Hacker News new | past | comments | ask | show | jobs | submit login

I was explaining to someone how to generate an SSH key, they way I would normally do when explaining git to someone not exposed.

They instead used the GitHub app and their GitHub password. I didn't see any interaction with an SSH key.

I am not sure how I feel about that. Something seems not right about it.




You can use http basic since forever with git....


This isn't HTTP Basic Auth, though: these days git with the right Credential Managers (and Git for Windows comes with a good one built in) support OAuth Access Tokens obtained with full OAuth login flows including 2FA authentication. It's theoretically no worse than SSH PKI, and in terms of practicality is often better because it is easier and more convenient. (For the users at least; it is clearly more complex than "install openssh" to implement if you are trying to build a git host that supports OAuth Access Token auth.)


Yes, but something doesn’t feel right about it no?


Why?


Recently I helped someone get set up with VS Code and Git, and it subverted all of my preparations by simply popping up an OAuth window to authenticate.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: