Switching RStudio project to SSH authentication

Question

OK, I am stumped. For the past couple of months, I have been getting stern messages occasionally from GitHub warning me that I committed my R package using password authentication, and that will be going away. Fine. So I'd love to switch; but...

I looked at various help files. I have gotten R to generate an RSA key. I have copied that key to my GitHub account. I have run ssh-add. After all this, I push an update and find that my SSH key info on GitHub still says it has never been used.

I seemed to find something helpful here. I in fact verified that my remote origin comes out as https://github.com/rvlenth.git which indicates that it's still set up for password authentication. So I did what was suggested there to remove that origin. It suggests looking for something (shown in a little picture) that would give me the new link, but I can't find it on my repository. It looks like it should be git@github.com:rvlenth/emmeans, so, like a fool, I ran git remote add origin git@github.com:rvlenth/emmeans.

It seemed to accept that, but now the pull and push buttons in my RStudio interface are grayed out. I tried to revert back to the https setup, and am still grayed-out.

What do I do to get this to work? I'm feeling under duress because GitHub's going to shut me down if I can't figure out how to do this.

Update

OK, I found the green button and copied the URL it gives for SSH authentication. I also created a new key, typing-in my GitHub password in the process, and copied the public key to GitHub. I have an email from GitHub confirming that. It still fails. In fact, I tried just creating a new project and it wouldn't even work for that:

>>> C:/Program Files/Git/bin/git.exe clone --progress git@github.com:rvlenth/emmeans.git emmeans
Cloning into 'emmeans'...
ssh: connect to host github.com port 22: Connection timed out
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Update 2

This is what I get after following up on @torek's suggestion

$ ssh -Tvvv git@github.com
OpenSSH_8.4p1, OpenSSL 1.1.1i  8 Dec 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/c/Users/rlenth/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/c/Users/rlenth/.ssh/known_hosts2'
debug2: resolving "github.com" port 22
debug2: ssh_connect_direct
debug1: Connecting to github.com [140.82.112.4] port 22.
debug1: connect to address 140.82.112.4 port 22: Connection timed out
ssh: connect to host github.com port 22: Connection timed out

So it looks like I have a pretty new version of ssh (apparently from having reinstalled the latest version of git)

Earlier, I had done:

$ ls -l ~/.ssh
total 5
-rw-r--r-- 1 rlenth 197121 1766 Mar  3 16:05 id_rsa
-rw-r--r-- 1 rlenth 197121  400 Mar  3 16:05 id_rsa.pub

$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /c/Users/rlenth/.ssh/id_rsa:
Identity added: /c/Users/rlenth/.ssh/id_rsa (/c/Users/rlenth/.ssh/id_rsa)

... and I entered the passphrase for my GitHib account. It looks like my home directory is being resolved correctly. Do I need to create a known_hosts file or something?

Update 3

Since update 2, I have done:

Adding a password and including the .bashrc file recommended in GitHub's help files for setting up SSH
Re-started git bash, and lucky me, now I have to type a password
Generated a new key using the Ed25519 protocol; also added this using ssh-add and copied to my GitHub site

With all these changes, I still get a timeout when I do ssh -Tvvv git@github.com. So I also tried (with no luck testing any of these)

Running the Cisco VPN app, which is supposed to make it look like I'm on campus
Adding ssh.exe to the list of apps allowed by Windows defender Firewall
Temporarily disabling the firewall completely (that was scary...)

Is there anybody out there who has successfully set up SSH authentication with Windows? I really need your help!

Update 4

I gave up on getting SSH to work. Instead, I followed GitHub's instructions for creating a personal access token. That seems to work, so far. Either that, or it's still using my password and I'll get another blaming e-mail about it. Time will tell -- but I am at least back up and running.

Update n

After changing a firewall setting in my router (allow peer-to-peer apps), I am now able to authenticate via SSH. Finally. For those who may be interested, the router in question is the one provided by Mediacom: Technicolor TC8305C.

If you actually typed `git@github.com/rvlenth/emmeans` as the destination for your remote, you're missing a `:` and you have too many `/`: `git@github.com:rvlenth/emmeans`. If you visit your repository in a browser, click on the big green "CODE" button, then select "ssh" you can just copy that value. — larsks, Mar 03 '21 at 21:29
You're right. That is what I tried, with the colon as shown in my corrected question. That was a typo in my question but what I tried did in fact have the colon there. — Russ Lenth, Mar 03 '21 at 21:36
Thanks for telling me about the green button. It turns out there should be a .git at the end. Still, it didn't work. In fact, I tried creating a new project from that URL, and it couldn't find it. I wonder, do I need to use my GitHub password when I create the RSA key? — Russ Lenth, Mar 03 '21 at 21:48
Yeah, the `.git` is optional. If it didn't work without it, it wouldn't work with it. — larsks, Mar 03 '21 at 21:50
Git literally runs ssh. If you have only one version of ssh installed on your computer, then, when *you* run ssh, you'll get the same one: so try `ssh -Tvvv git@github.com` to see ssh attempt to negotiate with GitHub's authentication. If you have more than one ssh installed, figure out which one your Git uses, and use that one with the `ssh -Tv` stuff. — torek, Mar 04 '21 at 02:29
@torek - Thanks. I tried this and added "Update 2" to my posting. It seems to find github.com, but can't connect. — Russ Lenth, Mar 04 '21 at 15:43
OK, the timeout suggests that you have some networking issue (e.g., a firewall somewhere) blocking access to port 22. I checked `140.82.112.4`: it is one of GitHub's load-balancer front-end IP addresses, so that part is correct. The next step for me would be to do some packet tracing, to see where the SYN packet is going and what happens after that. The VPN might change the routing for the SYN packet but given that it doesn't work either way, perhaps the VPN doesn't change the routing, or the problem happens earlier than that. — torek, Mar 05 '21 at 00:25
Unfortunately, this is getting deep into Windows-specific TCP stuff, and I don't use Windows. (Well, I have used it a few times when forced to, but never had to delve into how to to packet tracing *on* Windows, plus this was well before Windows 10.) So I don't know *how* to do the next few parts. It's curious that turning off a firewall didn't help, but I know nothing of what networking providers you're using either. — torek, Mar 05 '21 at 00:27
I think there might be some kind of firewall in my router too... Next thing to investigate I guess. Thanks for your suggestions; they were well worth pursuing even if they didn't work out. — Russ Lenth, Mar 05 '21 at 01:22

VonC · Accepted Answer · 2021-03-15T06:15:15.727

1

ssh: connect to host github.com port 22: Connection timed out

As long as you see this error, no amount of private key/passphrase will help. SSH does not even get to the authentication phase.

I also created a new key, typing-in my GitHub password in the process

When you create a new key, you don't have to enter a passphrase (I would not, at first, for testing SSH).
And if you do enter a passphrase (which will protect your private key by encrypting it), it does not have to be your GitHub password (actually, it should not, as a best practice: don't reuse passwords)

The OP Russ Lenth confirms in the comments a firewall issue:

I logged-on to my router and changed a firewall setting to not block peer-to-peer applications.
Now I can connect via SSH.

edited Mar 15 '21 at 06:15

answered Mar 05 '21 at 07:45

VonC

1,262,500
529
4,410
5,250

Thanks for clarifying. I suspected as much. I think my next step is to see if I can get this to work on my laptop instead of my desktop. Among other things, that'll give me the option of taking the laptop somewhere else which might give me a clue as to whether my router is what is blocking this. – Russ Lenth Mar 05 '21 at 16:03
Update: I logged-on to my router and chenged a firewall setting to not block peer-to-peer applications. Now I can connect via SSH. Just feel a bit queasy unblocking all of these. I don't seem to have an option to just enable certain ones (well I do, for a standard list that does not include ssh) – Russ Lenth Mar 15 '21 at 02:36
@RussLenth OK. I have included your comment in the answer for more visibility. – VonC Mar 15 '21 at 06:15