Day 22 of my learning coding experience! It was all going well until, after August 13, I hit a snag with Git doing pushes. I was in the Git Rebase lesson on amigoscode.com, when the problem became apparent, and it confirmed my suspicions that I had either set up my SSH keys incorrectly, or there was a conflict maybe with GitHub Desktop on my PC. Mm, not good. So I couldn't go on with the lesson. Nothing at all wrong with the lesson - the problem was my PC, and for a newbie like me, it was confusing. Yes, I was confused. "This is where many people give up", I said to myself.

Not one to be easily discouraged, I researched again, and looked back over my notes. I had created keys with "ssh-keygen -O" and this struck me as being a possible cause. We will see.

I checked my email and found a mail dated 8 August which after greeting me said:

You recently used a password to access the repository at StephenPeoples/learning-git with git using >git/2.32.0.windows.2.

github.blog/2020-12-15-token-authentication.. for more >information around suggested workarounds and removal dates.

Thanks, The GitHub Team

Clicking on that link brought me to a message from Matthew Langlois informing me that GitHub requires:

the use of token-based authentication (for example, a personal access, OAuth, or GitHub App installation token) for all authenticated Git operations. Beginning August 13, 2021, we will no longer accept account passwords when authenticating Git operations on GitHub.com.

Command line Git access was affected, it went on to say, though GitHub Desktop was not affected, probably because they trusted it more than they trust oiks like me connecting via Git Bash. Now I have GitHub Desktop, but Nelson on amigoscode (on his Git and GitHub Essentials course) was teaching me how to do everything via Git, and I admit I was enjoying myself as it made me feel a bit more professional, and I am sure that it is no use avoiding command line work if you want to do other stuff like OAuth and build React projects, keeping in mind my goal of working on xAPI web apps.

Now I blogged before today on this password thing, where Git was asking me for email and password for certain operations, so I was prepared to go back to square one to solve the problem. But before anything else, I needed to understand every word in the email and Matthew's kind advice dated December 15th 2020.

First of all, I did NOT like the sound of a "workaround". I prefer to resolve the problem. Workarounds seem like a stop-gap or temporary solution ( a 'hack'?), so "token-based authentication" seems like the answer, surely. And I need a "personal access token". Matthew continues:

You may also continue using SSH keys where you prefer.

But Matthew, surely I AM using SSH keys, but I can't continue! There's more from Matthew:

What you need to do today

For developers, if you are using a password to authenticate Git operations with GitHub.com today, you must begin using a personal access token over HTTPS (recommended) or SSH key by August 13, 2021, to avoid disruption. If you receive a warning that you are using an outdated third-party integration, you should update your client to the latest version.

Well, I WAS using SSH keys, which I had set up when?

git> $ls -as ~/.ssh tells me it was 31 st July 2021 when I created the public and private keys using

ssh-keygen.

I had an .ssh folder right there in users/myname with rsa, rsa.pub and known_hosts files in it. All normal. The rsa file was the one I had pasted into GitHub, and when I test my connection with GitHub, using: $ssh -T git@github.com I see the expected message of: "Hi! You've successfully authenticated, but GitHub does not provide shell access." So, in one sense it is working. But still no cigar from GitHub regarding my git command line access, for certain operations.

I even checked the contents of known_hosts against the GitHub's public key: $ssh-keyscan -t rsa github.com gives me a nice hash to compare with the text in known_hosts, and yes they match. By the way, this checking of SSH server key fingerprints business is something I intend to keep on doing, as it's a security check that is recommended ( or compulsory!).

So, yes I have made a few in-roads into my problem, and checked a few obvious things. I intend to start all over again though, and delete the keys I have so far created and create some more using

$ssh-keygen -t ed25519 -C "me@myemail.com"

but not before checking exactly what I am doing first!