Git clone SSH vs HTTPS

Greg Foster
Greg Foster
Graphite software engineer

Git clone SSH vs HTTPS

Cloning a Git repository is a crucial skill for any developer, enabling you to download existing Git repositories to your local machine. There are two primary protocols for cloning repositories: SSH (Secure Shell), and HTTPS (Hypertext Transfer Protocol Secure). Each method has its own set of advantages, setup requirements, and use cases. Understanding the differences between cloning with SSH vs. HTTPS can help you choose the most suitable approach for your workflow.

SSH is a protocol that provides a secure channel over an unsecured network in a client-server architecture, offering both authentication and encryption.

When you clone a Git repository using SSH, you authenticate to the server without having to provide your username or password at each visit.

  • Security: SSH keys provide a more secure way of logging into a server than using a password alone.

  • Convenience: Once your SSH key is set up, you don't need to enter your credentials every time you push or pull from the repository.

  1. Generate an SSH Key Pair:

    • On your local machine, generate a new SSH key pair by running ssh-keygen in your terminal. You can specify a file location for the key and a passphrase for extra security.
  2. Add the SSH key to GitHub:

    • In the GitHub web portal, navigate to Settings > SSH and GPG keys > New SSH key, paste your public key, and save.
  1. Open your terminal.

  2. Execute the command to start the ssh-agent in the background: This command should display a message indicating that the agent has started, along with its process ID.

eval "$(ssh-agent -s)"
  1. Check if the SSH config file exists: Use open ~/.ssh/config to see if the file exists. If it doesn't, you will need to create it.

  2. Create the SSH config file if necessary: Use touch ~/.ssh/config to create the file.

  3. Open the config file: You can use a text editor to open the file, e.g., vim ~/.ssh/config

  4. Modify the config file: Add the following lines to the file, adjusting the IdentityFile path if your SSH key has a different name or location:

AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
  • Note: If you didn't set a passphrase for your key, omit the UseKeychain yes line. If you encounter a configuration error, try adding IgnoreUnknown UseKeychain under a specific Host definition.
  1. Add your SSH private key to the ssh-agent: Use the following command, ensuring to replace id_ed25519 with the name of your key.
ssh-add --apple-use-keychain ~/.ssh/id_ed25519
  • This adds your SSH key to the ssh-agent and stores your passphrase in the keychain, making it so you don't have to enter the passphrase every time the key is used.

  • Note: The -apple-use-keychain option helps store the passphrase in your keychain when adding an SSH key to the ssh-agent. If you do not have a passphrase or are not using an Apple device, adjust the command accordingly.

  • If you're prompted for the passphrase despite these steps, you may need to add the ssh-add command to your shell profile file (~/.zshrc or ~/.bash_profile).

  • Ensure you're using the correct path and filename for your SSH key when executing the ssh-add command.

This guide focuses on adding an existing SSH key to the ssh-agent, especially for macOS users. For users on other operating systems, the steps are similar, but the command to start the ssh-agent and the method to edit the SSH config file might differ.

  • Find the SSH URL of the repository and run: git clone

  • Make sure to replace with the actual path to your repository.

  • Specify an SSH key: If you want to use a specific SSH key, you can modify the ssh command using the i option: ssh -i /path/to/private/key.

  • For Git operations, set the GIT_SSH_COMMAND environment variable: export GIT_SSH_COMMAND="ssh -i /path/to/private/key".

  • Debugging SSH: Use ssh -T (replace with your Git server) to test your SSH connection.

HTTPS is a protocol for secure communication over a computer network. In the context of Git, it is used to securely transfer repository data over the internet.

  • Ease of setup: Cloning with HTTPS is straightforward and doesn't require setting up SSH keys.

  • Universally accessible: HTTPS cloning works through firewalls and proxy servers.

  1. Clone the Repository:

    • Find the HTTPS URL of the repository and run: git clone <>

    • Replace with the actual path to your repository.

  • Credential caching: To avoid entering your username and password with every push/pull, you can use a credential helper: git config --global credential.helper cache.

  • Two-factor authentication (2FA): If you have 2FA enabled, you'll need to generate a personal access token and use that instead of your password.

  • Use SSH when:

    • You need a secure method without entering your credentials frequently.

    • You have direct access to the server or have the ability to add SSH keys to your Git server.

  • Use HTTPS when:

    • You prefer a setup that works immediately without generating SSH keys.

    • You are working behind a firewall or proxy that restricts SSH traffic.

Both SSH and HTTPS are secure methods to clone and interact with Git repositories, each with its own set of advantages. Your choice between SSH and HTTPS may depend on your specific needs for security, convenience, and the setup you're willing to do.

Give your PR workflow
an upgrade today

Stack easier | Ship smaller | Review quicker

Or install our CLI.
Product Screenshot 1
Product Screenshot 2