this post was submitted on 16 Sep 2025
483 points (98.6% liked)

Programmer Humor

26372 readers
1101 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
anzo@programming.dev
Feyter@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
483
GitHub auth (lemmy.world)
submitted 20 hours ago by skepller@lemmy.world to c/programmer_humor@programming.dev
30 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] RustyNova@lemmy.world 98 points 19 hours ago (16 children)

I kinda hate the push towards passkeys. If you have two factor Auth, going to passkeys makes you go back to 1 factor, aka less secured.

There's also more and more 2FA fatigue attacks going on, and they can affect passkeys too, and if you don't have a 2FA that involves the user writing a code on the 2FA device, passkeys could be quite possibly worse than passwords

[–] ramjambamalam@lemmy.ca 52 points 18 hours ago (6 children)

I think this post is about git CLI, not www.github.com.

SSH keys are very secure and you can still encrypt them with a password if you wish.

[–] jonjuan@programming.dev 29 points 16 hours ago (3 children)

encrypt them with a password if you wish.

SSH keys without passphrases are just fancy credential files sitting in your .ssh/ directory, basically like writing your passwords on paper and leaving it in your desk drawer.

[–] tauonite@lemmy.world 4 points 11 hours ago

TIL some people store SSH keys unencrypted

[–] Sasquatch@lemmy.ml 11 points 16 hours ago (2 children)

Yeah, but who wants to type in a password everytime they push/pull?

[–] LedgeDrop@lemmy.zip 21 points 16 hours ago

Take a look at ssh-agent. It's bundled with ssh-client and designed to solve this problem.

The quick usage is, create a terminal and run:

eval `ssh-agent`
ssh-add /path/to/your/encrypted/key1
#type in password
ssh-add /path/to/your/encrypted/key2
... 

# all commands in this terminal will use the keys above w/o asking you for a password 
git clone git@githib.com...
git push... 
etc

So, basically you type your credentials once during the life cycle of your terminal.

If you really want to go full power-user, simple run ssh-agent (without the eval) and you'll see it just sets some env-vars, which can be imported into any terminal/shell you have open.

So, if you put some logic in your shells rc file, you can effectively share a single ash-agent between all your shells, meaning you just need to type your password for your keys once when you log into your system... and your now passwordless for any future terminals you create (this is my setup).

Also, if you're interested take a peek at the man pages for ash-agent. It has a few interesting features (ie: adding a password lock for your agent, removing keys from the agent, etc).

[–] ulterno@programming.dev -2 points 15 hours ago

I do it.
Every time.

And I keep a wired keyboard for it.

[–] ThunderQueen@lemmy.world 5 points 16 hours ago

I had mine on paper for years before i learned about Keepass. I trusted it more than a cloud based manager because someone would have to physically be in my room.

I am a lot more careful these days but that is not beyond the pale for a lot of folks haha

load more comments (2 replies)
load more comments (11 replies)