We are using BitBucket/Git/SourceTree as our DVCS and I would like some clarification on the Repository -> Repository Settings dialog in ST. We have 2 local clone sites, one of which uses the URL "ssh://firstname.lastname@example.org/domain/repository.git" and the other "https://bitbucket.org/domain/repository.git". They both seem to work, what's the difference?
The simplest explanation is that one uses SSH and one uses HTTPS which are different protocols used to authenticate with.
HTTPS authenticates using a username and password combination, the security of which will be dependent on the strength of your password and the means to which you keep this password secret from anyone so it's not compromised. If a hacker were to gain access to this password then they have access to do whatever they're able to do with HTTPS permissions with your repository dependent on what's enabled. Some repositories disable push access via HTTPS to stop such vulnerabilities.
SSH is a public/private key pair authentication model. What this means is that you publish your public key with the server you're authenticating with. The only way to authenticate is using your private key which is stored on your computer (typically in ~/.ssh). You can also password protect your keypair which we highly recommend. The benefit is that you don't publicise your private key as it's stored on your computer. Your computer is likely password protected and then with your keys password protected, hopefully with a different password than your login password, then it's two layers of extra security over the HTTPS model. SSH is much more secure in this respect because only you can authenticate using your private key.
Generally we recommend using SSH, although many repositories allow cloning/pulling of changes via HTTPS, but for pushing changes we definitely recommend using SSH. Some servers disallow pushing changes via HTTPS for security reasons, even on open source repositories in order to verify the committer.
Hope that helps, if you have any more questions feel free to ask.
How strange! Unfortunately I don't know as I only answer questions and don't ask them. Usually there's a tick next to the user and if you click on it then it will get marked as answered. Sorry I can't be of more help, the only way I could find out is to ask a question and have someone answer it!
In a world of dark-scrum, faux-scrum, and scrum-butt, the question still remains: What is scrum and how do you do it “right?” That’s the question we set out to answer. I'm Max, I've been teaching c...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs