What are the pros and cons of SSH and HTTP for a git server?

Solution 1

While you're asking for what is the most common way, I think it's better to look at your situation and remember that one protocol doesn't exclude another - add more access protocol later if you need them.

• Most efficient and fast is to use the native Git daemon. However, little features offered: no encryption, no authentication. Ideal for public read-only mirrors of your repositories. If you need performance, also consider installing a recent version rather than the version shipped with your OS.

• Most compatible way is HTTP. Less efficient than native Git, but not that much of a difference either. Most important pro of HTTP is firewall penetration and proxy support. It appears as regular other HTTP traffic for most gateways/firewalls.

• More secure is HTTPS, but inevitably less efficient too. Requires quite some configuration. You'll also need a trusted TLS certificate.

• Similar security, but a more common way is to use SSH. It is the default if no protocol is specified on command line. Powered by SSH, it provides strong encryption and both password and key authentication. While unconventional, it is possible to allow anonymous access this way too.

My advise would be depending on the use case of your repositories:

• private repositories & small user group: SSH

• public repositories, any amount of clones, but small group of push-privileged users: HTTP and Git (fetch-only) + SSH (+push-access)

• any of the above, but with large amount of push-privileged users: you probably don't understand the philosophy of Git.

Some public or corporate networks might block Git and SSH traffic. If you really need to access your repositories from anywhere, consider using both HTTPS and SSH.

Solution 2

You can use HTTPS for read-only access, if your repositories are public as it is easy to use on the client side. If not you should only use SSH. In any case you should use SSH for write access as it has better authentication management.

Author by

Stephane Rolland

Author of the PL XYZ (name is still to be defined, also I'm extremely late compared to what I was expecting, and it's quite possible there's at least one year of work before I can release something). At marathon my time is 5:30, that's far from a world record. I plan longer trails (60 km seems feasible for now) after I have made public the version 0.0 of the language. Machine Learning: kaggle AI competitions Favourite Techs: Haskell, C++14, Python 3, PostgreSQL, NixOs Linux, Zsh/Bash/Perl, XMonad. Photography/Graphical Arts: Abstract Photography , Pinterests Boards Author-Composer: Publicly released music, tracks on soundcloud Interests: Language Design, Categorial and Linear logic, Type Theory, Artificial Intelligence, Design Patterns, Lambda Calculus, Web Design, Pi Calculus, Pattern Calculus, Digital Signal Processing, Test Driven Development, Software Craftsmanship Everyday experience: C++, Python, Haskell Practicing: Perl, Cython/CPython, Machine Learning, Scikit-Learn Used: C, C#, Xml, Regex, Sql, Javascript, Win32, Mfc, Com/Atl, Stl, Design Patterns, MsXml, Wpf, C++/Cli, Html, Java, Soap, Sql Server, Http, Boost C++, Xaml, Xslt, Xschema, Xpath, Bash, Powershell, VB Practiced: R, Elixir, Erlang, Elm, F#, AngularJS, jQuery, Html5, Css, Svg, Web Audio Api, Underscore.js, Node.js, Octave Small memories of: Prolog, Oz/ML, Pict and Nomadic Pict Wish to learn: Agda, Idris, Coq, Rebol/Red Language Love: English, Deutsch, Español, French (mother tongue), Esperanto (though I no longer practice since at least 10 years, this language is beautiful) Learning: 中文 (Chinese), 日本語 (Japanese) Wish to learn (one day... if possible, or at least some basics elements for calligraphy): Korean, Arabic, Mongolian, Russian, Dutch/Nederland, Italian, Sanskrit, and a bit of Tibetan... let's see.

Updated on September 18, 2022