メニュー
GitHub auth setup: HTTPS tokens, SSH keys, gh CLI login.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | github-auth |
| description | GitHub auth setup: HTTPS tokens, SSH keys, gh CLI login. |
| version | 1.1.0 |
| author | Hermes Agent |
| license | MIT |
| platforms | ["linux","macos","windows"] |
| metadata | {"hermes":{"tags":["GitHub","Authentication","Git","gh-cli","SSH","Setup"],"related_skills":["github-pr-workflow","github-code-review","github-issues","github-repo-management"]}} |
This skill sets up authentication so the agent can work with GitHub repositories, PRs, issues, and CI. It covers two paths:
git (always available) — uses HTTPS personal access tokens or SSH keysgh CLI (if installed) — richer GitHub API access with a simpler auth flowWhen a user asks you to work with GitHub, run this check first:
# Check what's available
git --version
gh --version 2>/dev/null || echo "gh not installed"
# Check if already authenticated
gh auth status 2>/dev/null || echo "gh not authenticated"
git config --global credential.helper 2>/dev/null || echo "no git credential helper"
Decision tree:
gh auth status shows authenticated → you're good, use gh for everythinggh is installed but not authenticated → use "gh auth" method belowgh is not installed → use "git-only" method below (no sudo needed)This works on any machine with git installed. No root access needed.
This is the most portable method — works everywhere, no SSH config needed.
Step 1: Create a personal access token
Tell the user to go to: https://github.com/settings/tokens
repo (full repository access — read, write, push, PRs)workflow (trigger and manage GitHub Actions)read:org (if working with organization repos)Step 2: Configure git to store the token
# Set up the credential helper to cache credentials
# "store" saves to ~/.git-credentials in plaintext (simple, persistent)
git config --global credential.helper store
# Now do a test operation that triggers auth — git will prompt for credentials
# Username: <their-github-username>
# Password: <paste the personal access token, NOT their GitHub password>
git ls-remote https://github.com/<their-username>/<any-repo>.git
After entering credentials once, they're saved and reused for all future operations.
Alternative: cache helper (credentials expire from memory)
# Cache in memory for 8 hours (28800 seconds) instead of saving to disk
git config --global credential.helper 'cache --timeout=28800'
Alternative: set the token directly in the remote URL (per-repo)
# Embed token in the remote URL (avoids credential prompts entirely)
git remote set-url origin https://<username>:<token>@github.com/<owner>/<repo>.git
Step 3: Configure git identity
# Required for commits — set name and email
git config --global user.name "Their Name"
git config --global user.email "their-email@example.com"
Step 4: Verify
# Test push access (this should work without any prompts now)
git ls-remote https://github.com/<their-username>/<any-repo>.git
# Verify identity
git config --global user.name
git config --global user.email
Good for users who prefer SSH or already have keys set up.
Step 1: Check for existing SSH keys
ls -la ~/.ssh/id_*.pub 2>/dev/null || echo "No SSH keys found"
Step 2: Generate a key if needed
# Generate an ed25519 key (modern, secure, fast)
ssh-keygen -t ed25519 -C "their-email@example.com" -f ~/.ssh/id_ed25519 -N ""
# Display the public key for them to add to GitHub
cat ~/.ssh/id_ed25519.pub
Tell the user to add the public key at: https://github.com/settings/keys
Step 3: Test the connection
ssh -T git@github.com
# Expected: "Hi <username>! You've successfully authenticated..."
Step 4: Configure git to use SSH for GitHub
# Rewrite HTTPS GitHub URLs to SSH automatically
git config --global url."git@github.com:".insteadOf "https://github.com/"
Step 5: Configure git identity
git config --global user.name "Their Name"
git config --global user.email "their-email@example.com"
If gh is installed, it handles both API access and git credentials in one step.
gh auth login
# Select: GitHub.com
# Select: HTTPS
# Authenticate via browser
echo "<THEIR_TOKEN>" | gh auth login --with-token
# Set up git credentials through gh
gh auth setup-git
gh auth status
When gh is not available, you can still access the full GitHub API using curl with a personal access token. This is how the other GitHub skills implement their fallbacks.
# Option 1: Export as env var (preferred — keeps it out of commands)
export GITHUB_TOKEN="<token>"
# Then use in curl calls:
curl -s -H "Authorization: token $GITHUB_TOKEN" \
https://api.github.com/user
If git credentials are already configured (via credential.helper store), the token can be extracted:
# Read from git credential store
grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|'
Use this pattern at the start of any GitHub workflow:
# Try gh first, fall back to git + curl
if command -v gh &>/dev/null && gh auth status &>/dev/null; then
echo "AUTH_METHOD=gh"
elif [ -n "$GITHUB_TOKEN" ]; then
echo "AUTH_METHOD=curl"
elif [ -f ~/.hermes/.env ] && grep -q "^GITHUB_TOKEN=" ~/.hermes/.env; then
export GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" ~/.hermes/.env | head -1 | cut -d= -f2 | tr -d '\n\r')
echo "AUTH_METHOD=curl"
elif grep -q "github.com" ~/.git-credentials 2>/dev/null; then
export GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|')
echo "AUTH_METHOD=curl"
else
echo "AUTH_METHOD=none"
echo "Need to set up authentication first"
fi
See
references/credentials.mdfor extraction patterns and test commands. Seereferences/force-push-api.mdfor bypassing git push timeouts via GitHub REST API.
| Problem | Solution |
|---|---|
git push asks for password | GitHub disabled password auth. Use a personal access token as the password, or switch to SSH |
remote: Permission to X denied | Token may lack repo scope — regenerate with correct scopes |
fatal: Authentication failed | Cached credentials may be stale — run git credential reject then re-authenticate |
ssh: connect to host github.com port 22: Connection refused | Try SSH over HTTPS port: add Host github.com with Port 443 and Hostname ssh.github.com to ~/.ssh/config |
| Credentials not persisting | Check git config --global credential.helper — must be store or cache |
| Multiple GitHub accounts | Use SSH with different keys per host alias in ~/.ssh/config, or per-repo credential URLs |
gh: command not found + no sudo | Use git-only Method 1 above — no installation needed |
When Marco provides a GitHub PAT directly, store it immediately to ~/.git-credentials:
echo "https://<TOKEN>@github.com" > ~/.git-credentials
chmod 600 ~/.git-credentials
git config --global credential.helper store
git config --global user.name "Marco Olivero"
git config --global user.email "marco.olivero.dev@gmail.com"
Bitwarden fallback: If Bitwarden vault is locked/expired and Marco can't unlock, use the direct token he provides and store to ~/.git-credentials. Don't block on BW — use what Marco gives you.
User preference: Marco approves commands in bulk — run multiple commands in sequence without pausing for approval. The security scan pipe-to-interpreter warning is expected for bw | python3 patterns.
See
references/credentials.mdfor extraction patterns and test commands.
Diagnose and fix Hermes messaging gateway connectivity issues (Telegram/Discord down, stale locks, PM2 problems)
Backup Hermes agent to GitHub and restore on a new VPS. Covers what to include/exclude, GitHub token requirements, and restore steps. Includes automated scripts.
Clone, create, fork, configure, and manage GitHub repositories. Manage remotes, secrets, releases, and workflows. Works with gh CLI or falls back to git + GitHub REST API via curl.
Fetch YouTube video transcripts and transform them into structured content (chapters, summaries, threads, blog posts). Use when the user shares a YouTube URL or video link, asks to summarize a video, requests a transcript, or wants to extract and reformat content from any YouTube video.
Manage Linear issues, projects, and teams via the GraphQL API. Create, update, search, and organize issues. Uses API key auth (no OAuth needed). All operations via curl — no dependencies.
Give Hermes phone capabilities without core tool changes. Provision and persist a Twilio number, send and receive SMS/MMS, make direct calls, and place AI-driven outbound calls through Bland.ai or Vapi.