1

I'm new to GitHub and, after having followed this tutorial, I'm trying to understand SSH keys.

I already created a key and added it to my account. For the moment I have no more than a few test repositories, which I clones locally.

Now, the problem is that, even if I do not set my ssh-agent (or I remove all the keys from GitHub) I can still update my repos and push to them.

The only thing I can't do with a verified key is cloning a repository using the SSH link (e.g. git@github.com:username/repository.git), but I can still clone and push to repositories using the https link (e.g. https://github.com/username/repository.git).

I initially thought that cloning was allowed using the https but I could not push, but I can even push and it does not ask any usernames of passwords!

So, what's the purpose of SSH keys if anyone can still do the same things that I do with a verified key? Does it have to do with privileges and permissions?

  • You do have to enter your GitHub password to push to a repository, don't you? As far as cloning is concerned, GitHub repositories are public. – mkrieger1 Mar 08 '21 at 20:38
  • Possibly the key is still cached if you don't need a password for pushing. – mkrieger1 Mar 08 '21 at 20:39
  • @mkrieger1 it doesn't ask me any passwords... –  Mar 08 '21 at 20:40
  • How can I uncache it to verify it? –  Mar 08 '21 at 20:40
  • The [way to remove credential from your credential manager](https://git-scm.com/docs/gitfaq#Documentation/gitfaq.txt-HowdoIchangethepasswordortokenI8217vesavedinmycredentialmanager) is outlined in the Git FAQ. – bk2204 Mar 09 '21 at 02:13

1 Answers1

0

but I can still clone and push to repositories using the https link (e.g. https://github.com/username/repository.git).

When using HTTPS, you would not use any SSH key, only cached credentials (GitHub account username/password), that would be provided by the git credential helper (git config credential.helper)

printf "protocol=https\nhost=github.com"|git credential-xxx erase

Replace xxx by the helper returned by git config credential.helper

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • So the reason why GitHub doesn't ask me any credentials could be the fact that the credential helped might already be configured? –  Mar 09 '21 at 09:19
  • @Prelli Only if you are using an HTTPS URL, yes. – VonC Mar 09 '21 at 09:20