Using HTTPS or SSH with GitHub
I’d like to know what is the best way to connect to a GitHub repository between HTTPS and SSH. Apparently GitHub seems to recommend HTTPS over SSH:
If you have decided not to use the recommended HTTPS method, we can use SSH keys to establish a secure connection between your computer and GitHub. The steps below will walk you through generating an SSH key and then adding the public key to your GitHub account.
Spellchecker error source tree Get git commands list Why doesn't “git flow feature pull” track? How to get more useful branch diagrams in git? Certificate error installing jspm package from github (caused by wrong cert path??) git: remove 2nd commit
Yet I see no reason why HTTPS would actually be better than SSH. SSH should be more secure than HTTPS normally. So why would GitHub recommend HTTPS?
2 Solutions collect form web for “Using HTTPS or SSH with GitHub”
https is easier to use than ssh.
With ssh, you need to:
- generate a public/private key
- publish it on GitHub
- launch (if you really want security) an ssh-agent to enter the passphrase you would have associated to your private key.
https just reuse the GitHub credential you already have.
If you don’t want to enter your GitHub password for each git command, you can store those credentials in an encrypted
%HOME%/_netrc.gpg on windows).
See a full step-by-step example at “Is there a way to skip password typing when using https:// github”.
I store that way several credentials (to GitHub, BitBucket, internal repos, …) in one (encrypted) file, and I type one password (the gpg passphrase) once in the morning.
I can then access all those repos without having to enter my credential during the day.
I got an answer from GitHub:
We recommend https since it is far simpler to set up and doesn’t require knowledge or secure management of ssh keys.
Since ssh and https both use ssl behind the scenes, the benefit of requiring access to a private key rather than login credentials only holds if those keys are managed securely. For those unfamiliar with best practices around ssh keys, this is often harder to explain than it is to let them maintain username/passhprase login credentials using the procedures they already know. The recommendations are there so those who don’t have a strong opinion either way can choose the most straightforward method. Anyone who prefers ssh keys is able to do so as they’re fully supported.