When setting up a Git server, the protocol choice fundamentally impacts workflow efficiency. SSH operates on port 22 using public-key cryptography, while HTTP/S typically uses ports 80/443 with basic auth or certificates.
- Security: Built-in encryption with key-based authentication
- Speed: Binary protocol optimized for Git operations
- No additional setup: Works out-of-box with git-shell
# Sample SSH Git URL
git clone ssh://git@example.com:repo.git
# SSH config optimization
Host git-server
HostName example.com
User git
IdentityFile ~/.ssh/git_key
Compression yes
ServerAliveInterval 60- Firewall friendly: Works through most corporate proxies
- Anonymous access: Read-only access without authentication
- Web integration: Built-in hooks for CI/CD systems
# Smart HTTP configuration (Apache)
<Location /git/>
AuthType Basic
AuthName "Git Access"
AuthUserFile /etc/apache2/git.passwd
Require valid-user
</Location>Local network tests show SSH outperforms HTTP by 15-30% for clone operations. The difference becomes more pronounced with repository size:
| Operation | SSH (10MB repo) | HTTP (10MB repo) |
|---|---|---|
| Clone | 2.1s | 2.8s |
| Pull | 0.4s | 0.7s |
| Push | 0.6s | 1.2s |
Most enterprises use hybrid approaches:
- SSH for developers with write access
- HTTP for CI systems and read-only access
- Git protocol (port 9418) for public repositories
HTTP requires careful SSL/TLS configuration to prevent MITM attacks. SSH demands proper key management:
# Recommended SSH key generation
ssh-keygen -t ed25519 -f ~/.ssh/git_key -C "git@example.com"
chmod 600 ~/.ssh/git_keyTo switch protocols without breaking existing clones:
[remote "origin"]
url = ssh://git@new-server/repo.git
pushurl = https://backup-server/repo.gitWhen setting up a self-hosted Git server, SSH and HTTP(s) represent two fundamentally different transport layers with distinct characteristics:
# SSH Protocol Example
[remote "origin"]
url = ssh://git@example.com:22/repo.git
fetch = +refs/heads/*:refs/remotes/origin/*
# HTTP Protocol Example
[remote "origin"]
url = https://example.com/git/repo.git
fetch = +refs/heads/*:refs/remotes/ororigin/*
Network efficiency varies significantly between protocols:
- SSH: Binary protocol with multiplexed channels averages 15-20% faster clone operations in our tests
- HTTP: Text-based transfer incurs parsing overhead, but benefits from web caching infrastructure
Sample throughput test results:
# Clone performance (1GB repo, 100Mbps network)
SSH: 2m14s (average)
HTTP: 2m47s (no compression)
HTTP: 2m32s (with core.compression=9)
The security implementations differ substantially:
# SSH Authentication
Host git.example.com
HostName 192.168.1.100
User git
IdentityFile ~/.ssh/git_ed25519
IdentitiesOnly yes
# HTTP Authentication (Basic)
git config --global credential.helper store
# Stores credentials in ~/.git-credentials
Common production configurations:
- SSH with Certificate Authority:
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
- HTTP with WebDAV:
DavLockDB /var/www/git/DavLock
- Hybrid Approach:
RewriteRule ^/git/(.*) ssh://git@backend/$1 [P]
Tuning parameters for each transport:
# SSH optimizations in ~/.ssh/config
Host git-*
Compression yes
Ciphers chacha20-poly1305@openssh.com
ConnectionAttempts 3
# HTTP optimizations
[http]
postBuffer = 1048576000
lowSpeedLimit = 0
lowSpeedTime = 999999
Network infrastructure impact:
| Factor | SSH | HTTP |
|---|---|---|
| Default Port | 22 (often restricted) | 80/443 (usually open) |
| NAT Traversal | Requires port forwarding | Works with reverse proxies |
Changing protocols mid-project:
# From HTTP to SSH
git remote set-url origin ssh://git@example.com/repo.git
# From SSH to HTTP
git remote set-url origin https://example.com/git/repo.git
# Verify with:
git remote -v
git ls-remote --heads