If you just tried to push or pull from GitHub inside WSL (Windows Subsystem for Linux) and got hit with this:
Remote: Invalid username or token
Password authentication is not supported for git operations
…don’t worry. You haven’t broken anything. This is one of the most common errors developers run into when setting up Git in WSL for the first time — or after switching to a new machine.
Table of Contents
This post explains exactly why this happens and gives you the cleanest, most permanent fix.
Why Does This Error Happen?
A long time ago, GitHub allowed you to log in with your GitHub username and password directly in the terminal when pushing or pulling code. Simple and familiar.
In August 2021, GitHub removed that option entirely. If you try to authenticate with a username and password today, GitHub rejects it outright — which is exactly what this error message is telling you.
The reason is security. Passwords are weak authentication for automated systems. GitHub now requires one of two modern methods instead:
- Personal Access Token (PAT) — a token that acts like a password but is more secure and controllable
- SSH Key — a cryptographic key pair that proves your identity without any password at all
For WSL specifically, SSH keys are the cleanest and most developer-friendly solution. Once set up, you never have to think about authentication again. But we’ll cover both methods so you can pick what works for you.
Method 1: SSH Key Authentication (Recommended)
This is the best long-term solution. After a one-time setup, every git push and git pull just works — no tokens, no passwords, nothing.
Step 1: Check if You Already Have an SSH Key
Open your WSL terminal and run:
ls ~/.ssh
If you see files named id_rsa and id_rsa.pub, or id_ed25519 and id_ed25519.pub, you already have a key pair. You can skip to Step 3.
If the folder is empty or doesn’t exist, continue to Step 2.
Step 2: Generate a New SSH Key
Run this command, replacing the email with your GitHub email address:
ssh-keygen -t ed25519 -C "your_email@example.com"
You’ll see a few prompts:
Enter file in which to save the key (/home/yourname/.ssh/id_ed25519):
Just press Enter to accept the default location.
Enter passphrase (empty for no passphrase):
You can press Enter for no passphrase (fine for personal machines), or set one for extra security.
Once done, you’ll have two files:
~/.ssh/id_ed25519— your private key (never share this)~/.ssh/id_ed25519.pub— your public key (this is what you give to GitHub)
Step 3: Start the SSH Agent and Add Your Key
Run these two commands:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
You should see something like Agent pid 1234 and then Identity added.
Step 4: Copy Your Public Key
cat ~/.ssh/id_ed25519.pub
This prints your public key to the terminal. It looks something like:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... your_email@example.com
Select and copy the entire line.
Step 5: Add the Key to Your GitHub Account
- Go to github.com and log in
- Click your profile picture → Settings
- In the left sidebar, click SSH and GPG keys
- Click New SSH key
- Give it a title (e.g., “WSL Ubuntu”)
- Paste your public key into the “Key” field
- Click Add SSH key
Step 6: Test the Connection
Back in WSL, run:
ssh -T git@github.com
You might see a prompt asking if you trust the host — type yes and press Enter.
If everything worked, you’ll see:
Hi yourusername! You've successfully authenticated, but GitHub does not provide shell access.
That message is normal and means it’s working perfectly.
Step 7: Update Your Remote URL to Use SSH
If you already have a repository cloned, there’s one more thing to fix. Your existing remote URL probably still uses HTTPS (the format that requires a password). You need to switch it to SSH.
Check your current remote:
git remote -v
If it shows something like:
origin https://github.com/yourusername/your-repo.git (fetch)
origin https://github.com/yourusername/your-repo.git (push)
Update it to SSH format:
git remote set-url origin git@github.com:yourusername/your-repo.git
Now try pushing:
git push
It should work without asking for any credentials.
For new repos going forward, always clone using the SSH URL. On GitHub, when you click the green “Code” button, choose the SSH tab and copy that URL — it starts with
git@github.com:instead ofhttps://.
Method 2: Personal Access Token (PAT)
If you’d rather stick with HTTPS instead of SSH, you can use a Personal Access Token. Think of it as a replacement password that GitHub actually accepts.
Step 1: Generate a Personal Access Token on GitHub
- Go to github.com → Settings
- Scroll down to Developer settings in the left sidebar
- Click Personal access tokens → Tokens (classic)
- Click Generate new token → Generate new token (classic)
- Give it a name (e.g., “WSL Git Access”)
- Set an expiration (90 days is reasonable — or “No expiration” for permanent)
- Under Select scopes, check repo (this gives full access to your repositories)
- Click Generate token
Copy the token immediately — GitHub only shows it once. If you lose it, you’ll need to generate a new one.
Step 2: Use the Token When Git Asks for a Password
Next time you push or pull, Git will ask for your credentials:
Username: your_github_username
Password: [paste your token here — NOT your GitHub password]
Step 3: Save the Token So You Don’t Have to Paste It Every Time
Typing your token every single push would be painful. Use Git’s credential helper to store it:
git config --global credential.helper store
Then do one push/pull with your token. Git will save it to ~/.git-credentials and you won’t be asked again.
Note:
credential.helper storesaves your token in plain text on disk. This is fine for a personal machine. If you’re on a shared or work machine, considercredential.helper cacheinstead, which keeps it in memory temporarily.
Which Method Should You Use?
| SSH Key | Personal Access Token | |
|---|---|---|
| Setup effort | Medium (one-time) | Easy |
| Long-term convenience | Excellent — fully automatic | Good (with credential store) |
| Security | Very strong | Strong |
| Works if token expires | N/A | Need to regenerate token |
| Best for | Personal dev machines | CI/CD, scripts, quick setup |
For daily development on your own machine, SSH is the better choice. Set it up once, forget about it forever.
Bonus: Make SSH Work Automatically Every Time You Open WSL
One annoying thing about WSL is that the SSH agent doesn’t always start automatically when you open a new terminal. If you find yourself having to run eval "$(ssh-agent -s)" and ssh-add every time, add this to your ~/.bashrc or ~/.zshrc:
# Auto-start SSH agent in WSL
if [ -z "$SSH_AUTH_SOCK" ]; then
eval "$(ssh-agent -s)" > /dev/null
ssh-add ~/.ssh/id_ed25519 2>/dev/null
fi
Save the file, then run:
source ~/.bashrc
Now every time you open a new WSL terminal, the SSH agent starts automatically and your key is loaded. Git authentication just works.
Troubleshooting Common Issues
“Permission denied (publickey)”
This means GitHub isn’t accepting your SSH key. Double-check:
- Did you add the public key (
.pubfile) to GitHub — not the private key? - Run
ssh-add -lto confirm your key is loaded in the agent - Run
ssh -vT git@github.comfor verbose output that shows exactly where the handshake is failing
“Could not open a connection to your authentication agent”
The SSH agent isn’t running. Start it with:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
Git still asking for username and password after switching to SSH
Your remote URL is still set to HTTPS. Run this to confirm:
git remote -v
If it shows https://, switch it to SSH:
git remote set-url origin git@github.com:yourusername/your-repo.git
Token expired (PAT method)
If you set an expiration on your token and it’s expired, Git will start failing with authentication errors again. Go to GitHub → Settings → Developer settings → Personal access tokens, and generate a new one. Then update your stored credentials:
# Remove old stored credentials
git credential reject <<EOF
protocol=https
host=github.com
EOF
# Next git push/pull will prompt you for the new token
Quick Recap
The error password authentication is not supported for git operations means GitHub no longer accepts plain passwords. Here’s the fix at a glance:
SSH method (recommended):
ssh-keygen -t ed25519 -C "your@email.com"ssh-add ~/.ssh/id_ed25519- Copy
~/.ssh/id_ed25519.pub→ paste into GitHub Settings → SSH Keys git remote set-url origin git@github.com:username/repo.git
PAT method:
- Generate a token on GitHub (Settings → Developer settings → Tokens)
- Use the token as your password when Git prompts you
git config --global credential.helper storeto save it
That’s it. Once you’ve done either of these, the error is gone for good.
If this helped you, share it with someone who’s stuck on the same error. And if you’re still running into issues after following these steps, drop a comment with the exact error message and I’ll help you debug it.