On Thu, Mar 01, 2018 at 12:29:04AM -0800, stefano wrote: > Hello, I need to expose my git repository for external use. > Which kind of protocol is better to use for security purposes? > Ssh only? Ssh under vpn? Other solutions?
Depends on how you define "security". Basically, there are two "secure" transports for communicating with remote Git repositories -- SSH and HTTPS. They both are able to provide all the three features typically assumed to be provided by "security" -- authentication, integrity, and confidentiality. A minor difference is that in typical setups HTTPS does not provide authentication as web servers (and other TLS-terminating software) in their default setups typically do not require the connecting clients to provide certificates trusted by the server. A VPN is only needed only if you intend to use the low-level "native" Git protocol (used for repository URLs starting with "git://") or intend to serve your Git repository via some networking filesystem like NFS or CIFS/SMB). I'd also note that when hosting Git via SSH, one may want to virtualize Git users by "hiding" them "behind" a single system user (commonly named "git"). That's because the primary purpose of SSH is providing logins for real users to the system. For a start, you might look at the software package called gitolite. To round up, you'll have to lay down your security concerns in a more detailed manner. I mean, both SSH and HTTPS are reasonable secure *when it comes to protecting the data on the wire,* and the real question is that whether you need to authenticate the clients to the server (and authorize them subsequently). -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
