These instructions explain how to clone a private GitHub repository from a remote server, such as a university Linux server or HPC login node.
GitHub no longer lets you use your normal GitHub password for command-line Git operations over HTTPS. Instead, when Git asks for a password, you use a personal access token, often abbreviated PAT.
Useful GitHub documentation:
- Managing your personal access tokens
- Caching your GitHub credentials in Git
- About authentication to GitHub
Open a terminal on your own computer.
Log in to the remote server with ssh:
ssh your_username@server_addressFor example:
ssh jstudent@mycluster.university.eduAfter logging in, you should see a command prompt on the remote server.
Run:
git --versionYou should see something like:
git version 2.43.0
If you see:
git: command not found
then Git is not installed or not available in your current environment.
On a university cluster, Git may be available through the module system. Try:
module avail gitIf you see a Git module, load it:
module load gitThen try again:
git --versionThis tells Git who is making commits. It does not log you in to GitHub.
Run:
git config --global user.name "Your Name"
git config --global user.email "your.email@university.edu"For example:
git config --global user.name "Jane Student"
git config --global user.email "jane-student@uiowa.edu"Check that it worked:
git config --global --listYou should see entries like:
user.name=Jane Student
user.email=jane-student@uiowa.edu
Do this part in a web browser on your own computer, not necessarily on the remote server.
- Go to GitHub and log in.
- Click your profile picture in the upper right.
- Click Settings.
- Scroll down the left sidebar and click Developer settings.
- Click Personal access tokens.
- Choose Fine-grained tokens.
- Click Generate new token.
Use settings like these:
Token name:
remote-server-git-access
Expiration:
Choose an expiration date, for example 90 days or 1 year.
Resource owner:
Choose the account or organization that owns the repository.
Repository access:
Choose "Only select repositories", then select the private repository you need.
Permissions:
Repository permissions → Contents → Read-only
For cloning a private repository, the important permission is usually:
Contents: Read-only
If you also need to push changes back to GitHub, you may need:
Contents: Read and write
For cloning only, use read-only access. It is safer.
Then click:
Generate token
Copy the token immediately and store it somewhere secure, such as a password manager.
A token is like a password. Do not email it, post it in Slack, save it in a shared file, or paste it into a script.
Go back to your terminal connected to the remote server.
Choose where you want the repository to live. For example:
mkdir -p ~/projects
cd ~/projectsNow clone the repository using the HTTPS URL.
The HTTPS clone URL looks like this:
git clone https://github.com/OWNER/REPOSITORY.gitFor example:
git clone https://github.com/thegomeslab/private-repo.gitGit will ask for your GitHub username and password:
Username for 'https://github.com':
Password for 'https://your_username@github.com':
Enter your GitHub username for the username.
For the password, do not enter your normal GitHub password. Paste the personal access token instead.
The token will not visibly appear as you paste it. That is normal. Press Enter.
If it works, you should see something like:
Cloning into 'private-repo'...
remote: Enumerating objects: ...
Receiving objects: 100% ...
Resolving deltas: 100% ...
Then enter the repository:
cd private-repoCheck that it worked:
ls
git statusDo not do this:
git clone https://YOUR_TOKEN@github.com/OWNER/REPOSITORY.gitThat can save the token in your shell history or logs.
Instead, use:
git clone https://github.com/OWNER/REPOSITORY.gitThen paste the token only when Git asks for the password.
Without credential caching, Git may ask for your username and token each time you clone, pull, or push.
On many remote Linux systems, a simple temporary cache is enough.
For a 1-hour cache:
git config --global credential.helper 'cache --timeout=3600'For an 8-hour cache:
git config --global credential.helper 'cache --timeout=28800'Check your credential helper:
git config --global credential.helperYou should see something like:
cache --timeout=28800
A more permanent option is Git Credential Manager, but it may not be installed on shared university servers.
After cloning, run:
git pullIf everything is set up correctly, Git should either update the repository or say:
Already up to date.
You may see:
remote: Repository not found.
fatal: Authentication failed
Check:
- Did you type the repository owner and name correctly?
- Does your GitHub account have access to the private repository?
- Did your token include access to this repository?
- Did you select the correct Resource owner when making the token?
This usually means you typed your normal GitHub password instead of your token.
Try again and paste the personal access token when Git asks for the password.
Some GitHub organizations require approval or single sign-on authorization for tokens.
Go back to:
GitHub → Settings → Developer settings → Personal access tokens
Find your token and look for any organization approval or SSO authorization options.
If the token expired, create a new token and try again.
This is normal if you selected an expiration date when creating the token.
Git may have cached an old token or password.
You can temporarily disable caching:
git config --global --unset credential.helperThen try cloning or pulling again:
git pullGit should prompt for your username and token again.
Once the repository is cloned, the usual workflow is:
cd ~/projects/private-repo
git pullEdit files as needed.
Check what changed:
git statusIf you are allowed to push changes:
git add filename.py
git commit -m "Describe the change"
git pushFor pushing changes, the token may need Contents: Read and write instead of read-only. For cloning only, read-only is safer.
Treat your token like a password.
Do not:
- share it with another person
- paste it into a public issue, pull request, Slack message, or email
- save it in a repository
- put it directly into a
git clonecommand - put it inside a Python, Bash, Slurm, or SGE script
Do:
- give the token the smallest permissions needed
- limit it to only the repositories needed
- set an expiration date
- delete and recreate the token if you think it was exposed
Set Git identity:
git config --global user.name "Your Name"
git config --global user.email "your.email@university.edu"Clone a private repository:
git clone https://github.com/OWNER/REPOSITORY.gitMove into the repository:
cd REPOSITORYCheck repository status:
git statusPull the latest changes:
git pullSet temporary credential caching for 8 hours:
git config --global credential.helper 'cache --timeout=28800'Remove credential caching:
git config --global --unset credential.helper