Accessing Github After Deprecation of Password Authentication

On December 2020, Github announced:

Beginning August 13, 2021, we will no longer accept account passwords when authenticating Git operations on GitHub.com

As a consequence, For developers, if you are using a password to authenticate Git operations with GitHub.com today, you must begin using a personal access token over HTTPS (recommended) or SSH key by August 13, 2021, to avoid disruption.

In this post, I will sum up the different changes in configuration and workflows that this change implied depending on the working environment

Personal Environment

Simply register your personal SSH public key via Settings/SSH and GPG keys.

Then clone the repository with the SSH URL like

> git clone git@github.com:stac47/stac47.github.io.git

For the repositories already cloned, you can change the remote URL:

> get remote set-url origin git@github.com:stac47/stac47.github.io.git

If you don't want to do this last operation on all your local repositories, you can set git so that it will force the SSH usage.

> git config --global url."git@github.com:".insteadOf "https://github.com/"

Working Environment

In a constrained environment like a company, you can face the following issues: - the firewall rules does not allow outgoing traffic through port 22: in this case, you can SSH over HTTPS port (443) - some machines can be isolated from the internet network: in that case, you can create SSH tunnel to github.com

SSH over the HTTPS Port

This section assumes the machine your logged in has HTTPS access to https://github.com, but the firewall rules prevent your from accessing port 22.

The trick is to configure the SSH client so that it will use port 443 instead of the default one (22) for a given URL. So for github.com, you can edit ~/.ssh/config (create it if need be) and write in it:

Host github.com
  Hostname ssh.github.com
  Port 443

Official help: Help

SSH Tunneling

Provided that the machine isolated.mycompany.com is on a network which cannot access internet, and a machine connected.mycompany.com that can connect Github site through HTTPS port, you can run a tunnel isolated to github.com through the connected machine. (I used the entry port 8022 because I am not root on that machine neither)

On the machine isolated.mycompany.com, first create the tunnel:

> ssh -fN -L 8022:ssh.github.com:443 me@connected.mycompany.com

As in the previous section, configure the SSH client to change the Github endpoint to automatically use the tunnel:

Host github.com
  Hostname localhost
  Port 8022

Note that the tips to change the repository URL described in section Personal Environment also apply.

Conclusion

The help pages of Github are very well done. In case, you need to trouble shoot your connectivity, you can follow the troubleshooting guide.

Emacs 29.4 (Org mode 9.6.15)

Validate