GitHub Passwordless Setup
Complete guide to setting up passwordless authentication for GitHub using SSH keys and Personal Access Tokens (PAT). Once configured, you'll never need to enter passwords for Git operations or GitHub CLI commands.
Verified Working:
- - ✅ macOS 10.15+ (tested on 14.4)
- ✅ Linux (Ubuntu, Debian, Fedora, Arch)
- ✅ Windows (WSL2, Git Bash)
🎯 What This Solves
Before:
- - ❌ Type password every time you push/pull
- ❌ GitHub CLI requires re-authentication
- ❌ Tokens expire and break workflows
- ❌ HTTPS URLs need credentials repeatedly
After:
- - ✅ Zero-password Git operations (push/pull/clone)
- ✅ Zero-password repository creation
- ✅ Zero-password issue/PR management
- ✅ Persistent authentication (no expiration)
🚀 Quick Setup
One-line automated setup:
CODEBLOCK0
Or follow the manual steps below.
📋 Manual Setup
Part 1: SSH Key Configuration
SSH keys enable password-free Git operations (push/pull/clone).
Step 1: Check for Existing SSH Keys
CODEBLOCK1
If you see id_ed25519.pub or id_rsa.pub, you already have a key. Skip to Step 3.
Step 2: Generate New SSH Key
Recommended: ED25519 (most secure)
CODEBLOCK2
Or RSA (if ED25519 not supported):
CODEBLOCK3
During generation:
- - Press Enter for default location (
~/.ssh/id_ed25519) - Enter passphrase (optional but recommended)
- macOS will save passphrase to Keychain
Step 3: Copy Public Key
CODEBLOCK4
Step 4: Add Key to GitHub
- 1. Visit: https://github.com/settings/ssh/new
- Title: �INLINECODE3
- Key type: �INLINECODE4
- Key: Paste your public key
- Click Add SSH key
Step 5: Test SSH Connection
CODEBLOCK5
Expected output:
�CODEBLOCK6
Part 2: GitHub Personal Access Token
PAT enables password-free GitHub CLI operations (create repos, manage issues/PRs).
Step 1: Generate Token
Visit: https://github.com/settings/tokens/new
Configuration:
- - Note:
OpenClaw CLI Token (or any description) - Expiration:
No expiration (or 90 days) - Select scopes:
- ✅
repo (all sub-scopes)
- ✅
workflow (if using GitHub Actions)
- ✅
delete_repo (if you need to delete repositories)
- ✅
admin:org (if managing organizations)
Click Generate token and copy it immediately (shown only once!).
Format: �INLINECODE7
Step 2: Install GitHub CLI
macOS:
�CODEBLOCK7
Linux (Debian/Ubuntu):
�CODEBLOCK8
Other Linux:
See: https://github.com/cli/cli/blob/trunk/docs/install_linux.md
Step 3: Configure Token
CODEBLOCK9
Step 4: Set Git Protocol to SSH
CODEBLOCK10
This ensures gh commands use SSH (not HTTPS) for Git operations.
Part 3: Verification
Verify SSH Configuration
CODEBLOCK11
Verify GitHub CLI
CODEBLOCK12
Verify Complete Workflow
CODEBLOCK13
All operations should complete without prompting for passwords.
🔄 Convert Existing Repos to SSH
If you have existing repositories using HTTPS URLs:
CODEBLOCK14
Batch convert all repos in a directory:
CODEBLOCK15
🛠️ Automated Setup Script
Save this as setup.sh:
CODEBLOCK16
Make it executable and run:
CODEBLOCK17
🔍 Troubleshooting
SSH Issues
Problem: "Permission denied (publickey)"
CODEBLOCK18
Problem: "Host key verification failed"
CODEBLOCK19
GitHub CLI Issues
Problem: "Requires authentication"
CODEBLOCK20
Problem: "Token scopes insufficient"
Create a new token with broader scopes:
- - Visit: https://github.com/settings/tokens
- Delete old token
- Create new with
repo, workflow, �INLINECODE12
General Issues
Check Configuration Files:
CODEBLOCK21
🔒 Security Best Practices
SSH Keys
- 1. Use ED25519 (more secure than RSA)
- Set a passphrase (optional but recommended)
- Use ssh-agent (macOS Keychain, gnome-keyring)
- Never share private keys (
id_ed25519 - no .pub) - Revoke compromised keys immediately at https://github.com/settings/keys
Personal Access Tokens
- 1. Minimum scopes needed (don't select all)
- Set expiration (90 days for security, or no expiration for convenience)
- Revoke unused tokens at https://github.com/settings/tokens
- Never commit tokens to repositories
- Rotate regularly (every 90 days recommended)
📚 Advanced Configuration
SSH Config File
Create ~/.ssh/config for custom settings:
CODEBLOCK22
Multiple GitHub Accounts
CODEBLOCK23
Clone with specific account:
�CODEBLOCK24
Git Aliases
Add to ~/.gitconfig:
CODEBLOCK25
🌐 Environment Variables
Optional environment variables for automation:
CODEBLOCK26
Add to your shell profile (~/.bashrc, ~/.zshrc):
CODEBLOCK27
🔄 Maintenance
Update SSH Key
CODEBLOCK28
Rotate GitHub Token
CODEBLOCK29
📊 Comparison: HTTPS vs SSH
| Feature | HTTPS | SSH |
|---|
| Authentication | Username + Token | SSH Key |
| Password needed |
Every operation | Never |
|
Setup complexity | Low | Medium |
|
Security | Good | Excellent |
|
Corporate firewalls | Usually allowed | Sometimes blocked |
|
Recommendation | Beginners | Daily use |
🎯 Common Workflows
Create New Project
CODEBLOCK30
Clone Private Repo
CODEBLOCK31
Manage Issues
CODEBLOCK32
🤝 Contributing
Found an issue or improvement? Pull requests welcome!
📄 License
MIT License
🔗 Related Links
Made with ❤️ for developers who value automationGitHub 免密码设置
使用SSH密钥和个人访问令牌(PAT)为GitHub配置免密码认证的完整指南。配置完成后,您将无需为Git操作或GitHub CLI命令输入密码。
已验证环境:
- - ✅ macOS 10.15+(已在14.4上测试)
- ✅ Linux(Ubuntu、Debian、Fedora、Arch)
- ✅ Windows(WSL2、Git Bash)
🎯 解决的问题
配置前:
- - ❌ 每次推送/拉取都需要输入密码
- ❌ GitHub CLI需要重新认证
- ❌ 令牌过期导致工作流程中断
- ❌ HTTPS URL需要重复输入凭据
配置后:
- - ✅ Git操作零密码(推送/拉取/克隆)
- ✅ 仓库创建零密码
- ✅ Issue/PR管理零密码
- ✅ 持久认证(无过期)
🚀 快速设置
一键自动化设置:
bash
curl -fsSL https://raw.githubusercontent.com/happydog-intj/github-passwordless-setup/master/setup.sh | bash
或按照以下手动步骤操作。
📋 手动设置
第一部分:SSH密钥配置
SSH密钥可实现免密码Git操作(推送/拉取/克隆)。
步骤1:检查现有SSH密钥
bash
ls -la ~/.ssh/*.pub
如果看到ided25519.pub或idrsa.pub,说明已有密钥。请跳至步骤3。
步骤2:生成新SSH密钥
推荐:ED25519(最安全)
bash
ssh-keygen -t ed25519 -C your-email@example.com
或RSA(如果不支持ED25519):
bash
ssh-keygen -t rsa -b 4096 -C your-email@example.com
生成过程中:
- - 按Enter键使用默认位置(~/.ssh/id_ed25519)
- 输入密码短语(可选但推荐)
- macOS会将密码短语保存到钥匙串
步骤3:复制公钥
bash
macOS
cat ~/.ssh/id_ed25519.pub | pbcopy
Linux(xclip)
cat ~/.ssh/id_ed25519.pub | xclip -selection clipboard
Linux(xsel)
cat ~/.ssh/id_ed25519.pub | xsel --clipboard
或直接显示并手动复制
cat ~/.ssh/id_ed25519.pub
步骤4:将密钥添加到GitHub
- 1. 访问:https://github.com/settings/ssh/new
- 标题:您的计算机名称(macOS/Linux)
- 密钥类型:认证密钥
- 密钥:粘贴您的公钥
- 点击添加SSH密钥
步骤5:测试SSH连接
bash
ssh -T git@github.com
预期输出:
Hi username! Youve successfully authenticated, but GitHub does not provide shell access.
第二部分:GitHub个人访问令牌
PAT可实现免密码GitHub CLI操作(创建仓库、管理Issue/PR)。
步骤1:生成令牌
访问:https://github.com/settings/tokens/new
配置:
- - 备注:OpenClaw CLI Token(或任何描述)
- 过期时间:无过期(或90天)
- 选择作用域:
- ✅
repo(所有子作用域)
- ✅
workflow(如果使用GitHub Actions)
- ✅
delete_repo(如果需要删除仓库)
- ✅
admin:org(如果管理组织)
点击生成令牌并立即复制(仅显示一次!)。
格式:ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
步骤2:安装GitHub CLI
macOS:
bash
brew install gh
Linux(Debian/Ubuntu):
bash
type -p curl >/dev/null || (sudo apt update && sudo apt install curl -y)
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg
echo deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
sudo apt update
sudo apt install gh -y
其他Linux:
参见:https://github.com/cli/cli/blob/trunk/docs/install_linux.md
步骤3:配置令牌
bash
方法1:交互式(按提示粘贴)
gh auth login --with-token
然后粘贴您的令牌并按Enter键
方法2:单行命令(替换YOUR_TOKEN)
echo ghp
YOURTOKEN_HERE | gh auth login --with-token
步骤4:设置Git协议为SSH
bash
gh config set git_protocol ssh
这确保gh命令使用SSH(而非HTTPS)进行Git操作。
第三部分:验证
验证SSH配置
bash
测试SSH连接
ssh -T git@github.com
预期:Hi username! Youve successfully authenticated...
验证GitHub CLI
bash
检查认证状态
gh auth status
预期:✓ Logged in to github.com account username
测试API访问
gh api user --jq .login
预期:your-username
验证完整工作流程
bash
测试创建仓库(将创建并删除)
gh repo create test-auth-$(date +%s) --public --description Test \
&& echo ✅ 创建:成功 \
&& gh repo delete $(gh repo list --limit 1 --json name --jq .[0].name) --yes \
&& echo ✅ 删除:成功
所有操作应无需提示输入密码即可完成。
🔄 将现有仓库转换为SSH
如果您有使用HTTPS URL的现有仓库:
bash
检查当前远程
git remote -v
如果显示 https://github.com/...
转换为SSH
git remote set-url origin git@github.com:username/repo.git
验证
git remote -v
应显示:git@github.com:username/repo.git
批量转换目录中的所有仓库:
bash
find . -name .git -type d | while read gitdir; do
cd $gitdir/..
if git remote get-url origin 2>/dev/null | grep -q https://github.com; then
REPO=$(git remote get-url origin | sed s|https://github.com/|git@github.com:|)
git remote set-url origin $REPO
echo ✅ 已转换:$(pwd)
fi
cd - > /dev/null
done
🛠️ 自动化设置脚本
保存为setup.sh:
bash
#!/bin/bash
set -e
echo 🔐 GitHub免密码设置
echo ============================
echo
检查现有SSH密钥
if [ -f ~/.ssh/id_ed25519.pub ]; then
echo ✅ SSH密钥已存在
SSH
KEY=$(cat ~/.ssh/ided25519.pub)
elif [ -f ~/.ssh/id_rsa.pub ]; then
echo ✅ SSH密钥已存在(RSA)
SSH
KEY=$(cat ~/.ssh/idrsa.pub)
else
echo 📝 正在生成新的ED25519 SSH密钥...
ssh-keygen -t ed25519 -C $(whoami)@$(hostname) -f ~/.ssh/id_ed25519 -N
SSH
KEY=$(cat ~/.ssh/ided25519.pub)
echo ✅ SSH密钥已生成
fi
echo
echo 🔑 您的公钥SSH:
echo ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
echo $SSH_KEY
echo ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
echo
echo 📋 后续步骤:
echo 1. 复制上面的密钥
echo 2. 访问:https://github.com/settings/ssh/new
echo 3. 粘贴密钥并保存
echo 4. 返回并按Enter键继续
read -p 将密钥添加到GitHub后按Enter键...
测试SSH
echo
echo 🧪 正在测试SSH连接...
if ssh -T git@github.com 2>&1 | grep -q successfully authenticated; then
