GitHub password access deprecated – switching to Deploy Keys

Have you received such an email yet?

Hi @dulare,

You recently used a password to access the repository at dulare/SampleRepo with git using git/2.29.2.

Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.

Thanks,
The GitHub Team

This means that you have to take care of your access method – you will have to adjust the configuration of your repository. This can be local repo on your computer or a repository stored on the server. The method I provide below is not the simplest one but gives you the ability to access multiple repositories on the same machine. We will do this using Deploy Keys.

Generate SSH access keys

The first step is to generate a separate access key for each repository. Theoretically, you can use the same key for all of them, but they have to be stored on separate GitHub accounts. On the same account, one key can be used in one repository only.

The SSH key generation is simple as running the following command:

ssh-keygen -t rsa -f ~/.ssh/rsa_my_first_repo

Remember to skip the passphrase creation if you don’t want to secure the key with the password. For the second repo, you simply change the name of the key (the file in which the key is stored):

ssh-keygen -t rsa -f ~/.ssh/rsa_my_second_repo

Once you have keys for all your repositories, you should create a config file to store the information about them. This is the source of information for SSH that is called by Git behind the scenes. So, create or edit the config file. The file should be located in the “.ssh” directory in your home directory (in other words, in: “~/.ssh/”). The fine name is “config”. Place the following configuration inside:

# ~/.ssh/config

Host my_first_repo
HostName github.com
User git
IdentityFile ~/.ssh/rsa_my_first_repo

Host my_second_repo
HostName github.com
User git
IdentityFile ~/.ssh/rsa_my_second_repo

As you can see, we created two configurations – one for each of the repositories. Now we can copy keys to the GitHub repositories.

Copy deploy keys to the GitHub repositories

First, you should display the key contents. Here is the command for the first repository:

cat ~/.ssh/rsa_my_first_repo.pub

Please note that we used the name with the “.pub” extension. The “ssh-keygen” tool generates two keys – public and private. Private is the one that stays on your computer. The public is the one that is placed in the GitHub Deploy Keys configuration. The above command displays the contents of the public key. Copy the whole key. It should look like this:

It looks like multiple lines, but in fact, it is a single line of text. Copy it to the clipboard and open GitHub. Go to your repository and click “Settings”:

Once in Settings, click “Deploy keys”:

On the Deploy keys page, click “Add deploy key”:

Now, in the form, set the key title (friendly name), paste contents of the public key, check the “Allow write access” checkbox, and click “Add key”.

Your key is now added:

You can now proceed with the configuration of the remotes on your local repo. Return to the homepage of your repository on GitHub, click Code, switch to SSH, and copy the link to your repository.

Back on the local repo…

Return to the place where your first repo is located. You can now add your new remote. Here is the command to execute:

git remote add originSSH my_first_repo:dulare/CookieScript.git

Please note one important thing: the “git@github.com” is changed to “my_first_repo”. Why? Remember the configuration we created? We defined that “my_first_repo” server means “git@github.com” with the usage of “rsa_my_first_repo” key. Now we are using this configuration! Without this adjustment, your access will not work.

Once this is configured, you can push, fetch and pull from the GitHub repository without password:

git push originSSH my_branch
git pull originSSH other_branch

Once you finished with your first repository, repeat the steps for the second one: copy the deploy key to GitHub and configure the new remote. Of course, if you wish, you can remove the “old origin” and create a new one in the same place.

Leave a Reply

Your email address will not be published. Required fields are marked *