Chris Bennett writes:
> At the end of August, github will no longer accept passwords. > Months ago, I created a personal access token (PAT). > It then asks about a list of actions that are permitted. > I don't at all understand this list of permissions. > > At the time, none of it made any sense to me. > I couldn't find any instructions in the enormous amount of obtuse > documentation about this. So I didn't worry about it. > > Yesterday, I gave it a try again, getting another PAT. > I spent a few hours trying to get anything out of about 35 pages of > documentation that utterly fails to mention how to use it. > Another set of hours wasted. Ugh. > > I then tried the access keys for .ssh home folder. > This is for using SSH access. > I got two files: id_ed25519 and id_ed25519.pub > As per the instructions, I tried with these and they failed to work. > The troubleshooting pages for these are essentially worthless. > > So next I tried the community forums. > Besides the advice to read the above pages, I found one post saying to > use the PAT in place of the password. That also failed. It did not fail > for the user making the post. > > Tons of developers are using github, so there must be a simple answer, right? > Or is github full of users still using passwords for now? > > I just put up stuff on github that both I and other users will need to > access. > > I would deeply appreciate someone helping me with this. On or off-list. > > FWIW, I'm not willing to use 2FA over my phone. If my phone breaks and I > don't have the money to buy another one, no access. Text 2FA is not > secure. I also may go to Guatemala after this date. I will have to buy > another phone there to get any access. Maybe I'm shooting myself in the > foot over this or maybe Microsoft is doing it. I use phone + offline codes as a backup. I have yet to see a site that doesn't display the raw secret (base32 encoded usually) alongside the QR code. You can use any number of tools to produce the OTP: oathtool, gopass, pass (with pass-otp). I encrypt the secrets with age and use this script to decrypt / generate an OTP: https://github.com/qbit/dotconf/blob/master/bin/rage I can't speak to the PAT stuff. Do you have a link where github is talking about all this github-not-taking-passwords stuff? > > If I can't figure this out, then I'll just use plain git on one of my > servers and drop using github. I'm good either way. > > Sorry for so much TL;DR; > > Chris Bennett