Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What is the correct format for SourceTree Repository Settings?

Tony Dobaj
Tony Dobaj
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 19, 2013

We are using BitBucket/Git/SourceTree as our DVCS and I would like some clarification on the Repository -> Repository Settings dialog in ST. We have 2 local clone sites, one of which uses the URL "ssh://git@bitbucket.org/domain/repository.git" and the other "https://bitbucket.org/domain/repository.git". They both seem to work, what's the difference?

Answer
Watch
Like Be the first to like this
647 views

1 answer

1 accepted

1 vote
Answer accepted
KieranA
KieranA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 21, 2013

Hi Anthony,

The simplest explanation is that one uses SSH and one uses HTTPS which are different protocols used to authenticate with.

HTTPS authenticates using a username and password combination, the security of which will be dependent on the strength of your password and the means to which you keep this password secret from anyone so it's not compromised. If a hacker were to gain access to this password then they have access to do whatever they're able to do with HTTPS permissions with your repository dependent on what's enabled. Some repositories disable push access via HTTPS to stop such vulnerabilities.

SSH is a public/private key pair authentication model. What this means is that you publish your public key with the server you're authenticating with. The only way to authenticate is using your private key which is stored on your computer (typically in ~/.ssh). You can also password protect your keypair which we highly recommend. The benefit is that you don't publicise your private key as it's stored on your computer. Your computer is likely password protected and then with your keys password protected, hopefully with a different password than your login password, then it's two layers of extra security over the HTTPS model. SSH is much more secure in this respect because only you can authenticate using your private key.

Generally we recommend using SSH, although many repositories allow cloning/pulling of changes via HTTPS, but for pushing changes we definitely recommend using SSH. Some servers disallow pushing changes via HTTPS for security reasons, even on open source repositories in order to verify the committer.

Hope that helps, if you have any more questions feel free to ask.

View More Comments
Tony Dobaj
Tony Dobaj
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 23, 2013

Hi Kieran, thank you for that explanation. One follow-up: Your answer appears in the question tab, not the answers tab. I'd like to "accept" this answer to close the thread but it's unclear how to do that. Thx!

Like
KieranA
KieranA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 24, 2013

How strange! Unfortunately I don't know as I only answer questions and don't ask them. Usually there's a tick next to the user and if you click on it then it will get marked as answered. Sorry I can't be of more help, the only way I could find out is to ask a question and have someone answer it!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events