I thought I had set up SSH authentication, but apparently not

Back in May, I set up SSH for 2 factor authentication on Github, or so I thought, by following the instructions at Connecting to GitHub with SSH - GitHub Docs , i.e. by running (with personal information replaced by “####”):
ssh-keygen -t rsa -b 4096 -C "####@####"
(and following the prompts)
pbcopy < ~/.ssh/id_rsa.pub
and now with the newly created public key on my clipboard, I followed the instructions at Adding a new SSH key to your GitHub account - GitHub Docs

I then tested it was working:

ssh -T git@github.com
The authenticity of host 'github.com (13.237.44.5)' can't be established.
RSA key fingerprint is ####
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added 'github.com,13.237.44.5' (RSA) to the list of known hosts.
Hi ####! You've successfully authenticated, but GitHub does not provide shell access.

So I thought that meant 2-factor authentication was set up?

Then yesterday evening, as I always do, I pushed today’s changes with the command:
git push -u origin main
… and I immediately received the following email from github:

You recently used a password to access the repository at ####/#### with git using git/2.24.2 (Apple Git-127). Basic authentication using a password to Git is deprecated and will soon no longer work…

So finally, my questions: what have I done wrong? Why am I still authenticating using a password rather than ssh? What do I need to change?

Each git repository remembers the method to retrieve it at the time of cloning.

https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository-from-github/cloning-a-repository#cloning-a-repository-using-the-command-line

Depending on how much you care about your repository, you could re-clone it (go to the repository, click the clone button, click the ssh button, copy the link, git clone <paste>.

Technically, you can just edit your repository’s .git/config file and replace the url field for the remote with the ssh flavor.

You can use the git command to change the url (replace <paste> with the thing you copied from above).

git remote set-url origin <paste>
2 Likes

Practically, @github should improve their email notification.

It should give you a command to fix your repository:

If the #########/##### repository is your default origin, you can change to ssh using the following:

git remote set-url origin git@github.com:########/#######.git

Ha ha, so much for my attempted anonymity, when I posted the text of the email from github. It’s not a big deal, but the repository is still set to private, would you be able to edit that in your reply?

But thank you. Running git remote set-url changed my .git/config so I assume it is all good now.

The bigger problem to me seems to be not the email, but the original instructions. As far as I can see, (a) I followed the instructions at Connecting to GitHub with SSH - GitHub Docs to the letter, and (b) those instructions have nothing about modifying .git/config or running git remote set-url

1 Like

I’ve edited out the repository details.

2 Likes

Sorry. I noted the repository was private, but the name didn’t seem particularly harmful, so I included it.

As to the docs, unfortunately, they’re generic.

There are two use cases for the doc:

  1. Initial setup – you’re a brand new GitHub user with 0 repositories and 0 clones.
    In this case, the docs are complete.

  2. Migration – you’re an existing GitHub user with repositories and existing clones.
    In this case, the docs are woefully inadequate, as they land you precisely where you landed.
    – You have my sympathies, but, I’m not sure I have the energy to politely file a ticket against the docs. As is, I file quite a few, and it feels like pulling teeth.
    – I’d absolutely encourage someone to file a bug against the docs.

For reference, there’s even a page that covers it:
https://docs.github.com/en/github/getting-started-with-github/getting-started-with-git/managing-remote-repositories#changing-a-remote-repositorys-url

So, really, it’s just a matter of them adding a cross link to it.

if you could see if that doc is good, and comment on it, that’d help of everyone else (pretend that you haven’t already learned how to fix it).