Skip to content

Latest commit

 

History

History
338 lines (244 loc) · 7.41 KB

File metadata and controls

338 lines (244 loc) · 7.41 KB

GitHub Authentication Guide: SSH vs HTTPS

Quick Answer: Where Are Credentials Stored?

Your Personal Access Token is NOT stored in your repository!

Token Storage Locations

Mac: Keychain Access

# View stored credentials
security find-internet-password -s github.com

Windows: Credential Manager

Control Panel → Credential Manager → Windows Credentials
Look for: git:https://github.com

Linux: Git credential helper

# Check what's configured
git config --global credential.helper

# View stored credentials (if using store)
cat ~/.git-credentials

Important: Tokens are stored system-wide and reused for all GitHub repositories on your computer.


SSH vs HTTPS: Which Should You Use?

🔐 SSH (Recommended if you have keys set up)

URL Format:

git@github.com:USERNAME/REPOSITORY.git

Pros:

  • ✅ No token needed - uses your SSH key
  • ✅ Keys don't expire (unless you set expiration)
  • ✅ More secure (public key cryptography)
  • ✅ Faster - no credential prompts
  • ✅ One-time setup

Cons:

  • ❌ Port 22 might be blocked on corporate networks
  • ❌ Slightly more complex initial setup

When to use:

  • You already have SSH keys set up with GitHub ← Your situation!
  • You're on a trusted computer
  • You're pushing frequently

🌐 HTTPS (Good for beginners)

URL Format:

https://github.com/USERNAME/REPOSITORY.git

Pros:

  • ✅ Works through most firewalls
  • ✅ Easier for beginners
  • ✅ Works on any network
  • ✅ Can use multiple tokens for different permissions

Cons:

  • ❌ Requires Personal Access Token
  • ❌ Token expires (for fine-grained tokens)
  • ❌ Need to manage tokens
  • ❌ Git might prompt for credentials

When to use:

  • You don't have SSH keys set up
  • You're on a restricted network
  • You're using shared/public computers
  • You want per-repo access control (fine-grained tokens)

Check Your Current Setup

Test SSH Connection

ssh -T git@github.com

Success looks like:

Hi YOUR-USERNAME! You've successfully authenticated, but GitHub does not provide shell access.

Failure looks like:

Permission denied (publickey).

Check Which Method Your Repo Uses

cd /path/to/your/repo
git remote -v

SSH output:

origin  git@github.com:USERNAME/REPO.git (fetch)
origin  git@github.com:USERNAME/REPO.git (push)

HTTPS output:

origin  https://github.com/USERNAME/REPO.git (fetch)
origin  https://github.com/USERNAME/REPO.git (push)

Switch Between SSH and HTTPS

Change to SSH:

git remote set-url origin git@github.com:USERNAME/REPO.git

Change to HTTPS:

git remote set-url origin https://github.com/USERNAME/REPO.git

Setting Up SSH Keys (If Not Already Done)

If you want to verify or set up SSH keys:

1. Check if you have SSH keys

ls -la ~/.ssh

Look for:

  • id_rsa and id_rsa.pub (older RSA keys)
  • id_ed25519 and id_ed25519.pub (newer, recommended)

2. Generate new SSH key (if needed)

ssh-keygen -t ed25519 -C "your.email@example.com"

Press Enter to accept default location, set a passphrase (optional but recommended).

3. Add SSH key to ssh-agent

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

4. Copy public key to clipboard

Mac:

pbcopy < ~/.ssh/id_ed25519.pub

Linux:

cat ~/.ssh/id_ed25519.pub
# Then select and copy the output

Windows:

cat ~/.ssh/id_ed25519.pub | clip

5. Add to GitHub

  1. Go to GitHub → Settings → SSH and GPG keys
  2. Click "New SSH key"
  3. Paste your public key
  4. Give it a title (like "My Laptop")
  5. Click "Add SSH key"

6. Test it

ssh -T git@github.com

Security Best Practices

For SSH Keys

  • ✅ Use Ed25519 keys (more secure than RSA)
  • ✅ Set a passphrase on your key
  • ✅ Use ssh-agent to avoid typing passphrase constantly
  • ✅ Add different keys for different computers
  • ✅ Remove keys from GitHub when you stop using that computer

For Personal Access Tokens

  • ✅ Use fine-grained tokens when possible
  • ✅ Set expiration dates (force rotation)
  • ✅ Use minimum required permissions
  • ✅ Create different tokens for different projects
  • ✅ Delete tokens you're not using
  • ✅ NEVER commit tokens to git
  • ✅ NEVER share tokens publicly

Both Methods

  • ✅ Enable two-factor authentication (2FA) on GitHub
  • ✅ Review authorized applications periodically
  • ✅ Monitor access logs in GitHub settings

Common Questions

Q: I have SSH keys, do I still need a token?

A: Not for git operations (push/pull/clone)! But you DO need a token for:

  • GitHub API access
  • GitHub CLI (gh command)
  • Some automation tools
  • GitHub Actions secrets

Q: Can I use both SSH and HTTPS?

A: Yes! Different repos can use different methods:

# Repo A uses SSH
cd ~/repo-a
git remote -v
# origin  git@github.com:user/repo-a.git

# Repo B uses HTTPS  
cd ~/repo-b
git remote -v
# origin  https://github.com/user/repo-b.git

Q: Which is more secure?

A: Both are secure when properly configured:

  • SSH: More secure IF you use a passphrase and protect your private key
  • HTTPS with token: Secure IF you use fine-grained tokens with expiration

Q: My SSH connection stopped working, why?

Common causes:

  1. SSH key was removed from GitHub
  2. SSH key passphrase expired
  3. ssh-agent not running
  4. Port 22 blocked by firewall
  5. Computer was replaced (different key)

Fix: Run ssh -T git@github.com and troubleshoot from there.

Q: How do I store my token securely?

Options:

  1. Let Git handle it - credential helper stores it automatically
  2. Password manager - 1Password, LastPass, Bitwarden
  3. Environment variable - For automation only
  4. Never - Just use SSH instead!

Recommendations

For Your ESP32-Sensor-Logger Project

Since you mentioned you have SSH keys set up:

  1. Use SSH - It's easier and more secure
  2. ✅ Run the updated push_to_github.sh script and choose option 1 (SSH)
  3. ✅ Save your fine-grained token somewhere secure (password manager)
  4. ✅ Use the token only if you need API access later

No need to enter a token when pushing!

For Future Projects

  • Personal projects on trusted computer: SSH
  • Work projects: Whatever your company requires
  • Shared/public computers: HTTPS with short-lived token
  • Automation/CI/CD: Deploy keys or GitHub Apps (not personal tokens)

Quick Reference

# Check current authentication method
git remote -v

# Switch to SSH (recommended for you!)
git remote set-url origin git@github.com:USERNAME/REPO.git

# Switch to HTTPS
git remote set-url origin https://github.com/USERNAME/REPO.git

# Test SSH connection
ssh -T git@github.com

# Check where credentials are stored
git config --global credential.helper

# Clear stored credentials (if needed)
git credential-cache exit    # For cache helper
git credential reject         # For other helpers
# Then enter: protocol=https
#             host=github.com
# Then press Enter twice

Summary

  • 🔑 Tokens are stored system-wide, not in your repository
  • 🔐 SSH is recommended for your setup (you have keys)
  • 📝 Fine-grained token is good to have but not needed for git push
  • Run the updated push script and choose SSH (option 1)
  • 🚀 You won't need to enter a token when using SSH

Happy coding! 🎉