[xani__]

My SSH key is on hardware token. How HTTPS tokens would be more secure ?

Other question would be I guess "why we don't just use HTTPS client cert auth instead of silly tokens" ?

> Security-wise, most people don't use SSH securely and may fall victim to MITM.

The whole things sounds like "okay so some of you are incompetent, let's put some measures that annoy the ones that are"

[vbezhenar]

> The whole things sounds like "okay so some of you are incompetent, let's put some measures that annoy the ones that are"

The proper measure is to secure SSH keys. For me it seems crazy that I must Google github host key fingerprints. SSH must retrieve those keys over some standard URL like https://github.com/.well-known/ssh rather than asking user a question that he'll ignore.

[palata]

My guess would be that HTTPS checks the certificate, but SSH does not (does it?). First time you connect to a server with SSH, you have to accept a fingerprint. And once in a while it complains for some reason, and the typical move is to erase the file that stores those fingerprints, right?

Well this is not the right way to do it (vulnerable to MITM), but that's how I see most people use it.

Your hardware key mostly ensures that nobody steals your private key, but it cannot magically authenticate the remote server (which is what you need against MITM).

[cesarb]

> [...] And once in a while it complains for some reason, and the typical move is to erase the file that stores those fingerprints, right? Well this is not the right way to do it (vulnerable to MITM), but that's how I see most people use it.

Yes, that's vulnerable to MITM, but with a caveat: that MITM could impersonate github to your machine, but it could not impersonate your machine to github. That is, it could present modified data to your git client, but it would have no access to your github account. With HTTPS without client certificates, once someone successfully impersonates github to your git client, they have the same access to github that your git client has. (HTTPS with client certificates would be as secure as using SSH keys, since the MITM could not impersonate the client to the github server.)