Git pull HTTPS, push SSH

For many public Git repos, using HTTPS for “git fetch”, “git pull”, and other Git download operations has adequate security. A primary concern for downloading public Git content is verifying the content is genuinely from the desired author. A reasonable degree of confidence can be accomplished using HTTPS to download and verifying the author PGP signed Git commits. Git download operations over HTTPS are perhaps twice as fast as Git over SSH and use less CPU. Typically it is desired for Git to verify SSL certificates:

git config --global http.sslVerify true

When pushing Git commits, SSH can provide enhanced security. Since “git push” operations typically take longer than “git pull”, particularly where pre-commit hooks and PGP commit signing are used, SSH speed penalty on “git push” is often acceptable.

For developers there are speed benefits from a hybrid Git configuration where Git downloads use HTTPS and Git uploads use SSH. Git has intrinsic functionality for this setup in a global configuration. The one-setup setup below uses “https://” for the remote repo URL instead of “ssh://”. To upgrade existing local public repos, edit individual repo “.git/config” accordingly. This is a one-time config command:

git config --global url."ssh://".pushInsteadOf

git config --global url."ssh://".pushInsteadOf

This makes all GitHub and GitLab public repos push over SSH, unless overridden in a repo’s own “.git/config”. Confirm by git remote -v in a repo.

If experiencing problems on “git push”, check this matches the desired Git repo:

git config --get remote.origin.url

In particular, it must NOT have a trailing slash like repo/