It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

What is the correct format for SourceTree Repository Settings?

Tony Dobaj Jul 19, 2013

We are using BitBucket/Git/SourceTree as our DVCS and I would like some clarification on the Repository -> Repository Settings dialog in ST. We have 2 local clone sites, one of which uses the URL "ssh://git@bitbucket.org/domain/repository.git" and the other "https://bitbucket.org/domain/repository.git". They both seem to work, what's the difference?

1 answer

1 accepted

1 vote
Answer accepted

Hi Anthony,

The simplest explanation is that one uses SSH and one uses HTTPS which are different protocols used to authenticate with.

HTTPS authenticates using a username and password combination, the security of which will be dependent on the strength of your password and the means to which you keep this password secret from anyone so it's not compromised. If a hacker were to gain access to this password then they have access to do whatever they're able to do with HTTPS permissions with your repository dependent on what's enabled. Some repositories disable push access via HTTPS to stop such vulnerabilities.

SSH is a public/private key pair authentication model. What this means is that you publish your public key with the server you're authenticating with. The only way to authenticate is using your private key which is stored on your computer (typically in ~/.ssh). You can also password protect your keypair which we highly recommend. The benefit is that you don't publicise your private key as it's stored on your computer. Your computer is likely password protected and then with your keys password protected, hopefully with a different password than your login password, then it's two layers of extra security over the HTTPS model. SSH is much more secure in this respect because only you can authenticate using your private key.

Generally we recommend using SSH, although many repositories allow cloning/pulling of changes via HTTPS, but for pushing changes we definitely recommend using SSH. Some servers disallow pushing changes via HTTPS for security reasons, even on open source repositories in order to verify the committer.

Hope that helps, if you have any more questions feel free to ask.

Tony Dobaj Jul 23, 2013

Hi Kieran, thank you for that explanation. One follow-up: Your answer appears in the question tab, not the answers tab. I'd like to "accept" this answer to close the thread but it's unclear how to do that. Thx!

How strange! Unfortunately I don't know as I only answer questions and don't ask them. Usually there's a tick next to the user and if you click on it then it will get marked as answered. Sorry I can't be of more help, the only way I could find out is to ask a question and have someone answer it!

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Posted in Off-topic

What podcasts are you listening to right now?

Like the title says: what podcasts are in your rotation right now? Here are some favorites I've been in to from the last few weeks. The Ringer NBA Show I've been diving deep into the NBA Playoffs...

801 views 16 9
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you