gitgithubssh

How does github SSH works?


I am curious about cloning projects using git. In order to clone a project we are calling:

git clone git@github.com:MY_GIT_USERNAME/PROJECT.git

So what we are doing here, is we are accessing github.com, as a user git. I suppose that when there is a MY_GIT_USERNAME/PROJECT is some kind of directory which has some accesses and keys added, which are then validated to the real github server with the repositories, so the one that we are accessing via git clone is some kind of proxy one, used only for authenticating and authorizing requests, am I right?

Is github using some kind of tool to store all of the ssh keys? Is there any kind of tool like this?

Also if git clone doesnt work as this one, how does it work? How does which is similar to the typical ssh command works?


Solution

  • Git uses SSH to establish a secure connection through which it can execute commands. You're passing it in your ssh username, git, and the host to connect to, github.com. So far this is normal SSH.

    You also pass it the path to look for your Git repository, MY_GIT_USERNAME/PROJECT.git. With normal Git this would be a literal path.

    To avoid having to make an ssh user for every Github user, Github is ignoring the git user and identifying you using the private ssh key(s) linked to your account. This is not an uncommon way to do ssh authentication.

    A simple implementation would store all the repositories on a filesystem like /git/MY_GIT_USERNAME/PROJECT.git/, but Github has long, long, long scaled past simple solutions like that.

    I don't know how Github works internally, but they are definitely sharing objects across multiple repositories. For example, if multiple repositories commit the same content, it's very likely it will only be stored once. Similarly, forking a repository on Github probably does not actually copy the whole repository, but instead has a shared repository. Since Git repositories are already based on checkums, this is relatively easy; though at Github's scale I'm sure it isn't.

    To understand more, read up on the Git Internals. Particularly Git Objects and Transfer Protocols.