Why does GitHub recommend HTTPS over SSH?

John Livermore picture John Livermore · Jun 14, 2012 · Viewed 142.8k times · Source

On the GitHub site there is a link...

https://help.github.com/articles/generating-ssh-keys

... and it states...

If you have decided not to use the recommended HTTPS method, we can use SSH keys to establish a secure connection between your computer and GitHub. The steps below will walk you through generating an SSH key and then adding the public key to your GitHub account.

Why is HTTPS the recommended method? Is there some sort of security flaw in the SSH method or is it slower? I created an SSH key, so would that mitigate any security concerns?

Answer

k107 picture k107 · Jun 14, 2012

GitHub have changed their recommendation several times (example).

It appears that they currently recommend HTTPS because it is the easiest to set up on the widest range of networks and platforms, and by users who are new to all this.

There is no inherent flaw in SSH (if there was they would disable it) -- in the links below, you will see that they still provide details about SSH connections too:

  1. HTTPS is less likely to be blocked by a firewall.

    https://help.github.com/articles/which-remote-url-should-i-use/

    The https:// clone URLs are available on all repositories, public and private. These URLs work everywhere--even if you are behind a firewall or proxy.

  2. An HTTPS connection allows credential.helper to cache your password.

    https://help.github.com/articles/set-up-git

    Good to know: The credential helper only works when you clone an HTTPS repo URL. If you use the SSH repo URL instead, SSH keys are used for authentication. While we do not recommend it, if you wish to use this method, check out this guide for help generating and using an SSH key.