Git is a free, open-source, distributed version control system that allows users to track file changes. Remote Git repositories facilitate the collaborative development of source code during software development.
HTTPS and SSH are two different ways of connecting to a remote GitHub repository via the command line.
In this article, you will learn the difference between using SSH and HTTPS for Git and how to choose the right authentication method.
SSH vs. HTTPS for Git: What is the Difference?
The basic SSH and HTTPS functionality is data encryption, as both protocols are secure cryptographic network protocols. Due to their security features, many Git servers, including GitHub and GitLab, use SSH and HTTPS to secure communication between the client and server.
Note: Use phoenixNAP's Bare Metal Cloud GitHub Actions platform to automate tasks in your Git repository.
The authentication method depends on whether you select an HTTPS or SSH remote URL when cloning the Git repository, as shown in the image below:
The two protocols differ in terms of complexity and level of security.
SSH (Secure Shell) is a public-key cryptography protocol that ensures no one can intercept or change the data during the transfer. Since it is more difficult to set up, it is not as widespread as HTTPS, but it offers greater data integrity and security.
However, firewalls on some systems refuse to allow SSH connections on the default port, which can further complicate the setup. Additionally, some operating systems don't have SSH clients installed by default.
Note: See how to change the default SSH port to improve security.
HTTPS (Hyper Text Transfer Protocol Secure) is a more widespread network protocol that uses SSL/TLS data encryption. Since it is easier to configure than SSH, HTTPS is more common but provides a lower data security level since it doesn't use public-key cryptography.
Git with HTTPS uses token-based authentication to establish connections on port 443 via the Public/Private Pair authentication mode. Port 443 is open in almost every firewall, which isn’t always the case for SSH.
Why Use HTTPS for Git?
The main purpose of HTTPS is to allow secure data transfers between the client and server. HTTPS facilitates Git setup as there is no need to create SSH keys for each machine from which you want to access the repository.
The authentication is performed through a Personal Access Token, which acts as a unique password and allows users to additionally secure their account with 2FA.
The benefits of using HTTPS for Git are:
- Simple setup. HTTPS is easy to set up, requiring only the repo URL and the
- Availability. HTTPS is available on every operating system and has very few firewall restrictions.
- Portability. Access the repository from any machine by providing the username and password/token.
Why Use SSH for Git?
The purpose of establishing an SSH connection is to encrypt data exchanged between the client and the server. SSH connections are based on a key pair - a private key on a remote server and the corresponding public key on the local system.
Using SSH keys means there is no need to provide the username and password for each action, for example, pushing or pulling changes or signing commits.
The benefits of using SSH for Git are:
- One-time setup. For every action, SSH uses the key file on disk, which is created when cloning the repository. Although the setup is more complex than HTTPS, it is a one-time effort.
- Improved security. SSH keys are more secure than any password or authentication token, making them almost impossible to crack.
- Time-saving. SSH doesn't require repetitive authentication for every repository action. This feature saves time and makes SSH one of the top reasons for choosing it over HTTPS.
Note: Some users can have issues connecting to Git via SSH because the firewall blocks the connection to the default SSH port. Resolve this issue in SSH settings to force the connections to go through port 443 (the default HTTPS port, which should be open). To do so, edit the ~/.ssh/config SSH configuration file and add the following lines:
Host github.com Hostname ssh.github.com Port 443 User git
Then, test the new configuration by running:
ssh -T -p 443 email@example.com
Why Does Git Change its Recommendation?
Git has changed its official documentation multiple times, alternating the recommendation between SSH and HTTPS. Currently, there is no recommendation for one or the other, but the instructions focus mainly on SSH setup and troubleshooting.
Git probably changed its recommendation from SSH because HTTPS is more universally accessible. It is the easiest way to set up Git on a wide variety of networks and platforms.
Later, the focus shifted to security, so SSH became the preferred option, as SSH keys don't provide access to your GitHub account. That means your account cannot be hijacked if anyone steals the key.
Which One Should You Use?
Choose between SSH and HTTPS depending on your preferences, data sensitivity, and whether your focus is on simplicity or security. Use SSH as a more secure option and HTTPS for basic, password-based Git usage.
Since SSH is more secure than entering credentials over HTTPS, it is recommended for businesses dealing with sensitive and critical data. Once you generate the SSH keys, only the machines with the key file on disk can access the repository.
On the other hand, if you want to maximize accessibility and ease of use, use the HTTPS protocol for Git. After completing the login flow, the GitHub CLI later authenticates all operations with its own password tokens.
When collaborating on a project, consider your organization's policy and see which type of security is preferred.
This article showed the benefits of using HTTPS or SSH for Git. Both encrypt data sent between the user and remote repository, with SSH being the more secure option and HTTPS easier to use.