If your GitHub account credentials (username/password) are stolen, your GitHub password can be changed to block you from access and all your shared repositories can be quickly deleted. Using a strong keyphrase with your SSH key limits any misuse, even if your key gets stolen (after first breaking access protection to your computer account) SSH Keys do not provide access to your GitHub account, so your account cannot be hijacked if your key is stolen. In my view SSH keys are worth the little extra work in creating them SSH is not always open as a port for communication to external networksĪ GitHub repository is therefore more universally accessible using HTTPS than SSH. HTTPS Is a port that is open in all firewalls. It's simpler to access a repository from anywhere as you only need your account details (no SSH keys required) to write to the repository. I assume HTTPS is recommended by GitHub for several reasons For more information, see " Cloning with HTTPS urls" and " Caching your GitHub credentials in Git." If you clone with HTTPS, you can cache your GitHub credentials in Git using a credential helper. clone URLs work even if you are behind a firewall or proxy.Īn HTTPS connection allows credential.helper to cache your password. The clone URLs are available on all repositories, regardless of visibility. HTTPS is less likely to be blocked by a firewall. There is no inherent flaw in SSH (if there was they would disable it) - in the links below, you will see that they still provide details about SSH connections too: It appears that they currently recommend HTTPS because it is the easiest to set up on the widest range of networks and platforms, and by users who are new to all this. GitHub have changed their recommendation several times ( example).
0 Comments
Leave a Reply. |