Fix "Unable to Find Package" NuGet Error in Visual Studio C#
HTTPS vs SSH in git in 5 minutes
What is the difference between HTTPS and SSH in git? This is the question that every newbie has when they first start using git and GitHub. In this article, I will go over the concepts and practical applications of those protocols in git.
General Scenario:
For transferring data from client to server, protocols such as HTTP, HTTPS, ssh, FTP, sFTP, FTPs, and others are used. In standard HTTP, all information sent from client to server and vice versa is sent in plain text. Anything sent from the client and received by the server via a public network (the internet) in plain text format. As a result, those data are vulnerable, and hackers can act as a man in the middle, intercepting all requests and responses.
It can be no problem if you just use it for browsing a regular website since there does not involve any secure data. But if you want to transfer secure and sensitive data then we have to encrypt it. So even if hackers intercept those encrypted data then that makes no sense to him since it is in encrypted form.
As a result, many secure protocols such as HTTPS, ftps, sftp, ssh, and SSL/TLS were created.
From Git Perspective:
In a git, there may be private and public repositories. For public repositories, even data send from server to client and vice versa with HTTP does not have much impact. However, if you have private repositories and many developers are working on them, it is necessary to transfer data securely between client (developer) computers (ie. Git Client) and git private repositories so that no hacker can intercept those data.
Git uses several protocols for client-server communication :
However, ssh and HTTPS are secure protocols. As a result, many git servers, such as Github, Bitbuckets, and GitLab, use those two popular cryptographic network protocols.
So, there are two popular cryptographic network protocols to use when cloning, pushing and pulling changes between GitHub repositories and your computer. 1) HTTPS and 2) SSH
Common in both HTTPS and SSH
HTTPS is a secure version of HTTP that encrypts data transmitted between the client and the server. When hackers intercept encrypted data, they are unable to make sense of it and cannot reverse it. To establish a connection, HTTPS used port 443. It uses the Public/Private Pair authentication mode.
It is mainly developed for secure transferring of data between client and server.
SSH means "Secured Shell".It is also a secured version, where data sent between the client and server is encrypted.SSH used port 22 is used to negotiate or authenticate the connection. The remote device authentication is done by public-key cryptography. Its mode of authentication is public/private Pair, or userid/password pair.
It is made to reduce security threats for remote server login.
How does SSH work?
SSH can be configured with a pair of keys called private and public keys. These keys are generated mathematically using various algorithms such as the RSA Algorithm, and EdDSA algorithm. Now let's look at how it works. Private and public keys are generated on the client and sent to the SSH server. The client now has both your public and private keys, while the server only has your public key.
When a client wants to connect to a server (in our case, Git Server), the server simply encrypts the random number using your public key and sends the encrypted message back to the client, who then decrypts the encrypted message using his private key and sends the decrypted information to the server. Then server verifies that the client's decrypted information is correct. If the information is correct, then authentication successfully happens.
Note one thing the SSH Private key should be securely stored by the client and if compromised then unauthorized users can get access to the git server.
In a nutshell and in layman's terms, we have private and public keys generated in SSH, and then public keys are stored on Git hosting. Now onward if we want to do any action in git, the private key stored on the PC is matched with the public key stored in git hosting. If they match, then without prompting the username and the password you are allowed to do this action.
Git with HTTPS and SSH:
Here, I will discuss with git hosting service provider Github. But will work the same for Gitlab or Bitbucket as well.
Starting git with HTTPS for cloning, pulling, and pushing is much easier and can be done with much less setup.
origin https
. .. then you are using an HTTPS link.fig. git clone link in action
Git with HTTPS uses password-based authentication for doing every action like git push, git clone, git fetch, and git pull, etc. So, it is recommended to create a strong and unique password by using a password manager.
Generally, It is found that most of the users coming from a Windows Background use HTTPS instead of SSH.
Ans:
If you have two-factor authentication enabled(2FA), you will have to use a personal access token(PAT) instead of your regular standard password. If you have enabled Two Factor Authentication, git will prompt you to have a code on your mobile devices or send it as a text message after successfully entering your username and password.
PAT-based authentication is considered to be more secure than password-based authentication. Here, we treat the PAT token as a password. Click here for creating a PAT token in GitHub.
Git used SSH protocol to securely transfer repository data over the internet. Uses public key encryption to secure data.
Git with HTTPS uses public-key encryption-based authentication for doing every action like git push, git clone, git fetch and git pull, etc.
If the links show origin git
. .. then you are using an SSH link.
To use SSH URLs, you must generate an SSH keypair on your computer and keep a private key yourself, and add the public key to your GitHub account.
If you want to use SSH URLs, then at the time of git clone, git fetch, git pull or git push to the remote repository, then it will prompt for a password and just must just provide your SSH key passphrase.
Ans:
source:github link
Precaution:
FAQ:
Ans: HTTPS and HTTP are communication protocols and SSL helps to encrypt and secure that communication channel. TLS is the modern version of SSL.
If data is to be transferred over a communication channel using HTTPS, the first SSL session is established, then all data are bundled into secured SSL or TLS packets before sending and after receiving.
SSH stands for Secure Shell. SSL stands for Secure Socket Layer. Both are used for secure and reliable connections. These are two important security features used to conduct today's business on the internet.
Ans: In my view, ssh seems to be more secure and safer than HTTPS because SSH does not use password-based authentication as Https Does. And Password-based authentication seems to be more vulnerable to hackers because humans generally used the same password everywhere on multiple sites, which may result in many vulnerabilities.
So, if SSH keys matter, if proper guidelines for securing SSH are followed then the SSH key generally seems to be more secure.
This is a broad topic, I am just giving my view.
Actually, there are two types of URLs in your git repository. They are HTTPS URL and SSH URL.
HTTPS Url Looks like this:
Git Url looks like this:
Ans: It depends on the amount of latency between your system and the remote server. It is true that for setup ssh connections, doing a DNS lookup, making TCP connections, and authenticating takes a longer time in SSH protocol as SSH is a complex protocol.
According to GitHub git, it is said that HTTPS is slightly faster than SSH in a high-latency network. (source)