Git: Using HTTPS or SSH?

Tram Ho

If you are new to Git , when cloning a repository, there are two options: Clone with HTTPS or Clone with SSH . You will wonder which one to use because sometimes, using any link, you can clone that repository (yaoming), or because if you don’t know what to choose, the safe solution is Download ZIP (??). Then you are prompted by mentor to install SSH key for your Github, why should you use that? Read this article.

1. What is HTTPS and SSH?

Surely all of you who are newbies have this question, right?

In general, HTTPS and SSH are protocols for transferring data from client to server like HTTP, FTP, sFTP, FTPs, etc. With the HTTP protocol, all data transmitted between the client and the server is plain text , and it is transmitted over the Internet. Therefore, these data are easy to attack, hacked by hackers and blocked from requests (requests). It doesn’t matter if your data isn’t important or needs to be secure, but what if it’s private information or the keys need security? Surely that information needs to be properly encrypted ? Then, if hackers catch your packet, they can hardly get sensitive information from it. That’s why more secure protocols like HTTPS, ftps, sftp, ssh, SSL / TLS were developed.

When working with Git, we have 2 types of repositories (referred to as repo): public and private. It doesn’t matter if public repos use the HTTP protocol, since those are public repos and anyone can use it. But with private repos, more secure methods are needed to transfer data between developers (who have the right to work with private repo) with that repo, avoiding hacker attacks.

Git uses several protocols, but the most popular are HTTPS and SSH. Git servers like Github, Gitlab, Bitbuckets also use these two methods. They are both trusted and secure protocols.

HTTPS

This is HTTP’s more secure protocol, data being transmitted is encrypted. HTTPS using port 443 both creates the connection. The authentication method is to use the public / private key pair . This is the most commonly used method.

SSH:

SSH stands for Secured Shell . It is also a secure protocol, and the data is encrypted. SSH uses port 22 for connection creation and authentication. Authentication of remote devices uses public-key cryptography. The authentication method is public / private key or userid / password pair . They are used to reduce the risk of logging on to a remote server.

How does SSH work?

Suppose, we have 1 client machine (usually your local machine) and 1 server machine (which can be referred to as git server as Github). When installing SSH key, you will have 1 pair of public / private key. The server will keep the public key, while the private key will be stored on the client computer. Like when you save the public key to your Github account. When the client wants to connect to the server:

  • The client sends the ID in the key pair to authenticate the identity
  • The receiving server will use the public key to encrypt it and send it back to the client.
  • The client receives it and uses the private key to decrypt and send it back to the server. Once there, the connection is made and the client will be able to work with the server.

In short, when you install the SSH key, you will have the public / private key pair. The public key is stored on the Git server, the private key is stored locally. When you want to take action on Git, your private key must match the public key on the server. Once the connection is made, you will no longer need to use the username and password.

Now, we will talk about HTTPS and SSH in Git more deeply.

2. HTTPS

When using HTTPS, all manipulation with Git is very easy, no need to install anything. However, when fetch, push or pull, Git will ask you for your username and password, as it uses password-based authentication. So, in order not to have to enter it many times, please install global username and password, and remember to set a strong password a little bit.

Why use HTTPS?

  • HTTPS is quite popular in use, most people know it, so beginners will find it easier and easier to understand because there is not much need to install.
  • There is no requirement to create and install a key pair on a Git server like when using an SSH key.
  • It is very easy to access and work with Git repos in many places, as long as you provide the correct account information.
  • HTTPS is the open firewall gateway and does not require firewall reinstallation.

Defect

  • Every time you perform a repo operation, you must enter the username / password again. To fix it, you can install this using git global or use other resource management tools. However, if you change the username / password, you must re-install the relevant places.
  • If your account information is leaked, all repos you are authorized to access can be threatened by changing owner, deleting data or other unauthorized actions.
  • If you use a two-factor authentication enabled (2FA) password, you’ll have to use a personal access token (PAT) instead of a regular password. As such, the validation will take time.

Pay attention when using HTTPS

  • Use strong passwords
  • Do not reveal or lose Git account information.

3. SSH

SSH uses public key encryption to perform authentication and data protection. To use it, you must create an SSH key pair on your computer and save the private key, adding the public key to your Git server account. How to install it here .

Once installed, you won’t need to do anything more when pushing, pulling or fetching.

Why use SSH?

  • Using secure SSH is safe using regular passwords.
  • No username / password required for authentication like HTTPS. ( This is the main reason (hihi) )
  • No PAT required when using 2-layer security.
  • If you lose your private key, your git data is still threatened. However, your Git server account still exists. Once there, you can go to that account, take measures to prevent being hacked immediately (ahihi).
  • It seems that SSH is more secure than HTTPS because it does not use a password for authentication.

Defect

  • You still have to have a Git server account to clone the repo.
  • Occasionally, the Networks and Firewall may not allow SSH connections. However, you can still reinstall.
  • Setting up the first desk takes a bit of time, but it’s not that difficult.

summary

In short, you can use any kind of protocol, because they are all data security protocols. The article helps you understand why we use one of the two methods only, and helps newcomers to be less confused when prompted to use the SSH key .

Thank you for reading here. See you again.

References

Install SSH key: https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account

https://ourtechroom.com/tech/https-vs-ssh-in-git/#toc2

https://www.keycdn.com/blog/difference-between-http-and-https

Share the news now

Source : Viblo