Authentication Failed For GitHub | Quick Error Fixes

Seeing authentication failed for github during a push, pull, or clone often feels sudden. The message appears, the command stops, and nothing in your project changed. In practice, the error points to a short list of issues that you can clear with a few checks at home.

What This GitHub Authentication Error Means

When Git prints this GitHub authentication error, GitHub refused the login data your client sent. That happens with HTTPS or SSH and includes cases such as wrong tokens, missing SSH keys, or blocked access to a private repository.

For HTTPS, GitHub now expects tokens instead of account passwords for Git operations. Since August 2021, basic password login over HTTPS no longer works for pushes, pulls, or clones that need authentication.^source GitHub accepts personal access tokens, OAuth tokens, and fine grained tokens for this path.

For SSH, GitHub checks the public keys stored on your profile against the keys offered by your client. If the keys are missing, mismatched, or blocked by your agent, you see errors such as Permission denied (publickey) or a plain authentication failure message.^source

The fix is to line up three things: the protocol you use, the credentials or keys on your machine, and the entries saved on GitHub.

Common Reasons Authentication Failed For GitHub Appears

Most error messages fall into a few patterns. Read the full text in your terminal and match it to one of these causes.

• Password Instead Of Token — Git still sends your account password over HTTPS even though GitHub now requires a personal access token.
• Expired Or Revoked Token — a token passed its expiry date or lost scopes, so GitHub rejects it.
• Wrong Remote URL — the remote points to a different host, owner, or fork than you expect.
• SSH Keys Not Linked — the public keys are missing from your GitHub profile or the agent never loads the private keys.
• Stored Credentials Out Of Date — a helper keeps sending an old password or token.
• Two Factor Or SSO Rules — your token or keys are not approved for a private organization or SAML setup.

This table maps common messages to likely causes and a first fix.

Fix GitHub Authentication Over HTTPS With Personal Access Tokens

GitHub now treats personal access tokens as the main way to authenticate Git over HTTPS. You create a token once in your account settings, then paste it in whenever Git asks for a password.

Create A Token With The Right Scopes

GitHub offers classic tokens and fine grained tokens. Fine grained tokens can target single repositories with narrow scopes, while classic tokens rely on broad scopes such as repo that span all repositories you can access.^source

1. Open GitHub Settings — sign in on the site, click your avatar, then choose Settings and open the developer settings area.
2. Generate A New Token — pick either a fine grained token for a few repositories or a classic token when you need broader access.
3. Set Expiration And Scopes — choose a short lifetime when possible, and select scopes you need such as repo for repository access.
4. Copy The Token Once — store it in a password manager; GitHub only shows the full token at creation time.

If the token matches the repositories you work with, it can replace old passwords for Git operations in that area of your account.

Use The Token As Your HTTPS Password

Once you have a token, you can fix the HTTPS error by using that token anywhere Git expects a password.

1. Update The Remote If Needed — run git remote -v and confirm the URL uses https://github.com/username/repo.git or the correct host.
2. Trigger A Fresh Login — run git fetch or git push so Git prompts for a username and password.
3. Enter Your Username — type your GitHub login name when asked for the username.
4. Paste The Token As Password — paste the personal access token string into the password prompt and press enter.

If the token scopes and repository access line up, the push or fetch completes without the previous authentication failure message on any later session.

Update Stored Credentials On Your System

Many setups keep credentials through helpers such as Git Credential Manager on Windows or Keychain Access on macOS.^source When those helpers hold an old password or token, Git never asks for new data and the error repeats.

• On Windows — open Credential Manager, search for entries that mention GitHub, then remove or update them with the new token.
• On macOS — open Keychain Access, search for github.com, then edit or delete the internet password entry.
• On Linux — check your global Git config with git config --global credential.helper; clear stored entries or adjust the helper configuration.

Fix SSH Based Authentication For GitHub

SSH keys replace repeated passwords with a keypair stored on your device and the matching public keys stored on GitHub. Once this link is in place, push and pull commands work without manual prompts.

Generate And Add SSH Keys

You can use ssh-keygen to create a new keypair for GitHub on any platform.^source

1. Create A New SSH Keypair — run ssh-keygen -t ed25519 -C "your_email@example.com" and accept the default file path, then set a passphrase for the keys.
2. Start The SSH Agent — use eval "$(ssh-agent -s)" on macOS or Linux, or ensure the Windows SSH agent service is running.
3. Add The Private Keys To The Agent — run ssh-add ~/.ssh/id_ed25519 or the path you chose.
4. Copy And Add The Public Keys — print them with cat ~/.ssh/id_ed25519.pub, then paste the full line into the SSH keys section of your account settings.

Test And Repair SSH Connections

Before you switch your repository remote to SSH, test direct SSH access to GitHub.

1. Test With Ssh Command — run ssh -T [email protected]; you should see a greeting asking you to confirm login.
2. Check For Permission Denied — if you see Permission denied (publickey), your keys are missing, not loaded, or not linked to the account yet.^source
3. Confirm The Right SSH Keys File — pass -i with the keys path if you keep multiple keys, or adjust your SSH config to match the GitHub host block.
4. Switch The Remote To SSH — update your repository with git remote set-url origin [email protected]:owner/repo.git once SSH works.

Clean Up Stored Credentials On Different Platforms

Stale or conflicting credentials cause many stubborn authentication errors. You might rotate tokens and set up SSH keys, yet still run into problems because an old entry in a helper feeds Git the wrong secret. These steps stay short, simple, and easy to repeat later.

Where Git Stores Credentials

Git uses helpers to store credentials so you do not type them for every push. The helper in use depends on your operating system and Git configuration.^source

• Windows — Git often relies on Git Credential Manager, which stores entries in the Windows credential vault.
• macOS — the credential helper ties into the system keychain, listed under internet passwords for the Git host.
• Linux — helpers can cache items in memory, keep them in plain text files, or use secret stores such as libsecret backends.

Steps To Remove Old Entries

1. List The Helper — run git config --show-origin --get credential.helper to see both the helper name and which config file set it.
2. Open The Matching Tool — launch Windows Credential Manager, Keychain Access, or your Linux secret store panel.
3. Search For GitHub Entries — filter entries by github.com or the enterprise host name used by your remote.
4. Remove Or Update Items — delete entries that still hold passwords, or edit them so the password field matches your active token.
5. Retry The Git Command — run git fetch or git push so Git prompts and saves fresh data.

Handle Two Factor Login And Organization SSO

Modern GitHub accounts often use two factor login and live inside organizations that enforce SSO. These access rules can block a token that looks fine on the surface, so the error appears only for some repositories.

Check Two Factor And Device Flow

If your account uses two factor login, personal access tokens still work as a separate secret.

• Confirm You Can Sign In On The Web — log in through the browser and pass any two factor challenge.
• Review Active Tokens — open the tokens page and confirm that the token you use is still active and within its lifetime.
• Create A Fresh Token If Needed — short lived tokens created after policy changes are less likely to fail.

Reauthorize Organization Access

Some organizations require SSO or SAML links for tokens and SSH keys. In that case, a token might work for your personal repositories but fail for private organization repositories with an authentication message.

• Open Organization Settings — under your profile, pick the organization, then check the security page for pending approvals.
• Reauthorize Your Token — if GitHub shows a prompt to grant the token access to that organization, follow the link and connect it.
• Check SSH Keys Access — some setups need SSH keys verified against the organization; confirm any prompts and retry the SSH test command.

Final Checks When Authentication Still Fails

At this stage you have token based HTTPS, working SSH keys, and clean helpers, yet the error still appears on Git commands.

• Confirm The Remote Host And Path — run git remote -v and verify that the host name, owner, and repository path match the project you expect.
• Test With Verbose Flags — add GIT_TRACE=1 GIT_CURL_VERBOSE=1 ahead of your Git command to see more detail about how the client talks to GitHub.
• Try The Other Protocol — if HTTPS fails in your current network, switch a test clone to SSH, or the other way around, and see which path works.
• Check Network Filters Or Proxies — corporate firewalls or proxies can rewrite traffic or block ports that Git uses.
• Test From A Different Machine — a clean Git setup on another device can show whether the problem lives in your current machine, your account, or the network.

Once you match the right protocol, token or SSH access, helper, and account rules, Git pushes and pulls run smoothly again and the error message stops appearing during daily work for you today.

Send us your feedbackTell us what you thought about this post

Name * Email *

Your comment *

Quick check — what is …? *

Send feedback