Sorry, your browser cannot access this site
This page requires browser support (enable) JavaScript
Learn more >

原创文章,转载注明出处!

1.问题背景-background

如果你在七夕(没错就是2021年8月14日)的这一天去访问了全球最大的同性交友网站又刚好去更新提交代码或者你创建了一个新的仓库送给自己又刚好想把这个仓库送给github,你就刚好会遇到这个问题:remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
大概意思就是你原先的密码凭证从2021年8月13日开始就不能用了,必须使用个人访问令牌(personal access token),就是把你的密码替换成token!

滚!我tm懒得弄!

This is a picture without description

Github 官方解释

We described our motivation as we announced similar changes to authenticating with the API as follows:

In recent years, GitHub customers have benefited from a number of security enhancements to GitHub.com, such as two-factor authentication, sign-in alerts, verified devices, preventing the use of compromised passwords, and WebAuthn support. These features make it more difficult for an attacker to take a password that’s been reused across multiple websites and use it to try to gain access to your GitHub account. Despite these improvements, for historical reasons customers without two-factor authentication enabled have been able to continue to authenticate Git and API operations using only their GitHub username and password.

Beginning August 13, 2021, we will no longer accept account passwords when authenticating Git operations and will require the use of token-based authentication, such as a personal access token (for developers) or an OAuth or GitHub App installation token (for integrators) for all authenticated Git operations on GitHub.com. You may also continue using SSH keys where you prefer.

Tokens offer a number of security benefits over password-based authentication:

1.Unique – tokens are specific to GitHub and can be generated per use or per device

2.Revocable – tokens can can be individually revoked at any time without needing to update unaffected credentials

3.Limited – tokens can be narrowly scoped to allow only the access necessary for the use case

4.Random – tokens are not subject to the types of dictionary or brute force attempts that simpler passwords that you need to remember or enter regularly might be

大概意思就是:为了保证各位程序员的账户安全,我们已于2021年7月14日禁止大家在git及第三方应用上通过密码授权GitHub。以后将使用token令牌代替密码。
(话说能活跃在全球最大同性交友网站的程序猿能有什么秘密值得如此加密。。。)

2.什么是token令牌?

token令牌相当于在第三方接口代替你密码的一个玩意,有点像强密码。但是,token令牌并不是只能有唯一一个的。你可以拥有多个令牌,给不同的第三方接口不同的令牌,而每个令牌都被赋予了不同的权限和使用期限。也就是说,在令牌没赋予的权利将不会给第三方接口和git。当然,token令牌在你设定的期限之后,对应的第三方接口和git就需要你重新给一个令牌,否则也无法使用。令牌也可以随时更改权限和删除。

3.如何申请token令牌?

登陆你的GitHub(注意,在github.com登录你的账户时还是用你的密码,不是令牌) 点击头像。随后点击settings。

This is a picture without description

往下拉,你会在左侧看到一个Developer settings。点击它。

This is a picture without description

左侧有Personal access tokens。点击它。

This is a picture without description

点击右侧generate new token。

This is a picture without description

Note是你令牌的名称(不是令牌密码),随便填一个。

expiration是令牌有效期限。No expiration代表永久令牌。

下面是选择相应的权限。一般就选择repo 和delete_repo,其他按需勾选。

拉到最下面,点击generate token,随后跳出来一个界面,有一串绿底字符串即为你的token令牌。

This is a picture without description

警告!!在这里你一定要将其复制并保存好!建议新建一个txt文件将令牌放入其中!因为这个令牌只会出现一次,你关闭了这个网页,以后GitHub就再也不会告诉你这个令牌了!妥善保管!(妥善保管!两情若是久长时,又岂在朝朝暮暮?)

返回刚才的界面,你可以查看已经创建的token和给予的权限与有效期。你可以随时更改,管理,删除它们(但是不会显示该令牌)。

This is a picture without description

随后回到你的git或第三方接口,账号还是输入你的username(用户名),password就输入你复制的令牌。随后登陆就成功了。

果然,全球最大的同性交流网站不是吹的,大七夕节非得找个伴侣,它要过七夕谁也拦不住呀!

评论