{"id":368973,"date":"2021-11-18T15:45:50","date_gmt":"2021-11-18T12:45:50","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/should-you-use-https-or-ssh-for-git-cloudsavvy-it\/"},"modified":"2021-11-18T15:45:50","modified_gmt":"2021-11-18T12:45:50","slug":"should-you-use-https-or-ssh-for-git-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/should-you-use-https-or-ssh-for-git-cloudsavvy-it\/","title":{"rendered":"#Should You Use HTTPS or SSH For Git? \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a41883c9cc8c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a41883c9cc8c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/should-you-use-https-or-ssh-for-git-cloudsavvy-it\/#Whats_The_Difference\" >What\u2019s The Difference?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/should-you-use-https-or-ssh-for-git-cloudsavvy-it\/#Why_Use_HTTPS\" >Why Use HTTPS?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/should-you-use-https-or-ssh-for-git-cloudsavvy-it\/#Why_Use_SSH\" >Why Use SSH?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/should-you-use-https-or-ssh-for-git-cloudsavvy-it\/#What_Should_You_Use\" >What Should You Use?<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Should You Use HTTPS or SSH For Git? \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage alignnone size-full wp-image-14290\" srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/09\/4d72a7db.png?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/09\/4d72a7db.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/09\/4d72a7db.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"1200\" height=\"675\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>When connecting to remote Git repositories like Github, you usually have two connection options\u2014HTTPS or SSH. Both have their uses, and while SSH is <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly considered more secure, the question is a little more complicated than that.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Whats_The_Difference\"><\/span>What\u2019s The Difference?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The method of authentication you use to connect to a Git repo depends on the URL your remote is configured with. The default URL format Github uses is HTTPS, which communicates directly over the web protocol:<\/p>\n<pre>https:\/\/github.com\/user\/RepoName.git<\/pre>\n<p>However, you can also use SSH. While you\u2019re not opening an interactive shell and executing commands, it\u2019s still the same format as if you were connecting to a regular SSH-enabled Linux server:<\/p>\n<pre>user@ipaddress:folder\/file<\/pre>\n<p>With Github and most services, you connect to the \u201c<code>git<\/code>\u201d user, and access the <code>.git<\/code>\u00a0endpoint as a file under a folder with your username.<\/p>\n<pre>git@github.com:user\/RepoName.git<\/pre>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Why_Use_HTTPS\"><\/span>Why Use HTTPS?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>So, which one should you use? While SSH is usually considered more secure, for basic usage of Github, HTTPS authentication with a password is acceptable enough. In fact, Github themselves defaults to and recommends most people use HTTPS.<\/p>\n<p>HTTPS has plenty of upsides:<\/p>\n<ul>\n<li>HTTPS is simpler. With how it works on Github, you just have to enter in your Github username and password, and you\u2019ll be able to push and pull code. For the average user, this is perfectly fine.<\/li>\n<li>You don\u2019t have to juggle multiple SSH keys around to use multiple devices.<\/li>\n<li>Port 443, which HTTPS uses, is open in basically any firewall that can access the internet. That isn\u2019t always the case for SSH.<\/li>\n<li>The problem of password based auth can be minimized by using a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.github.com\/en\/authentication\/keeping-your-account-and-data-secure\/creating-a-personal-access-token\">Personal Access Token (PAT) on Github<\/a> in conjuction with two-factor auth on your account.<\/li>\n<\/ul>\n<p>The primary downside for most people is that you must enter your Git password every time you push. While it gets added to a cache, it\u2019s not configured to cache permanently (though this can be changed). With SSH keys, it just uses the key file on disk every time.<\/p>\n<p>Also, if you do use 2FA on your Github account, you are forced to either use SSH or a personal access token. Your default account password will not work.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Why_Use_SSH\"><\/span>Why Use SSH?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>It\u2019s a misconception that HTTPS as a protocol is significantly less secure than SSH. Both will provide you a secure connection safe from man-in-the-middle (MITM) attacks. Both protocols will do their job the same as long as the underlying keys are secured. Both will use public-key based authentication anyway, though HTTPS with Git will send your password over the wire. And both protocols can be configured to also use multi-factor authentication (MFA\/2FA), although with Github it is easier to use MFA on your account if you use SSH keys.<\/p>\n<p>Where SSH takes the lead is with the authentication factor\u2014the key. The length of it alone makes it harder to accidentally leak, and due to it being unwieldy and unique, it\u2019s generally more secure. The only downside is it\u2019s stored as a user-accessible file on your hard drive rather than in your head, but given how bad humans are at security, it\u2019s probably better that way.<\/p>\n<p>Also, it\u2019s not prone to getting caught up in a data breach. It\u2019s guaranteed not to be reused, but it\u2019s also never even stored on someone else\u2019s server. Because you only give Github your public key, and use your private key on your end to perform the authentication challenge, there\u2019s no risk of it being exposed, or even ever sent over the wire.<\/p>\n<p>SSH has plenty of downsides, but they can be mitigated if you know what you\u2019re doing:<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How to Use a Different Private SSH Key for Git Shell Commands<\/em><\/strong><\/p>\n<p>SSH can even be tunnelled over HTTPS when accessing Github, using the <code>ssh.github.com<\/code>\u00a0hostname in your SSH config. While this may not be true for all Git services, it\u2019s a nice plus for the big one:<\/p>\n<pre>Host github.com&#13;\n  Hostname ssh.github.com&#13;\n  Port 443<\/pre>\n<p>SSH keys can also be chained together using SSH agent forwarding, which allows you to connect to a remote server, and then use the SSH key on your client machine to authenticate. The remote server acts as the middle man, unaware of your SSH key.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>What is SSH Agent Forwarding and How Do You Use It?<\/em><\/strong><\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"What_Should_You_Use\"><\/span>What Should You Use?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The question is, should you bother with it? If you\u2019re experienced with a command line, it\u2019s not too hard to just use keys, and most people will anyway simply because it\u2019s easier to configure once and never enter a password again. It also works better with 2FA, which most high-security Github accounts should likely be using.<\/p>\n<p>If you\u2019re just looking for an easy experience, HTTPS is secure as long as your password is secure. There\u2019s a reason Github has it default and even recommends it\u2014it works well and is easy to understand.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/14822\/should-you-use-https-or-ssh-for-git\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Should You Use HTTPS or SSH For Git? \u2013 CloudSavvy IT&#8221; When connecting to remote Git repositories like Github, you usually have two connection options\u2014HTTPS or SSH. Both have their uses, and while SSH is generally considered more secure, the question is a little more complicated than that. What\u2019s The Difference? The method of authentication&#8230;<\/p>\n","protected":false},"author":1,"featured_media":368974,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/09\/4d72a7db.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-368973","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/368973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=368973"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/368973\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/368974"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=368973"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=368973"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=368973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}