github - Why does http-based git push require a password?
ringa_lee
ringa_lee 2017-05-02 09:47:34
0
2
1142

RT. I already know how to complete git push to github locally without a password, but I am curious why the http method requires password authentication every time before pushing. I have no experience with network protocols and have not checked online. to the relevant explanation, so I came here to ask~

ringa_lee
ringa_lee

ringa_lee

reply all(2)
我想大声告诉你

I think this is related to certain characteristics of the http protocol. In fact, github uses the Smart http protocol, which is based on the http protocol. However, for convenience, I will also directly use the http protocol to call it later.

When you use the http protocol, you can push, clone, and pull the remote warehouse without any local configuration. In other words, you can use this protocol anywhere, that is, it is local-independent. This is a major feature that distinguishes this protocol from the ssh protocol. Because the http protocol will not remember or know who the request came from, unless special methods are used, such as cookies. Therefore, for those servers that require authorization, you must enter your username and password for verification before you can obtain or push data, so that the server knows who you are and whether you can obtain or push data.

The characteristics of the http protocol are exactly the opposite of the ssh protocol. The ssh protocol relies on the ssh key to identify whether you have permission to push or obtain data, while the ssh key is saved locally. If you do not have an ssh key locally, of course, you cannot complete the acquisition or push. Data manipulation. The two just form a complementary and opposite relationship.

Now you should know the answer to the question!

I would like to say a little more below, which may be of some help to you. Let me summarize the advantages and disadvantages of the two here:

  • http protocol

    • Advantages: It saves the trouble of local configuration. As long as you have the URL and the corresponding permissions, you can perform the corresponding operations

    • Disadvantages: Frequent verification is required for each operation unless the password caching mechanism is used

  • ssh protocol

    • Advantages: No need to enter password for verification every time when pushing or getting data

    • Disadvantages: Need to configure and generate ssh key before use

In addition, for the GitHub website, we will find that git pushgit pullgit fetch的时候需要验证,而git clone的时候不需要验证。由此,我可以这样推测(只是我的个人推测,仅供参考),github的服务器就属于那种需要授权的服务器,但是可能git clone is one of the specially set operations that does not require verification.

But I found this sentence in the Github help manual:

When you git clone, git fetch, git pull, or git push to a remote repository using HTTPS URLs on the command line, you'll be asked for your GitHub username and password.
当你在命令行中使用HTTPS的URL来对远程仓库进行git clone, git fetch, git pull, 或者 git push, git fetch, git pull, or git push to a remote repository using HTTPS URLs on the command line, you'll be asked for your GitHub username and password.
When you use HTTPS URLs on the command line to access the remote repository, When performing git fetch, git pull, or git push operations, you will be asked to enter your Github username and password.

But actuallygit cloneyou don’t need to enter your username and password. Could it be that the help document is wrong? Now I have questions to ask. I hope others can continue my answer! Or you can answer it in my newly opened question, click here to enter.

为情所困

How do you think HTTP saves the password you entered?

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template