本文翻譯自:Why does GitHub recommend HTTPS over SSH?
On the GitHub site there is a link... 在GitHub站點上有一個鏈接...
https://help.github.com/articles/generating-ssh-keys https://help.github.com/articles/generating-ssh-keys
... and it states... ...它說...
If you have decided not to use the recommended HTTPS method, we can use SSH keys to establish a secure connection between your computer and GitHub. 如果您決定不使用推薦的HTTPS方法,我們可以使用SSH密鑰在您的計算機和GitHub之間建立安全連接。 The steps below will walk you through generating an SSH key and then adding the public key to your GitHub account. 下面的步驟將引導您生成SSH密鑰,然後將公共密鑰添加到您的GitHub帳戶。
Why is HTTPS the recommended method? 爲什麼推薦使用HTTPS? Is there some sort of security flaw in the SSH method or is it slower? SSH方法中是否存在某種安全漏洞?還是速度較慢? I created an SSH key, so would that mitigate any security concerns? 我創建了SSH密鑰,這樣可以緩解任何安全問題嗎?
#1樓
參考:https://stackoom.com/question/kKSP/GitHub爲什麼建議通過SSH推薦HTTPS
#2樓
GitHub have changed their recommendation several times ( example ). GitHub多次更改了建議( 例如 )。
It appears that they currently recommend HTTPS because it is the easiest to set up on the widest range of networks and platforms, and by users who are new to all this. 看來他們目前推薦使用HTTPS,因爲它最容易在最廣泛的網絡和平臺上進行設置,並且對於所有這方面的用戶來說都是最簡單的設置。
There is no inherent flaw in SSH (if there was they would disable it) -- in the links below, you will see that they still provide details about SSH connections too: SSH沒有內在的缺陷(如果有的話,他們會禁用它)-在下面的鏈接中,您會看到它們仍然提供有關SSH連接的詳細信息:
HTTPS is less likely to be blocked by a firewall. HTTPS不太可能被防火牆阻止。
https://help.github.com/articles/which-remote-url-should-i-use/ https://help.github.com/articles/which-remote-url-should-i-use/
The https:// clone URLs are available on all repositories, public and private. https://克隆URL在所有公共和私有存儲庫中都可用。 These URLs work everywhere--even if you are behind a firewall or proxy. 這些URL隨處可見-即使您位於防火牆或代理之後。
An HTTPS connection allows
credential.helperto cache your password. HTTPS連接允許credential.helper緩存您的密碼。https://help.github.com/articles/set-up-git https://help.github.com/articles/set-up-git
Good to know: The credential helper only works when you clone an HTTPS repo URL. 提提您:憑據幫助器僅在您克隆HTTPS存儲庫URL時有效。 If you use the SSH repo URL instead, SSH keys are used for authentication. 如果改用SSH存儲庫URL,則使用SSH密鑰進行身份驗證。 While we do not recommend it, if you wish to use this method, check out this guide for help generating and using an SSH key. 雖然我們不建議您這樣做,但是如果您希望使用此方法,請查閱本指南以獲取有關生成和使用SSH密鑰的幫助。
#3樓
Also see: the official Which remote URL should I use? 另請參閱:官方應該使用哪個遠程URL? answer on help.github.com. 在help.github.com上回答。
EDIT: 編輯:
It seems that it's no longer necessary to have write access to a public repo to use an SSH URL, rendering my original explanation invalid. 似乎不再必須具有對公共存儲庫的寫訪問權才能使用SSH URL,這使我的原始解釋無效。
ORIGINAL: 原版的:
Apparently the main reason for favoring HTTPS URLs is that SSH URL's won't work with a public repo if you don't have write access to that repo. 顯然,支持HTTPS URL的主要原因是,如果您沒有對該公共存儲庫的寫訪問權,則SSH URL將無法與該公共存儲庫一起使用。
The use of SSH URLs is encouraged for deployment to production servers, however - presumably the context here is services like Heroku. 鼓勵使用SSH URL部署到生產服務器,但是-大概這裏的上下文是諸如Heroku之類的服務。
#4樓
Either you are quoting wrong or github has different recommendation on different pages or they may learned with time and updated their reco. 要麼您引用的是錯誤的,要麼github在不同的頁面上有不同的建議,否則他們可能會隨着時間的推移而學習並更新他們的記錄。
We strongly recommend using an SSH connection when interacting with GitHub. 與GitHub交互時,我們強烈建議使用SSH連接。 SSH keys are a way to identify trusted computers, without involving passwords. SSH密鑰是一種無需信任密碼即可識別受信任計算機的方法。 The steps below will walk you through generating an SSH key and then adding the public key to your GitHub account. 下面的步驟將引導您生成SSH密鑰,然後將公共密鑰添加到您的GitHub帳戶。
https://help.github.com/articles/generating-ssh-keys https://help.github.com/articles/generating-ssh-keys
#5樓
It's possible to argue that using SSHs key to authenticate is less secure because we tend to change our password more periodically than we generate new SSH keys. 可能會爭辯說,使用SSH密鑰進行身份驗證的安全性較差,因爲與生成新的SSH密鑰相比,我們傾向於更定期地更改密碼。
Servers that limit the lifespan for which they'll honor given SSH keys can help force users toward the practice of refreshing SSH-keys periodically. 限制使用SSH密鑰的使用壽命的服務器可以幫助迫使用戶進行定期刷新SSH密鑰的實踐。
#6樓
I assume HTTPS is recommended by GitHub for several reasons 我認爲GitHub建議使用HTTPS的原因有很多
1) It's simpler to use from anywhere as you only need your account details (no SSH keys required) 1)在任何地方都可以使用,因爲您只需要您的帳戶詳細信息(無需SSH密鑰)就更簡單了
2) HTTPS Is a port that is open in all firewalls. 2)HTTPS是在所有防火牆中打開的端口。 SSH is not always open as a port for communication to external networks SSH並不總是作爲與外部網絡進行通信的端口而開放
A GitHub repository is therefore more universally accessible using HTTPS than SSH. 因此,使用HTTPS比使用SSH可以更廣泛地訪問GitHub存儲庫。
In my view SSH keys are worth the little extra work in creating them 在我看來,SSH密鑰值得在創建它們方面進行一些額外的工作
1) SSH Keys do not provide access to your GitHub account, so your account cannot be hijacked if your key is stolen, 1)SSH密鑰不提供對GitHub帳戶的訪問權限,因此,如果密鑰被盜,則無法劫持您的帳戶,
2) Using a strong keyphrase with your SSH key limits any misuse, even if your key gets stolen 2)對您的SSH密鑰使用強密鑰短語可以限制任何誤用,即使您的密鑰被盜了
If your GitHub account credentials (username/password) are stolen, your GitHub password can be changed to block you from access and all your shared repositories can be quickly deleted. 如果您的GitHub帳戶憑據(用戶名/密碼)被盜,則可以更改GitHub密碼以阻止您訪問,並且可以快速刪除所有共享存儲庫。
If a private key is stolen, someone can do a force push of an empty repository and wipe out all change history for each repository you own, but cannot change anything in your GitHub account. 如果私鑰被盜,則有人可以強行推入一個空的存儲庫並清除您擁有的每個存儲庫的所有更改歷史記錄,但無法更改GitHub帳戶中的任何內容。 It will be much easier to try recovery from this breach of you have access to your GitHub account. 如果您可以訪問GitHub帳戶,那麼嘗試從這種違反情況中恢復將更加容易。
My preference is to use SSH with a passphrase protected key. 我的首選是將SSH與密碼保護的密鑰一起使用。 I have a different SSH key for each computer, so if that machine gets stolen or key compromised, I can quickly login to GitHub and delete that key to prevent unwanted access. 我爲每臺計算機使用了不同的SSH密鑰,因此,如果該計算機被盜或密鑰遭到破壞,我可以快速登錄GitHub並刪除該密鑰以防止不必要的訪問。
SSH can be tunneled over HTTPS if the network you are on blocks the SSH port. 如果您所在的網絡阻塞了SSH端口,則可以通過HTTPS建立SSH隧道。
https://help.github.com/articles/using-ssh-over-the-https-port/ https://help.github.com/articles/using-ssh-over-the-https-port/
If you use HTTPS, I would recommend adding two-factor authentication, to protect your account as well as your repositories. 如果您使用HTTPS,建議您添加兩因素身份驗證,以保護您的帳戶和存儲庫。
If you use HTTPS with a tool (eg an editor), you should use a developer token from your GitHub account rather than cache username and password in that tools configuration. 如果將HTTPS與工具(例如,編輯器)一起使用,則應使用GitHub帳戶中的開發人員令牌,而不是在該工具配置中緩存用戶名和密碼。