What is the correct format for SourceTree Repository Settings?

We are using BitBucket/Git/SourceTree as our DVCS and I would like some clarification on the Repository -> Repository Settings dialog in ST. We have 2 local clone sites, one of which uses the URL "ssh://git@bitbucket.org/domain/repository.git" and the other "https://bitbucket.org/domain/repository.git". They both seem to work, what's the difference?

1 answer

1 accepted

Hi Anthony,

The simplest explanation is that one uses SSH and one uses HTTPS which are different protocols used to authenticate with.

HTTPS authenticates using a username and password combination, the security of which will be dependent on the strength of your password and the means to which you keep this password secret from anyone so it's not compromised. If a hacker were to gain access to this password then they have access to do whatever they're able to do with HTTPS permissions with your repository dependent on what's enabled. Some repositories disable push access via HTTPS to stop such vulnerabilities.

SSH is a public/private key pair authentication model. What this means is that you publish your public key with the server you're authenticating with. The only way to authenticate is using your private key which is stored on your computer (typically in ~/.ssh). You can also password protect your keypair which we highly recommend. The benefit is that you don't publicise your private key as it's stored on your computer. Your computer is likely password protected and then with your keys password protected, hopefully with a different password than your login password, then it's two layers of extra security over the HTTPS model. SSH is much more secure in this respect because only you can authenticate using your private key.

Generally we recommend using SSH, although many repositories allow cloning/pulling of changes via HTTPS, but for pushing changes we definitely recommend using SSH. Some servers disallow pushing changes via HTTPS for security reasons, even on open source repositories in order to verify the committer.

Hope that helps, if you have any more questions feel free to ask.

Hi Kieran, thank you for that explanation. One follow-up: Your answer appears in the question tab, not the answers tab. I'd like to "accept" this answer to close the thread but it's unclear how to do that. Thx!

How strange! Unfortunately I don't know as I only answer questions and don't ask them. Usually there's a tick next to the user and if you click on it then it will get marked as answered. Sorry I can't be of more help, the only way I could find out is to ask a question and have someone answer it!

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Monday in Agility Beta

We've moved!

A note to all watchers that we've moved to a new community home... https://community.atlassian.com/t5/Agility/ct-p/agility Please update your notification subscriptions to keep across the ...

47 views 0 2
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you