![]() ![]() Given the public key only, anyone can easily encrypt any data the holder of the private key can use the private key to easily decrypt that same data, but one who lacks the private key cannot. The public key is called this because it's not a secret! You may show it to literally anyone, although there's no good reason to bruit it about.Īlong with this public key, whatever it is, there's a paired private key, which you should keep secret (guard it carefully, like a password). If we look at public-key cryptography, we see that it works by having you (or your Git software, or in this particular case, the ssh program-Git literally runs ssh here as Git does not contain the ssh code itself) provide to the server a public key: a long, random-looking string of letters and digits and perhaps other characters that represent some kind of cryptographic key. The way the big Git servers do this is by cheating. Since you're going to claim to be this git pseudo-user, not whoever you really are, the host is going to need to figure out who you really are in some other way. There are a bunch of technical reasons for this, but they all boil down to "it was easier that way, and now it's the convention". That is, they are going to authenticate you not as yourself but rather as the git pseudo-user. ![]() The ssh:// part (if using this form) and the at-sign and colon (if using this form) are literal characters that will appear in the URL.Īll the big Git servers require that you supply the user part as the literal string git. When you use ssh to authenticate, there's a user name involved, and it's right there in the URL: ssh:// host/ path or host: path. Using ssh authentication with Git and big hosting sites ![]() It's also not what the original question is about, so that's all we'll say about it here. This is highly configurable, and has a lot of system dependencies. It does so only for https authentication. Your Git software does not do any of the authentication on its own, but it can use a credential helper. The ssh system uses public-key cryptography there is no password involved here, at least at this point. To use ssh authentication with Git, use a URL that begins with ssh:// or that has the form host: path, e.g., :my/repo.git. The ssh authentication is much more uniform, perhaps because there are fewer ssh implementations and most trace their history back to a common starting point. To use this method with Git, use a URL that begins with These take the form host/path/passed/to/host (although you can shove the password / token in here, or leave out the user part, it's usually simplest to include the user and leave out the password, so that only the password has to be managed via some credential system). The user name here is your identity, and the password-or-token is your proof of identity (so guard it carefully!). This pair authenticates you as you to the hosting site. One then directs one's Git to supply a user name and the token-as-the-password. ![]() One has the web site generate the token (using, usually, a password, and perhaps some second factor for two-factor authentication). The difference between a token and a password is, essentially, that the token is a structured password, with the (hidden-from-the-user) structure containing extra information. However, both Bitbucket and GitHub now use token-based authentication rather than password-based. The https authentication has the most variability as there are many https implementations and each one has its own identity and authorization techniques, so it is the one about which we can say the least.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |