git-novice icon indicating copy to clipboard operation
git-novice copied to clipboard

Published 20 hours ago verified publisher icon swcarpentry

Replace SSH key setup with Git Credential Manager

Open alexlyttle opened this issue 11 months ago • 8 comments

How could the content be improved?

Having recently instructed this we found the SSH key setup was time-consuming and deviated from to core goals of the lesson. The course is about introducing Git but then introduces SSH, a new concept to many participants.

Since Git Credential Manager comes with Git for Windows, we found it far easier to use that. That way the lesson stayed focussed on the topic "Git" and did not deviate to become a lesson about SSH. We would need to add Git Credential Manager to setup instructions and make sure it works well on macOS and linux.

I know SSH keys are a very useful way to authenticate with GitHub, but perhaps should be left out of the course and hinted at instead (e.g. useful if using Git on a computer cluster).

alexlyttle avatar Dec 03 '24 11:12 alexlyttle

I was about to open a similar issue. At the moment, I even find the reason given in the lesson for using ssh over https misleading:

We use SSH here because, while it requires some additional configuration, it is a security protocol widely used by many applications.

This makes it sound like https wouldn't be a secure protocol (but it is) and that https wouldn't be used by many applications, when I would bet that it is used by more applications than ssh is. I have nothing against ssh, but https is simply a lot easier to work with when engaging a newcomer-level crowd and even experienced devs can make it work just as nicely as ssh does.

knarrff avatar Dec 09 '24 15:12 knarrff

Unfortunately, using https with a password is no longer an option on GitHub. Attempting to do so causes the following message:

remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
fatal: Authentication failed for 'https://github.com/swcarpentry/git-novice.git/'

Personal access tokens could work. I've never used them, but I suspect that explaining how they work and generating them would be pretty much as problematic as setting up SSH keys.

Git credential manager or the GitHub CLI could be interesting to discuss. I'm not familiar enough at the moment but I'd be in favour of a community discussion on the issue. @swcarpentry/git-novice-maintainers

martinosorb avatar Dec 09 '24 20:12 martinosorb

Right - github has that problem. On the other hand: setting up a personal token is quick in the web interface, could be documented through screen shots and in the end, from the usage point it's nothing else than a fancy password: one a user cannot choose (and thus, cannot create weakly).

Also, as far as I know only github has this limitation: other remote git providers usually offer https password authentication - sometimes even exclusively.

knarrff avatar Dec 10 '24 06:12 knarrff

@martinosorb Git Credential Manager (GCM) comes with Git for Windows. If you try e.g. git push ... within Git for Windows, a window pops up prompting you to authenticate with GitHub in your browser. This is by far the easiest way to authenticate for a new user and is a native part of the software required during setup. For macOS and Linux users we would just need to make sure setting up GCM is easy enough.

@knarrff, your point about https is a good one. Our institution GitLab does not support ssh due to some security policies.

alexlyttle avatar Dec 10 '24 09:12 alexlyttle

I was about to make a similar issue here, it's good to know this was time-consuming for other instructors. My institution recently held an introductory git workshop and setting up SSH took over at least half of it (next time, my colleague and I are offering an extra two hour setup in the morning before the workshop to handle this). I noticed that there is a useful video on installing git listed as a prerequisite to the lesson. Would a similar video demonstrating the setup of SSH and/or a personal access token work here? Either could flow nicely on the prerequisites page under the "Creating a GitHub Account" heading, and the lesson could circle back to the video in the relevant episode.

maxturer avatar Dec 23 '24 18:12 maxturer

When the Met Office was adapting their version of this lesson we debated moving ssh key generation and setup into a pre-requisite setup step with a video to show all the steps. Unfortunately GCM wouldn't be an option for us.

astroDimitrios avatar Jan 20 '25 13:01 astroDimitrios

I also had a difficult time with the setting of SSH.

I would recommend https because I find less interference with the GIT content that we are trying to provide. Downloading by https is trivial and uploading on GitHub requires a personal access token that is very easy to generate (a couple of screenshots would be able to guide how to obtain a token before the course even starts)

SSH is convenient for frequent users, but to be honest, we are teaching the content to novices in the subject, and we should be happy if they start using git more frequently first. The SSH key pair generation just becomes a big barrier for many and a time consumer for the course.

jorobledo avatar Mar 31 '25 06:03 jorobledo

Just to say in our fork of the lesson we have now moved SSH key generation into the setup and told learners to come to any of our pre-workshop sessions or email the instructor if they need help: https://www.astropython.com/git-novice/

It would be fairly easy to have both PAT and SSH options in the lesson using the group tabs in the infrastructure. I would not want to remove SSH completely. We tested Git CLI, PAT and SSH - tbh all are confusing and multi-step for a complete novice (not all our learners will be complete novices when it comes to ssh etc).

astroDimitrios avatar Mar 31 '25 10:03 astroDimitrios