GitHub SSH key or username and email?
I'll be getting my new laptop tomorrow and I'll have to do all the setup like installing node and git. When I first connected to GitHub I used a username and email to verify my identity. I watched a freeCodeCamp video on Git and they had a section on authenticating with SSH. I was confused by that method. Is there a benefit to using an SSH key? What do you all use?
12 Replies
SSH key just means you don't have to enter your username/pwd every time you do something
The benefit is that it's more secure and it guarantees it's you making the commits. Granted, this may not seem like much in the context of version control but it's definitely good security. It's also very convenient as all you need is a file in your system, which you can copy to the new computer. Also, you can revoke access to a particular SSH key at anytime if you find that is has been compromised.
some people will say SSH keys are more secure, this isn't necessarily true, as long as you have a good password they're both essentially equal
If you use username/password you can configure the git client to remember those, although for GitHub it won't work anymore
What do you mean it won't work anymore? Since when? And I don't think I used a password, I jusy ran these commands:
Since last year, you cannot commit code using HTTPS anymore. And yes, I meant username and email, not password sorry.
two years ago already, wow: https://github.com/hub4j/github-api/issues/789
I think you misspelled "most people" there? 🙂
yeah I guess most people believe that because all the articles regurgitate the same thing
Ah man, I must have got in right before that. So I don't have an option - I HAVE to do the SSH option, correct? I hope I can figure it out. Any really good docs on all the steps?
https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
it's dead simple really
you generate a key, copy the public key, add key to github
end
With username and password you cannot revoke a particular key if you ever need to. You also cannot verify who did what if you were to share those same credentials. Those make a strong argument in favor of SSH as a secure way of authenticating. If you have evidence to support your claims, please share
It's very easy to do but ask away if you have any questions
Okay, thanks to both of you. I won't be trying it until tomorrow but it looks like that link is similar to my notes so I'll follow the steps. BTW, were people like myself grandfathered in if they set up the connection with username and email before the change?
Yes, everyone was required to move on to using SSH so you are definitely not alone 😄