github.com Password Access Deprecation

Mike Ray

2021-01-29 14:56

Beginning on the 13th of August 2021 password access to github.com will be deprecated.

This means that git operations from the command-line, and elsewhere, will no longer work.

So operations such as:

git push origin master

Will fail.

There are a number of ways in which github will accept authentication, but I have chosen to use an SSH key. I can then push from the command line easily.

This post will explain how to use an SSH key to provide authentication.

Generating an SSH Public/Private Key Pair

To generate an SSH key pair, do the following:

ssh-keygen -t ed25519 -C "yourname@example.com"

Replace the bogus example email address in the command with your email address.

If you are working on a legacy system which does not generate ed25519 keys, do it like this:

ssh-keygen -t rsa -C "yourname@example.com"

In both cases, enter a passphrase. You will be asked to repeat it to make sure it is the same both times.

Then open the PUBLIC key, the one called either id_ed25519.pub or id_rsa.pub in your favourite text-editor and copy the contents of the file into your paste buffer.

IMPORTANT: Make quite sure it is the public key, not the private one with no extension.

Go to github.com, open the settings page for your user, go to the 'SSH and PGP Keys' page and click 'Add new Key'.

You can enter a description into the description field, and then paste the contents of your paste buffer into the multi-line text box.

Note that the names I have given to the pages you need to get to may not be exactly correct, but it will get you there.

I put the name of my Ubuntu host into the description field.

Changing the URL of a Cloned Repository

When you have one of your code repositories cloned to your local machine, you can reconfigure the URL of that repository, so that github no longer asks for a password, but instead will ask you for the pass-phrase of your key. The one you generated above and then pasted the contents of the public part into github.

Reconfigure the URL of a repository called 'repository' like this:

git remote set-url origin git@github.com:username/repository.git

Obviously replacing the bogus user name and repository name in the above command.

Now, when you do something like this:

git push origin master

You will be asked for the pass-phrase of the key and not your original github.com user password.

This is far more secure than using a password that you may have used for multiple sites.

It is possible to add more than one key to github.com, if you need access from more than one host.