git - Why does GitHub recommend HTTPS over SSH?

Question

On the GitHub site there is a link...

https://help.github.com/articles/generating-ssh-keys

... and it states...

If you have decided not to use the recommended HTTPS method, we can use SSH keys to establish a secure connection between your computer and GitHub. The steps below will walk you through generating an SSH key and then adding the public key to your GitHub account.

Why is HTTPS the recommended method? Is there some sort of security flaw in the SSH method or is it slower? I created an SSH key, so would that mitigate any security concerns?

Answer 1

GitHub have changed their recommendation several times (example).

It appears that they currently recommend HTTPS because it is the easiest to set up on the widest range of networks and platforms, and by users who are new to all this.

There is no inherent flaw in SSH (if there was they would disable it) -- in the links below, you will see that they still provide details about SSH connections too:

1. HTTPS is less likely to be blocked by a firewall.

   https://help.github.com/articles/which-remote-url-should-i-use/

   The https:// clone URLs are available on all repositories, public and private. These URLs work everywhere--even if you are behind a firewall or proxy.

2. An HTTPS connection allows credential.helper to cache your password.

   https://help.github.com/articles/set-up-git

   Good to know: The credential helper only works when you clone an HTTPS repo URL. If you use the SSH repo URL instead, SSH keys are used for authentication. While we do not recommend it, if you wish to use this method, check out this guide for help generating and using an SSH key.