本文翻译自:Why does GitHub recommend HTTPS over SSH?
On the GitHub site there is a link... 在GitHub站点上有一个链接...
https://help.github.com/articles/generating-ssh-keys https://help.github.com/articles/generating-ssh-keys
... and it states... ...它说...
If you have decided not to use the recommended HTTPS method, we can use SSH keys to establish a secure connection between your computer and GitHub. 如果您决定不使用推荐的HTTPS方法,我们可以使用SSH密钥在您的计算机和GitHub之间建立安全连接。 The steps below will walk you through generating an SSH key and then adding the public key to your GitHub account. 下面的步骤将引导您生成SSH密钥,然后将公共密钥添加到您的GitHub帐户。
Why is HTTPS the recommended method? 为什么推荐使用HTTPS? Is there some sort of security flaw in the SSH method or is it slower? SSH方法中是否存在某种安全漏洞?还是速度较慢? I created an SSH key, so would that mitigate any security concerns? 我创建了SSH密钥,这样可以缓解任何安全问题吗?
#1楼
参考:https://stackoom.com/question/kKSP/GitHub为什么建议通过SSH推荐HTTPS
#2楼
GitHub have changed their recommendation several times ( example ). GitHub多次更改了建议( 例如 )。
It appears that they currently recommend HTTPS because it is the easiest to set up on the widest range of networks and platforms, and by users who are new to all this. 看来他们目前推荐使用HTTPS,因为它最容易在最广泛的网络和平台上进行设置,并且对于所有这方面的用户来说都是最简单的设置。
There is no inherent flaw in SSH (if there was they would disable it) -- in the links below, you will see that they still provide details about SSH connections too: SSH没有内在的缺陷(如果有的话,他们会禁用它)-在下面的链接中,您会看到它们仍然提供有关SSH连接的详细信息:
HTTPS is less likely to be blocked by a firewall. HTTPS不太可能被防火墙阻止。
https://help.github.com/articles/which-remote-url-should-i-use/ https://help.github.com/articles/which-remote-url-should-i-use/
The https:// clone URLs are available on all repositories, public and private. https://克隆URL在所有公共和私有存储库中都可用。 These URLs work everywhere--even if you are behind a firewall or proxy. 这些URL随处可见-即使您位于防火墙或代理之后。
An HTTPS connection allows
credential.helperto cache your password. HTTPS连接允许credential.helper缓存您的密码。https://help.github.com/articles/set-up-git https://help.github.com/articles/set-up-git
Good to know: The credential helper only works when you clone an HTTPS repo URL. 提提您:凭据帮助器仅在您克隆HTTPS存储库URL时有效。 If you use the SSH repo URL instead, SSH keys are used for authentication. 如果改用SSH存储库URL,则使用SSH密钥进行身份验证。 While we do not recommend it, if you wish to use this method, check out this guide for help generating and using an SSH key. 虽然我们不建议您这样做,但是如果您希望使用此方法,请查阅本指南以获取有关生成和使用SSH密钥的帮助。
#3楼
Also see: the official Which remote URL should I use? 另请参阅:官方应该使用哪个远程URL? answer on help.github.com. 在help.github.com上回答。
EDIT: 编辑:
It seems that it's no longer necessary to have write access to a public repo to use an SSH URL, rendering my original explanation invalid. 似乎不再必须具有对公共存储库的写访问权才能使用SSH URL,这使我的原始解释无效。
ORIGINAL: 原版的:
Apparently the main reason for favoring HTTPS URLs is that SSH URL's won't work with a public repo if you don't have write access to that repo. 显然,支持HTTPS URL的主要原因是,如果您没有对该公共存储库的写访问权,则SSH URL将无法与该公共存储库一起使用。
The use of SSH URLs is encouraged for deployment to production servers, however - presumably the context here is services like Heroku. 鼓励使用SSH URL部署到生产服务器,但是-大概这里的上下文是诸如Heroku之类的服务。
#4楼
Either you are quoting wrong or github has different recommendation on different pages or they may learned with time and updated their reco. 要么您引用的是错误的,要么github在不同的页面上有不同的建议,否则他们可能会随着时间的推移而学习并更新他们的记录。
We strongly recommend using an SSH connection when interacting with GitHub. 与GitHub交互时,我们强烈建议使用SSH连接。 SSH keys are a way to identify trusted computers, without involving passwords. SSH密钥是一种无需信任密码即可识别受信任计算机的方法。 The steps below will walk you through generating an SSH key and then adding the public key to your GitHub account. 下面的步骤将引导您生成SSH密钥,然后将公共密钥添加到您的GitHub帐户。
https://help.github.com/articles/generating-ssh-keys https://help.github.com/articles/generating-ssh-keys
#5楼
It's possible to argue that using SSHs key to authenticate is less secure because we tend to change our password more periodically than we generate new SSH keys. 可能会争辩说,使用SSH密钥进行身份验证的安全性较差,因为与生成新的SSH密钥相比,我们倾向于更定期地更改密码。
Servers that limit the lifespan for which they'll honor given SSH keys can help force users toward the practice of refreshing SSH-keys periodically. 限制使用SSH密钥的使用寿命的服务器可以帮助迫使用户进行定期刷新SSH密钥的实践。
#6楼
I assume HTTPS is recommended by GitHub for several reasons 我认为GitHub建议使用HTTPS的原因有很多
1) It's simpler to use from anywhere as you only need your account details (no SSH keys required) 1)在任何地方都可以使用,因为您只需要您的帐户详细信息(无需SSH密钥)就更简单了
2) HTTPS Is a port that is open in all firewalls. 2)HTTPS是在所有防火墙中打开的端口。 SSH is not always open as a port for communication to external networks SSH并不总是作为与外部网络进行通信的端口而开放
A GitHub repository is therefore more universally accessible using HTTPS than SSH. 因此,使用HTTPS比使用SSH可以更广泛地访问GitHub存储库。
In my view SSH keys are worth the little extra work in creating them 在我看来,SSH密钥值得在创建它们方面进行一些额外的工作
1) SSH Keys do not provide access to your GitHub account, so your account cannot be hijacked if your key is stolen, 1)SSH密钥不提供对GitHub帐户的访问权限,因此,如果密钥被盗,则无法劫持您的帐户,
2) Using a strong keyphrase with your SSH key limits any misuse, even if your key gets stolen 2)对您的SSH密钥使用强密钥短语可以限制任何误用,即使您的密钥被盗了
If your GitHub account credentials (username/password) are stolen, your GitHub password can be changed to block you from access and all your shared repositories can be quickly deleted. 如果您的GitHub帐户凭据(用户名/密码)被盗,则可以更改GitHub密码以阻止您访问,并且可以快速删除所有共享存储库。
If a private key is stolen, someone can do a force push of an empty repository and wipe out all change history for each repository you own, but cannot change anything in your GitHub account. 如果私钥被盗,则有人可以强行推入一个空的存储库并清除您拥有的每个存储库的所有更改历史记录,但无法更改GitHub帐户中的任何内容。 It will be much easier to try recovery from this breach of you have access to your GitHub account. 如果您可以访问GitHub帐户,那么尝试从这种违反情况中恢复将更加容易。
My preference is to use SSH with a passphrase protected key. 我的首选是将SSH与密码保护的密钥一起使用。 I have a different SSH key for each computer, so if that machine gets stolen or key compromised, I can quickly login to GitHub and delete that key to prevent unwanted access. 我为每台计算机使用了不同的SSH密钥,因此,如果该计算机被盗或密钥遭到破坏,我可以快速登录GitHub并删除该密钥以防止不必要的访问。
SSH can be tunneled over HTTPS if the network you are on blocks the SSH port. 如果您所在的网络阻塞了SSH端口,则可以通过HTTPS建立SSH隧道。
https://help.github.com/articles/using-ssh-over-the-https-port/ https://help.github.com/articles/using-ssh-over-the-https-port/
If you use HTTPS, I would recommend adding two-factor authentication, to protect your account as well as your repositories. 如果您使用HTTPS,建议您添加两因素身份验证,以保护您的帐户和存储库。
If you use HTTPS with a tool (eg an editor), you should use a developer token from your GitHub account rather than cache username and password in that tools configuration. 如果将HTTPS与工具(例如,编辑器)一起使用,则应使用GitHub帐户中的开发人员令牌,而不是在该工具配置中缓存用户名和密码。