVersion ver_lt "enterprise-server@2.20" %}, up to 50{% endif %}.
{{ site.data.reusables.user_settings.access_settings }}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" %}
2. In the user settings sidebar, click **Security log**.
![Security log tab](/assets/images/help/settings/audit-log-tab.png)
{% else %}
{{ site.data.reusables.user_settings.security }}
3. Under "Security history," your log is displayed.
![Security log](/assets/images/help/settings/user_security_log.png)
4. Click on an entry to see more information about the event.
![Security log](/assets/images/help/settings/user_security_history_action.png)
{% endif %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" %}
### Searching your security log
{{ site.data.reusables.audit_log.audit-log-search }}
#### Search based on the action performed
{% else %}
### Understanding events in your security log
Actions listed in your security log are grouped within the following categories:
{% endif %}
| Category Name | Description
|------------------|-------------------{% if currentVersion == "free-pro-team@latest" %}
| `account_recovery_token` | Contains all activities related to [adding a recovery token](/articles/configuring-two-factor-authentication-recovery-methods).
| `billing` | Contains all activities related to your billing information.
| `marketplace_agreement_signature` | Contains all activities related to signing the {{ site.data.variables.product.prodname_marketplace }} Developer Agreement.
| `marketplace_listing` | Contains all activities related to listing apps in {{ site.data.variables.product.prodname_marketplace }}.{% endif %}
| `oauth_access` | Contains all activities related to [{{ site.data.variables.product.prodname_oauth_app }}s](/articles/authorizing-oauth-apps) you've connected with.{% if currentVersion == "free-pro-team@latest" %}
| `payment_method` | Contains all activities related to paying for your {{ site.data.variables.product.prodname_dotcom }} subscription.{% endif %}
| `profile_picture` | Contains all activities related to your profile picture.
| `project` | Contains all activities related to project boards.
| `public_key` | Contains all activities related to [your public SSH keys](/articles/adding-a-new-ssh-key-to-your-github-account).
| `repo` | Contains all activities related to the repositories you own.{% if currentVersion == "free-pro-team@latest" %}
| `sponsors` | Contains all events related to {{ site.data.variables.product.prodname_sponsors }} and sponsor buttons (see "[About {{ site.data.variables.product.prodname_sponsors }}](/articles/about-github-sponsors)" and "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% if currentVersion != "free-pro-team@latest" %}
| `team` | Contains all activities related to teams you are a part of.{% endif %}
| `two_factor_authentication` | Contains all activities related to [two-factor authentication](/articles/securing-your-account-with-two-factor-authentication-2fa).
| `user` | Contains all activities related to your account.
A description of the events within these categories is listed below.
{% if currentVersion == "free-pro-team@latest" %}
#### The `account_recovery_token` category
| Action | Description
|------------------|-------------------
| confirm | Triggered when you successfully [store a new token with a recovery provider](/articles/configuring-two-factor-authentication-recovery-methods).
| recover | Triggered when you successfully [redeem an account recovery token](/articles/recovering-your-account-if-you-lose-your-2fa-credentials).
| recover_error | Triggered when a token is used but {{ site.data.variables.product.prodname_dotcom }} is not able to validate it.
#### The `billing` category
| Action | Description
|------------------|-------------------
| change_billing_type | Triggered when you [change how you pay](/articles/adding-or-editing-a-payment-method) for {{ site.data.variables.product.prodname_dotcom }}.
| change_email | Triggered when you [change your email address](/articles/changing-your-primary-email-address).
#### The `marketplace_agreement_signature` category
| Action | Description
|------------------|-------------------
| create | Triggered when you sign the {{ site.data.variables.product.prodname_marketplace }} Developer Agreement.
#### The `marketplace_listing` category
| Action | Description
|------------------|-------------------
| approve | Triggered when your listing is approved for inclusion in {{ site.data.variables.product.prodname_marketplace }}.
| create | Triggered when you create a listing for your app in {{ site.data.variables.product.prodname_marketplace }}.
| delist | Triggered when your listing is removed from {{ site.data.variables.product.prodname_marketplace }}.
| redraft | Triggered when your listing is sent back to draft state.
| reject | Triggered when your listing is not accepted for inclusion in {{ site.data.variables.product.prodname_marketplace }}.
{% endif %}
#### The `oauth_access` category
| Action | Description
|------------------|-------------------
| create | Triggered when you [grant access to an {{ site.data.variables.product.prodname_oauth_app }}](/articles/authorizing-oauth-apps).
| destroy | Triggered when you [revoke an {{ site.data.variables.product.prodname_oauth_app }}'s access to your account](/articles/reviewing-your-authorized-integrations).
{% if currentVersion == "free-pro-team@latest" %}
#### The `payment_method` category
| Action | Description
|------------------|-------------------
| clear | Triggered when [a payment method](/articles/removing-a-payment-method) on file is removed.
| create | Triggered when a new payment method is added, such as a new credit card or PayPal account.
| update | Triggered when an existing payment method is updated.
{% endif %}
#### The `profile_picture` category
| Action | Description
|------------------|-------------------
| update | Triggered when you [set or update your profile picture](/articles/setting-your-profile-picture/).
#### The `project` category
| Action | Description
|--------------------|---------------------
| `create` | Triggered when a project board is created.
| `rename` | Triggered when a project board is renamed.
| `update` | Triggered when a project board is updated.
| `delete` | Triggered when a project board is deleted.
| `link` | Triggered when a repository is linked to a project board.
| `unlink` | Triggered when a repository is unlinked from a project board.
| `project.access` | Triggered when a project board's visibility is changed.
| `update_user_permission` | Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed.
#### The `public_key` category
| Action | Description
|------------------|-------------------
| create | Triggered when you [add a new public SSH key to your {{ site.data.variables.product.product_name }} account](/articles/adding-a-new-ssh-key-to-your-github-account).
| delete | Triggered when you [remove a public SSH key to your {{ site.data.variables.product.product_name }} account](/articles/reviewing-your-ssh-keys).
#### The `repo` category
| Action | Description
|------------------|-------------------
| access | Triggered when you a repository you own is [switched from "private" to "public"](/articles/making-a-private-repository-public) (or vice versa).
| add_member | Triggered when a {{ site.data.variables.product.product_name }} user is {% if currentVersion == "free-pro-team@latest" %}[invited to have collaboration access](/articles/inviting-collaborators-to-a-personal-repository){% else %}[given collaboration access](/articles/inviting-collaborators-to-a-personal-repository){% endif %} to a repository.
| add_topic | Triggered when a repository owner [adds a topic](/articles/classifying-your-repository-with-topics) to a repository.
| archived | Triggered when a repository owner [archives a repository](/articles/about-archiving-repositories).{% if currentVersion != "free-pro-team@latest" %}
| config.disable_anonymous_git_access | Triggered when [anonymous Git read access is disabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository.
| config.enable_anonymous_git_access | Triggered when [anonymous Git read access is enabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository.
| config.lock_anonymous_git_access | Triggered when a repository's [anonymous Git read access setting is locked](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access).
| config.unlock_anonymous_git_access | Triggered when a repository's [anonymous Git read access setting is unlocked](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access).{% endif %}
| create | Triggered when [a new repository is created](/articles/creating-a-new-repository).
| destroy | Triggered when [a repository is deleted](/articles/deleting-a-repository).{% if currentVersion == "free-pro-team@latest" %}
| disable | Triggered when a repository is disabled (e.g., for [insufficient funds](/articles/unlocking-a-locked-account)).{% endif %}{% if currentVersion == "free-pro-team@latest" %}
| enable | Triggered when a repository is re-enabled.{% endif %}
| remove_member | Triggered when a {{ site.data.variables.product.product_name }} user is [removed from a repository as a collaborator](/articles/removing-a-collaborator-from-a-personal-repository).
| remove_topic | Triggered when a repository owner removes a topic from a repository.
| rename | Triggered when [a repository is renamed](/articles/renaming-a-repository).
| transfer | Triggered when [a repository is transferred](/articles/how-to-transfer-a-repository).
| transfer_start | Triggered when a repository transfer is about to occur.
| unarchived | Triggered when a repository owner unarchives a repository.
{% if currentVersion == "free-pro-team@latest" %}
#### The `sponsors` category
| Action | Description
|------------------|-------------------
| repo_funding_link_button_toggle | Triggered when you enable or disable a sponsor button in your repository (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)")
| repo_funding_links_file_action | Triggered when you change the FUNDING file in your repository (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)")
| sponsor_sponsorship_cancel | Triggered when you cancel a sponsorship (see "[Downgrading a sponsorship](/articles/downgrading-a-sponsorship)")
| sponsor_sponsorship_create | Triggered when you sponsor a developer (see "[Sponsoring an open source contributor](/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-an-open-source-contributor#sponsoring-a-developer)")
| sponsor_sponsorship_preference_change | Triggered when you change whether you receive email updates from a sponsored developer (see "[Managing your sponsorship](/articles/managing-your-sponsorship)")
| sponsor_sponsorship_tier_change | Triggered when you upgrade or downgrade your sponsorship (see "[Upgrading a sponsorship](/articles/upgrading-a-sponsorship)" and "[Downgrading a sponsorship](/articles/downgrading-a-sponsorship)")
| sponsored_developer_approve | Triggered when your {{ site.data.variables.product.prodname_sponsors }} account is approved (see "[Setting up {{ site.data.variables.product.prodname_sponsors }} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| sponsored_developer_create | Triggered when your {{ site.data.variables.product.prodname_sponsors }} account is created (see "[Setting up {{ site.data.variables.product.prodname_sponsors }} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| sponsored_developer_profile_update | Triggered when you edit your sponsored developer profile (see "[Editing your profile details for {{ site.data.variables.product.prodname_sponsors }}](/github/supporting-the-open-source-community-with-github-sponsors/editing-your-profile-details-for-github-sponsors)")
| sponsored_developer_request_approval | Triggered when you submit your application for {{ site.data.variables.product.prodname_sponsors }} for approval (see "[Setting up {{ site.data.variables.product.prodname_sponsors }} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| sponsored_developer_tier_description_update | Triggered when you change the description for a sponsorship tier (see "[Changing your sponsorship tiers](/articles/changing-your-sponsorship-tiers)")
| sponsored_developer_update_newsletter_send | Triggered when you send an email update to your sponsors (see "[Contacting your sponsors](/articles/contacting-your-sponsors)")
| waitlist_invite_sponsored_developer | Triggered when you are invited to join {{ site.data.variables.product.prodname_sponsors }} from the waitlist (see "[Setting up {{ site.data.variables.product.prodname_sponsors }} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| waitlist_join | Triggered when you join the waitlist to become a sponsored developer (see "[Setting up {{ site.data.variables.product.prodname_sponsors }} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
#### The `successor_invitation` category
| Action | Description
|------------------|-------------------
| accept | Triggered when you accept a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)")
| cancel | Triggered when you cancel a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)")
| create | Triggered when you create a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)")
| decline | Triggered when you decline a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)")
| revoke | Triggered when you revoke a succession invitation (see "[Maintaining ownership continuity of your user account's repositories](/github/setting-up-and-managing-your-github-user-account/maintaining-ownership-continuity-of-your-user-accounts-repositories)")
{% endif %}
{% if currentVersion != "free-pro-team@latest" %}
#### The `team` category
| Action | Description
|------------------|-------------------
| add_member | Triggered when a member of an organization you belong to [adds you to a team](/articles/adding-organization-members-to-a-team).
| add_repository | Triggered when a team you are a member of is given control of a repository.
| create | Triggered when a new team in an organization you belong to is created.
| destroy | Triggered when a team you are a member of is deleted from the organization.
| remove_member | Triggered when a member of an organization is [removed from a team](/articles/removing-organization-members-from-a-team) you are a member of.
| remove_repository | Triggered when a repository is no longer under a team's control.
{% endif %}
#### The `two_factor_authentication` category
| Action | Description
|------------------|-------------------
| enabled | Triggered when [two-factor authentication](/articles/securing-your-account-with-two-factor-authentication-2fa) is enabled.
| disabled | Triggered when two-factor authentication is disabled.
#### The `user` category
| Action | Description
|--------------------|---------------------
| add_email | Triggered when you [add a new email address](/articles/changing-your-primary-email-address).
| create | Triggered when you create a new user account.
| remove_email | Triggered when you remove an email address.
| rename | Triggered when you rename your account.
| change_password | Triggered when you change your password.
| forgot_password | Triggered when you ask for [a password reset](/articles/how-can-i-reset-my-password).
| login | Triggered when you log in to {{ site.data.variables.product.product_location }}.
| failed_login | Triggered when you failed to log in successfully.
| two_factor_requested | Triggered when {{ site.data.variables.product.product_name }} asks you for [your two-factor authentication code](/articles/accessing-github-using-two-factor-authentication).
| show_private_contributions_count | Triggered when you [publicize private contributions on your profile](/articles/publicizing-or-hiding-your-private-contributions-on-your-profile).
| hide_private_contributions_count | Triggered when you [hide private contributions on your profile](/articles/publicizing-or-hiding-your-private-contributions-on-your-profile).{% if currentVersion == "free-pro-team@latest" %}
| report_content | Triggered when you [report an issue or pull request, or a comment on an issue, pull request, or commit](/articles/reporting-abuse-or-spam).{% endif %}
#### The `user_status` category
| Action | Description
|--------------------|---------------------
| update | Triggered when you set or change the status on your profile. For more information, see "[Setting a status](/articles/personalizing-your-profile/#setting-a-status)."
| destroy | Triggered when you clear the status on your profile.
{% if currentVersion == "free-pro-team@latest" %}
### Exporting your security log
{{ site.data.reusables.audit_log.export-log }}
{{ site.data.reusables.audit_log.exported-log-keys-and-values }}
{% endif %}

120
content/github/authenticating-to-github/reviewing-your-ssh-keys.md Normal file
View File

@@ -0,0 +1,120 @@
---
title: Reviewing your SSH keys
intro: 'To keep your credentials secure, you should regularly audit your SSH keys, deploy keys, and review authorized applications that access your {{ site.data.variables.product.product_name }} account.'
redirect_from:
- /articles/keeping-your-application-access-tokens-safe/
- /articles/keeping-your-ssh-keys-and-application-access-tokens-safe/
- /articles/reviewing-your-ssh-keys
versions:
free-pro-team: '*'
enterprise-server: '*'
---
You can delete unauthorized (or possibly compromised) SSH keys to ensure that an attacker no longer has access to your repositories. You can also approve existing SSH keys that are valid.
{% mac %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
3. On the SSH Settings page, take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid SSH keys you'd like to keep, click **Approve**.
![SSH key list](/assets/images/help/settings/settings-ssh-key-review.png)
{% tip %}
**Note:** If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. ![Unverified SSH key](/assets/images/help/settings/settings-ssh-key-review-highlight.png)
{% endtip %}
4. Open Terminal.
5. {{ site.data.reusables.command_line.start_ssh_agent }}
6. Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:
```shell
$ ssh-add -l
> 2048 <em>a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
If you're using OpenSSH 6.8 or newer:
```shell
$ ssh-add -l -E md5
> 2048 <em>MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
7. The SSH keys on {{ site.data.variables.product.product_name }} *should* match the same keys on your computer.
{% endmac %}
{% windows %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
3. On the SSH Settings page, take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid SSH keys you'd like to keep, click **Approve**.
![SSH key list](/assets/images/help/settings/settings-ssh-key-review.png)
{% tip %}
**Note:** If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys.![Unverified SSH key](/assets/images/help/settings/settings-ssh-key-review-highlight.png)
{% endtip %}
4. Open Git Bash. If you're using Git Shell, which is included in {{ site.data.variables.product.prodname_desktop }}, open Git Shell and skip to step 6.
5. {{ site.data.reusables.desktop.windows_git_bash_turn_on_ssh_agent }}
{{ site.data.reusables.desktop.windows_git_for_windows_turn_on_ssh_agent }}
6. Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:
```shell
$ ssh-add -l
> 2048 <em>a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
If you're using OpenSSH 6.8 or newer:
```shell
$ ssh-add -l -E md5
> 2048 <em>MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
7. The SSH keys on {{ site.data.variables.product.product_name }} *should* match the same keys on your computer.
{% endwindows %}
{% linux %}
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.ssh }}
3. On the SSH Settings page, take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid SSH keys you'd like to keep, click **Approve**.
![SSH key list](/assets/images/help/settings/settings-ssh-key-review.png)
{% tip %}
**Note:** If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. ![Unverified SSH key](/assets/images/help/settings/settings-ssh-key-review-highlight.png)
{% endtip %}
4. Open Terminal.
5. {{ site.data.reusables.command_line.start_ssh_agent }}
6. Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:
```shell
$ ssh-add -l
> 2048 <em>a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
If you're using OpenSSH 6.8 or newer:
```shell
$ ssh-add -l -E md5
> 2048 <em>MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d</em> /Users/<em>USERNAME</em>/.ssh/id_rsa (RSA)
```
7. The SSH keys on {{ site.data.variables.product.product_name }} *should* match the same keys on your computer.
{% endlinux %}
{% warning %}
**Warning**: If you see an SSH key you're not familiar with on {{ site.data.variables.product.product_name }}, delete it immediately and contact {{ site.data.variables.contact.contact_support }} for further help. An unidentified public key may indicate a possible security concern.
{% endwarning %}

13
content/github/authenticating-to-github/securing-your-account-with-two-factor-authentication-2fa.md Normal file
View File

@@ -0,0 +1,13 @@
---
title: Securing your account with two-factor authentication (2FA)
intro: 'You can set up your {{ site.data.variables.product.product_name }} account to require an authentication code in addition to your password when you sign in.'
redirect_from:
- /categories/84/articles/
- /categories/two-factor-authentication-2fa/
- /articles/securing-your-account-with-two-factor-authentication-2fa
mapTopic: true
versions:
free-pro-team: '*'
enterprise-server: '*'
---

53
content/github/authenticating-to-github/signing-commits.md Normal file
View File

@@ -0,0 +1,53 @@
---
title: Signing commits
intro: 'You can sign commits locally using GPG{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.14" %} or S/MIME{% endif %}.'
redirect_from:
- /articles/signing-commits-and-tags-using-gpg/
- /articles/signing-commits-using-gpg/
- /articles/signing-commits
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{{ site.data.reusables.gpg.desktop-support-for-commit-signing }}
{% tip %}
**Tips:**
To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run `git config commit.gpgsign true`. To sign all commits by default in any local repository on your computer, run `git config --global commit.gpgsign true`.
To store your GPG key passphrase so you don't have to enter it every time you sign a commit, we recommend using the following tools:
- For Mac users, the [GPG Suite](https://gpgtools.org/) allows you to store your GPG key passphrase in the Mac OS Keychain.
- For Windows users, the [Gpg4win](https://www.gpg4win.org/) integrates with other Windows tools.
You can also manually configure [gpg-agent](http://linux.die.net/man/1/gpg-agent) to save your GPG key passphrase, but this doesn't integrate with Mac OS Keychain like ssh-agent and requires more setup.
{% endtip %}
If you have multiple keys or are attempting to sign commits or tags with a key that doesn't match your committer identity, you should [tell Git about your signing key](/articles/telling-git-about-your-signing-key).
1. When committing changes in your local branch, add the -S flag to the git commit command:
```shell
$ git commit -S -m <em>your commit message</em>
# Creates a signed commit
```
2. If you're using GPG, after you create your commit, provide the passphrase you set up when you [generated your GPG key](/articles/generating-a-new-gpg-key).
3. When you've finished creating commits locally, push them to your remote repository on {{ site.data.variables.product.product_name }}:
```shell
$ git push
# Pushes your local commits to the remote repository
```
4. On {{ site.data.variables.product.product_name }}, navigate to your pull request.
{{ site.data.reusables.repositories.review-pr-commits }}
5. To view more detailed information about the verified signature, click Verified.
![Signed commit](/assets/images/help/commits/gpg-signed-commit-verified-without-details.png)
### Further reading
* "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
* "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
* "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
* "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
* "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
* "[Signing tags](/articles/signing-tags)"

33
content/github/authenticating-to-github/signing-tags.md Normal file
View File

@@ -0,0 +1,33 @@
---
title: Signing tags
intro: You can sign tags locally using GPG or S/MIME.
redirect_from:
- /articles/signing-tags-using-gpg/
- /articles/signing-tags
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{{ site.data.reusables.gpg.desktop-support-for-commit-signing }}
1. To sign a tag, add `-s` to your `git tag` command.
```shell
$ git tag -s <em>mytag</em>
# Creates a signed tag
```
2. Verify your signed tag it by running `git tag -v [tag-name]`.
```shell
$ git tag -v <em>mytag</em>
# Verifies the signed tag
```
### Further reading
- "[Viewing your repository's tags](/articles/viewing-your-repositorys-tags)"
- "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
- "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
- "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
- "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
- "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
- "[Signing commits](/articles/signing-commits)"

17
content/github/authenticating-to-github/sudo-mode.md Normal file
View File

@@ -0,0 +1,17 @@
---
title: Sudo mode
intro: '{{ site.data.variables.product.product_name }} asks you for your password before you can modify your email address, authorize third-party applications, or add new public keys, or initiate other *sudo-protected* actions.'
redirect_from:
- /articles/sudo-mode
versions:
free-pro-team: '*'
enterprise-server: '*'
---
After you've performed a sudo-protected action, you'll only be asked to re-authenticate again after a few hours of inactivity. Every sudo-protected action resets this timer.
![Sudo Mode Dialog](/assets/images/help/settings/sudo_mode_popup.png)
### Further reading
- [Unix `sudo` command](http://en.wikipedia.org/wiki/Sudo)

113
content/github/authenticating-to-github/telling-git-about-your-signing-key.md Normal file
View File

@@ -0,0 +1,113 @@
---
title: Telling Git about your signing key
intro: 'To sign commits locally, you need to inform Git that there''s a GPG{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.14" %} or X.509{% endif %} key you''d like to use.'
redirect_from:
- /articles/telling-git-about-your-gpg-key/
- /articles/telling-git-about-your-signing-key
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{% mac %}
### Telling Git about your GPG key
If you're using a GPG key that matches your committer identity and your verified email address associated with your {{ site.data.variables.product.product_name }} account, then you can begin signing commits and signing tags.
{% note %}
If you don't have a GPG key that matches your committer identity, you need to associate an email with an existing key. For more information, see "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)".
{% endnote %}
If you have multiple GPG keys, you need to tell Git which one to use.
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
{{ site.data.reusables.gpg.list-keys-with-note }}
{{ site.data.reusables.gpg.copy-gpg-key-id }}
{{ site.data.reusables.gpg.paste-gpg-key-id }}
1. If you aren't using the GPG suite, paste the text below to add the GPG key to your bash profile:
```shell
$ test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile
$ echo 'export GPG_TTY=$(tty)' >> ~/.profile
```
{% note %}
**Note:** If you don't have `.bash_profile`, this command adds your GPG key to `.profile`.
{% endnote %}
{{ site.data.reusables.gpg.x-509-key }}
{% endmac %}
{% windows %}
### Telling Git about your GPG key
If you're using a GPG key that matches your committer identity and your verified email address associated with your {{ site.data.variables.product.product_name }} account, then you can begin signing commits and signing tags.
{% note %}
If you don't have a GPG key that matches your committer identity, you need to associate an email with an existing key. For more information, see "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)".
{% endnote %}
If you have multiple GPG keys, you need to tell Git which one to use.
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
{{ site.data.reusables.gpg.list-keys-with-note }}
{{ site.data.reusables.gpg.copy-gpg-key-id }}
{{ site.data.reusables.gpg.paste-gpg-key-id }}
{{ site.data.reusables.gpg.x-509-key }}
{% endwindows %}
{% linux %}
{% note %}
**Note:** X.509 keys are not supported on Linux. You can configure gpgsm to provide encryption and signing services, however, this is not currently supported by {{ site.data.variables.product.product_name }}. For more information, see the [gpgsm](https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPGSM.html) topic in the GnuPG documentation.
{% endnote %}
### Telling Git about your GPG key
If you're using a GPG key that matches your committer identity and your verified email address associated with your {{ site.data.variables.product.product_name }} account, then you can begin signing commits and signing tags.
{% note %}
If you don't have a GPG key that matches your committer identity, you need to associate an email with an existing key. For more information, see "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)".
{% endnote %}
If you have multiple GPG keys, you need to tell Git which one to use.
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
{{ site.data.reusables.gpg.list-keys-with-note }}
{{ site.data.reusables.gpg.copy-gpg-key-id }}
{{ site.data.reusables.gpg.paste-gpg-key-id }}
1. To add your GPG key to your bash profile, paste the text below:
```shell
$ test -r ~/.bash_profile && echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile
$ echo 'export GPG_TTY=$(tty)' >> ~/.profile
```
{% note %}
**Note:** If you don't have `.bash_profile`, this command adds your GPG key to `.profile`.
{% endnote %}
{% endlinux %}
### Further reading
- "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
- "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
- "[Using a verified email address in your GPG key](/articles/using-a-verified-email-address-in-your-gpg-key)"
- "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
- "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
- "[Signing commits](/articles/signing-commits)"
- "[Signing tags](/articles/signing-tags)"

61
content/github/authenticating-to-github/testing-your-ssh-connection.md Normal file
View File

@@ -0,0 +1,61 @@
---
title: Testing your SSH connection
intro: 'After you''ve set up your SSH key and added it to your {{ site.data.variables.product.product_name }} account, you can test your connection.'
redirect_from:
- /articles/testing-your-ssh-connection
versions:
free-pro-team: '*'
enterprise-server: '*'
---
Before testing your SSH connection, you should have:
- [Checked for existing SSH keys](/articles/checking-for-existing-ssh-keys)
- [Generated a new SSH key](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)
- [Added a new SSH key to your GitHub account](/articles/adding-a-new-ssh-key-to-your-github-account)
When you test your connection, you'll need to authenticate this action using your password, which is the SSH key passphrase you created earlier. For more information on working with SSH key passphrases, see ["Working with SSH key passphrases"](/articles/working-with-ssh-key-passphrases).
{{ site.data.reusables.command_line.open_the_multi_os_terminal }}
2. Enter the following:
```shell
$ ssh -T git@{{ site.data.variables.command_line.codeblock }}
# Attempts to ssh to {{ site.data.variables.product.product_name }}
```
You may see a warning like this:
```shell
> The authenticity of host '{{ site.data.variables.command_line.codeblock }} (IP ADDRESS)' can't be established.
> RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
> Are you sure you want to continue connecting (yes/no)?
```
or like this:
```shell
> The authenticity of host '{{ site.data.variables.command_line.codeblock }} (IP ADDRESS)' can't be established.
> RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
> Are you sure you want to continue connecting (yes/no)?
```
3. Verify that the fingerprint in the message you see matches one of the messages in step 2, then type `yes`:
```shell
> Hi <em>username</em>! You've successfully authenticated, but GitHub does not
> provide shell access.
```
{% linux %}
You may see this error message:
```shell
...
Agent admitted failure to sign using the key.
debug1: No more authentication methods to try.
Permission denied (publickey).
```
This is a known problem with certain Linux distributions. For more information, see ["Error: Agent admitted failure to sign"](/articles/error-agent-admitted-failure-to-sign).
{% endlinux %}
4. Verify that the resulting message contains your username. If you receive a "permission denied" message, see ["Error: Permission denied (publickey)"](/articles/error-permission-denied-publickey).

12
content/github/authenticating-to-github/troubleshooting-commit-signature-verification.md Normal file
View File

@@ -0,0 +1,12 @@
---
title: Troubleshooting commit signature verification
intro: 'You may need to troubleshoot unexpected issues that arise when signing commits locally for verification on {{ site.data.variables.product.product_name }}.'
redirect_from:
- /articles/troubleshooting-gpg/
- /articles/troubleshooting-commit-signature-verification
mapTopic: true
versions:
free-pro-team: '*'
enterprise-server: '*'
---

11
content/github/authenticating-to-github/troubleshooting-ssh.md Normal file
View File

@@ -0,0 +1,11 @@
---
title: Troubleshooting SSH
intro: 'When using SSH to connect and authenticate to {{ site.data.variables.product.product_name }}, you may need to troubleshoot unexpected issues that may arise.'
mapTopic: true
redirect_from:
- /articles/troubleshooting-ssh
versions:
free-pro-team: '*'
enterprise-server: '*'
---

17
content/github/authenticating-to-github/updating-an-expired-gpg-key.md Normal file
View File

@@ -0,0 +1,17 @@
---
title: Updating an expired GPG key
intro: 'When verifying a signature, {{ site.data.variables.product.product_name }} checks that the key is not revoked or expired. If your signing key is revoked or expired, {{ site.data.variables.product.product_name }} cannot verify your signatures. If your key is revoked, use the primary key or another key that is not revoked to sign your commits.'
redirect_from:
- /articles/updating-an-expired-gpg-key
versions:
free-pro-team: '*'
enterprise-server: '*'
---
If your key is expired, you must [update the expiration](https://www.gnupg.org/gph/en/manual/c235.html#AEN328), export the new key, delete the expired key in your GitHub account, and [upload the new key to GitHub](/articles/adding-a-new-gpg-key-to-your-github-account/). Your previous commits and tags will show as verified, as long as the key meets all other verification requirements.
If your key is invalid and you don't use another valid key in your key set, but instead generate a new GPG key with a new set of credentials, then your commits made with the revoked or expired key will continue to show as unverified. Also, your new credentials will not be able to resign or verify your old commits and tags.
### Further reading
- "[About commit signature verification](/articles/about-commit-signature-verification)"

62
content/github/authenticating-to-github/updating-your-github-access-credentials.md Normal file
View File

@@ -0,0 +1,62 @@
---
title: Updating your GitHub access credentials
intro: '{{ site.data.variables.product.product_name }} credentials include not only your password, but also the access tokens, SSH keys, and application API tokens you use to communicate with {{ site.data.variables.product.product_name }}. Should you have the need, you can reset all of these access credentials yourself.'
redirect_from:
- /articles/rolling-your-credentials/
- /articles/how-can-i-reset-my-password/
- /articles/updating-your-github-access-credentials
versions:
free-pro-team: '*'
enterprise-server: '*'
---
### Requesting a new password
1. To request a new password, visit {% if currentVersion == "free-pro-team@latest" %}https://{{ site.data.variables.product.product_url }}/password_reset{% else %}`https://{{ site.data.variables.product.product_url }}/password_reset`{% endif %}.
2. Enter the email address associated with your personal {{ site.data.variables.product.product_name }} account, then click **Send password reset email.** The email will be sent to the backup email address if you have one configured.
![Password reset email request dialog](/assets/images/help/settings/password-recovery-email-request.png)
3. We'll email you a link that will allow you to reset your password. You must click on this link within 3 hours of receiving the email. If you didn't receive an email from us, make sure to check your spam folder.
4. After clicking on the link in your email, you'll be asked to enter a new password.
![Password recovery box](/assets/images/help/settings/password_recovery_page.png)
{% tip %}
To avoid losing your password in the future, we suggest using a secure password manager, like [LastPass](https://lastpass.com/), [1Password](https://1password.com/), or [Keeper](https://keepersecurity.com/).
{% endtip %}
### Changing an existing password
{{ site.data.reusables.repositories.blocked-passwords }}
1. {{ site.data.variables.product.signin_link }} to {{ site.data.variables.product.product_name }}.
{{ site.data.reusables.user_settings.access_settings }}
{%- if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.17" %}
{{ site.data.reusables.user_settings.security }}
{%- else %}
{{ site.data.reusables.user_settings.account_settings }}
{%- endif %}
4. Under "Change password", type your old password, a strong new password, and confirm your new password. For help creating a strong password, see "[Creating a strong password](/articles/creating-a-strong-password)"
5. Click **Update password**.
{% tip %}
For greater security, enable two-factor authentication in addition to changing your password. See [About two-factor authentication](/articles/about-two-factor-authentication) for more details.
{% endtip %}
### Updating your access tokens
See "[Reviewing your authorized integrations](/articles/reviewing-your-authorized-integrations)" for instructions on reviewing and deleting access tokens. To generate new access tokens, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
### Updating your SSH keys
See "[Reviewing your SSH keys](/articles/reviewing-your-ssh-keys)" for instructions on reviewing and deleting SSH keys. To generate and add new SSH keys, see "[Generating an SSH key](/articles/generating-an-ssh-key)."
### Resetting API tokens
If you have any applications registered with {{ site.data.variables.product.product_name }}, you'll want to reset their OAuth tokens. For more information, see the "[Reset an authorization](/rest/reference/apps#reset-an-authorization)" endpoint.
### Preventing unauthorized access
For more tips on securing your account and preventing unauthorized access, see "[Preventing unauthorized access](/articles/preventing-unauthorized-access)."

20
content/github/authenticating-to-github/using-a-verified-email-address-in-your-gpg-key.md Normal file
View File

@@ -0,0 +1,20 @@
---
title: Using a verified email address in your GPG key
intro: 'When verifying a signature, {{ site.data.variables.product.product_name }} checks that the committer or tagger email address matches an email address from the GPG key''s identities and is a verified email address on the user''s account. This ensures that the key belongs to you and that you created the commit or tag.'
redirect_from:
- /articles/using-a-verified-email-address-in-your-gpg-key
versions:
free-pro-team: '*'
enterprise-server: '*'
---
{% if currentVersion == "free-pro-team@latest" %}
If you need to verify your GitHub email address, see "[Verifying your email address](/articles/verifying-your-email-address/)." {% endif %}If you need to update or add an email address to your GPG key, see "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)."
Commits and tags may contain several email addresses. For commits, there is the author — the person who wrote the code — and the committer — the person who added the commit to the tree. When signing a commit with Git, whether it be during a merge, cherry-pick, or normal `git commit`, the committer email address will be yours, even if the author email address isn't. Tags are more simple: The tagger email address is always the user who created the tag.
If you need to change your committer or tagger email address, see "[Setting your commit email address](/articles/setting-your-commit-email-address/)."
### Further reading
- "[About commit signature verification](/articles/about-commit-signature-verification)"

44
content/github/authenticating-to-github/using-ssh-over-the-https-port.md Normal file
View File

@@ -0,0 +1,44 @@
---
title: Using SSH over the HTTPS port
intro: 'Sometimes, firewalls refuse to allow SSH connections entirely. If using [HTTPS cloning with credential caching](/github/using-git/caching-your-github-credentials-in-git) is not an option, you can attempt to clone using an SSH connection made over the HTTPS port. Most firewall rules should allow this, but proxy servers may interfere.'
redirect_from:
- /articles/using-ssh-over-the-https-port
versions:
free-pro-team: '*'
---
{% tip %}
**GitHub Enterprise users**: Accessing GitHub Enterprise via SSH over the HTTPS port is currently not supported.
{% endtip %}
To test if SSH over the HTTPS port is possible, run this SSH command:
```shell
$ ssh -T -p 443 git@ssh.github.com
> Hi <em>username</em>! You've successfully authenticated, but GitHub does not
> provide shell access.
```
If that worked, great! If not, you may need to [follow our troubleshooting guide](/articles/error-permission-denied-publickey).
### Enabling SSH connections over HTTPS
If you are able to SSH into `git@ssh.{{ site.data.variables.command_line.backticks }}` over port 443, you can override your SSH settings to force any connection to {{ site.data.variables.product.product_location }} to run though that server and port.
To set this in your ssh config, edit the file at `~/.ssh/config`, and add this section:
```
Host {{ site.data.variables.command_line.codeblock }}
Hostname ssh.{{ site.data.variables.command_line.codeblock }}
Port 443
```
You can test that this works by connecting once more to {{ site.data.variables.product.product_location }}:
```shell
$ ssh -T git@{{ site.data.variables.command_line.codeblock }}
> Hi <em>username</em>! You've successfully authenticated, but GitHub does not
> provide shell access.
```

27
content/github/authenticating-to-github/viewing-and-managing-your-active-saml-sessions.md Normal file
View File

@@ -0,0 +1,27 @@
---
title: Viewing and managing your active SAML sessions
intro: You can view and revoke your active SAML sessions in your security settings.
redirect_from:
- /articles/viewing-and-managing-your-active-saml-sessions
versions:
free-pro-team: '*'
---
{{ site.data.reusables.user_settings.access_settings }}
{{ site.data.reusables.user_settings.security }}
3. Under "Sessions," you can see your active SAML sessions.
![List of active SAML sessions](/assets/images/help/settings/saml-active-sessions.png)
4. To see the session details, click **See more**.
![Button to open SAML session details](/assets/images/help/settings/saml-expand-session-details.png)
5. To revoke a session, click **Revoke SAML**.
![Button to revoke a SAML session](/assets/images/help/settings/saml-revoke-session.png)
{% note %}
**Note:** When you revoke a session, you remove your SAML authentication to that organization. To access the organization again, you will need to single sign-on through your identity provider. For more information, see "[About authentication with SAML SSO](/github/authenticating-to-github/about-authentication-with-saml-single-sign-on)."
{% endnote %}
### Further reading
- "[About authentication with SAML SSO](/github/authenticating-to-github/about-authentication-with-saml-single-sign-on)"

104
content/github/authenticating-to-github/working-with-ssh-key-passphrases.md Normal file
View File

@@ -0,0 +1,104 @@
---
title: Working with SSH key passphrases
intro: You can secure your SSH keys and configure an authentication agent so that you won't have to reenter your passphrase every time you use your SSH keys.
redirect_from:
- /ssh-key-passphrases/
- /working-with-key-passphrases/
- /articles/working-with-ssh-key-passphrases
versions:
free-pro-team: '*'
enterprise-server: '*'
---
With SSH keys, if someone gains access to your computer, they also gain access to every system that uses that key. To add an extra layer of security, you can add a passphrase to your SSH key. You can use `ssh-agent` to securely save your passphrase so you don't have to reenter it.
### Adding or changing a passphrase
You can change the passphrase for an existing private key without regenerating the keypair by typing the following command:
```shell
$ ssh-keygen -p
# Start the SSH key creation process
> Enter file in which the key is (/Users/<em>you</em>/.ssh/id_rsa): <em>[Hit enter]</em>
> Key has comment '/Users/<em>you</em>/.ssh/id_rsa'
> Enter new passphrase (empty for no passphrase): <em>[Type new passphrase]</em>
> Enter same passphrase again: <em>[One more time for luck]</em>
> Your identification has been saved with the new passphrase.
```
If your key already has a passphrase, you will be prompted to enter it before you can change to a new passphrase.
{% windows %}
### Auto-launching `ssh-agent` on Git for Windows
You can run `ssh-agent` automatically when you open bash or Git shell. Copy the following lines and paste them into your `~/.profile` or `~/.bashrc` file in Git shell:
``` bash
env=~/.ssh/agent.env
agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }
agent_start () {
(umask 077; ssh-agent >| "$env")
. "$env" >| /dev/null ; }
agent_load_env
# agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running
agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)
if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
agent_start
ssh-add
elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
ssh-add
fi
unset env
```
If your private key is not stored in one of the default locations (like `~/.ssh/id_rsa`{% if currentVersion != "free-pro-team@latest" and currentVersion ver_lt "enterprise-server@2.19" %} or `~/.ssh/id_dsa`{% endif %}), you'll need to tell your SSH authentication agent where to find it. To add your key to ssh-agent, type `ssh-add ~/path/to/my_key`. For more information, see "[Generating a new SSH key and adding it to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/)"
{% tip %}
**Tip:** If you want `ssh-agent` to forget your key after some time, you can configure it to do so by running `ssh-add -t <seconds>`.
{% endtip %}
Now, when you first run Git Bash, you are prompted for your passphrase:
```shell
> Initializing new SSH agent...
> succeeded
> Enter passphrase for /c/Users/<em>you</em>/.ssh/id_rsa:
> Identity added: /c/Users/<em>you</em>/.ssh/id_rsa (/c/Users/<em>you</em>/.ssh/id_rsa)
> Welcome to Git (version <em>1.6.0.2-preview20080923</em>)
>
> Run 'git help git' to display the help index.
> Run 'git help <command>' to display help for specific commands.
```
The `ssh-agent` process will continue to run until you log out, shut down your computer, or kill the process.
{% endwindows %}
{% mac %}
### Saving your passphrase in the keychain
On OS X Leopard through OS X El Capitan, these default private key files are handled automatically:
- *.ssh/id_rsa*{% if currentVersion != "free-pro-team@latest" and currentVersion ver_lt "enterprise-server@2.19" %}
- *.ssh/id_dsa*{% endif %}
- *.ssh/identity*
The first time you use your key, you will be prompted to enter your passphrase. If you choose to save the passphrase with your keychain, you won't have to enter it again.
Otherwise, you can store your passphrase in the keychain when you add your key to the ssh-agent. For more information, see "[Adding your SSH key to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent)."
{% endmac %}
### Further reading
- "[About SSH](/articles/about-ssh)"