SSH
What is SSH?
The SSH (Secure Shell) is a network communication protocol that enables two computers to communicate over an insecure network. It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP). It is mostly used for secure Remote Login and File Transfer.
- SSH is a software package that enables secure system administration and file transfers over insecure networks.
The SSH protocol
- uses encryption to secure the connection between a client and a server
What is Secure Shell?
- Secure Shell also supports both password and key-based authentication.
key-based authentication
https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server- users to authenticate through a key-pair
Secure Shell Architecture
- a server administrator installs a server program that accepts or rejects the incoming connections. Besides, a user runs a client program on their system that requests the server. By default, the server listens on HTTP port 22.
Where Should We Use Secure Shell?
- Communication between local and remote machines
- Remote access to server resources
- Executing commands in the remote host machine
- Performing numerous system administration tasks
- Moreover, the key-based authentication provides convenient Single Sign-On (SSO) access across the remote hosts. This lets users move between their accounts without the need of a password.
Secure Shell Commands
- ssh – for logging into a remote machine and for executing commands on a remote machine
- sshd – it’s an SSH server daemon process that waits for incoming SSH connection requests from SSH clients and enables authorized systems to connect to the localhost
- ssh-keygen – new authentication key pair for SSH, used to automate logins to implement Single Sign-On and to authenticate hosts
- ssh-copy-id – allows to copy, install and configure an SSH key on a server
- scp – an SSH-secured version of the RCP protocol that lets us copy files from one machine to another
- sftp – an SSH-secured version of the FTP protocol that is used to share files in Internet
SSH vs. HTTPS in Git
https://phoenixnap.com/kb/git-ssh-vs-https
SSH
- greater data integrity and security
- refuse to allow SSH connections on the default port, which can further complicate the setup
Why use ssh for git?
- SSH connection is to encrypt data exchanged between the client and the server
- no need to provide the username and password for each action
- One-time setup. For every action, SSH uses the key file on disk, which is created when cloning the repository. Although the setup is more complex than HTTPS, it is a one-time effort.
- Improved security. SSH keys are more secure than any password or authentication token, making them almost impossible to crack.
- Time-saving. SSH doesn’t require repetitive authentication for every repository action. This feature saves time and makes SSH one of the top reasons for choosing it over HTTPS.
HTTPS
- more widespread network protocol that uses SSL/TLS data encryption
- but provides a lower data security level since it doesn’t use public-key cryptography.
- disadvantage
Recommendation?
Currently, there is no recommendation for one or the other, but the instructions focus mainly on SSH setup and troubleshooting.
Git probably changed its recommendation from SSH because HTTPS is more universally accessible. It is the easiest way to set up Git on a wide variety of networks and platforms.
Which one should you use?
Choose between SSH and HTTPS depending on your preferences, data sensitivity, and whether your focus is on simplicity or security.
- SSH
- more secure than entering credentials over HTTPS
- for businesses dealing with sensitive and critical data.
- Once you generate the SSH keys, only the machines with the key file on disk can access the repository.
- HTTPS
- maximize accessibility and ease of use, use the HTTPS protocol for Git
- completing the login flow, the GitHub CLI later authenticates all operations with its own password tokens