
Microsoft Open-Sources Git Credential Manager for Mac and Linux - dstaheli
http://blogs.msdn.com/b/visualstudioalm/archive/2015/11/18/visual-studio-team-services-git-credential-manager-for-mac-and-linux.aspx
======
ethomson
As has been mentioned (repeatedly) this obviously has no use for people using
SSH. Indeed, the goal of this tool is explicitly to be helpful for cloud-
hosted repositories in Visual Studio Team Services (formerly Visual Studio
Online). This is helpful for teams that enforce two-factor authentication over
HTTPS. The article assumes a bit of knowledge about this, but does indeed
mention this:

> We ported this tool to Mac and Linux to simplify their authentication to
> remote Git repositories, in particular those hosted in Visual Studio Team
> Services (VSTS).

~~~
tjohns
I'm curious why they don't add SSH support to Visual Studio Team Services
then. :)

Edit: Apparently they are. But I still think it would've been better to layer
two-factor auth on top of SSH keys, since that can be done securely in a 100%
offline manner.

Perhaps it's just a cultural difference, since Windows doesn't ship with an
SSH client?

~~~
ethomson
Edit: SSH is coming soon.

These are (roughly) orthogonal issues: regardless of whether we support SSH or
not, we are going to support HTTPS access to Git repositories. And if we
support HTTPS, we must support two-factor authentication. A lot of
organizations require this. (In fact, Microsoft itself requires this
internally: our authentication to any internal web site uses 2FA.)

So Visual Studio Team Services must support HTTPS with two-factor
authentication. This is awfully painful to use git core on the command-line
without a credential manager to assist you.

------
dragonwriter
> Are you tired of typing in a user name and password every time you fetch
> from or push to remote Git repositories?

No, because SSH.

~~~
falcolas
Your ssh key isn't password protected, I take it?

~~~
yan
It is. ssh-agent caches it though.

------
jasonmp85
> Are you tired of typing in a user name and password every time you fetch
> from or push to remote Git repositories?

No?

~~~
cosarara97
No, we have something called private and public keys.

~~~
taylorwc
This was exactly my reaction. Solution in search of a problem?

~~~
uxp
Against a repository hosting service that lacks SSH or rather incentives
HTTP(s) over SSH (Visual Studio Team Services, formerly Visual Studio Online),
entering credentials is a problem with Git. 98% of Git users won't have this
issue, but for those few it is probably the biggest, most annoying issue.

------
dstaheli
This is not yet for those who use SSH. It's for situations where multi-factor
authentication is required, including SMS, phone call, etc. SSH support on
VSTS Git repos is coming soon:
[https://visualstudio.uservoice.com/forums/121579-visual-
stud...](https://visualstudio.uservoice.com/forums/121579-visual-
studio-2015/suggestions/3801342-add-support-for-ssh-keys-as-alternate-
authenticati)

------
shubhamjain
I am baffled why would they try to port this for Mac / Linux which already has
SSH functionality built-in. It can make sense on Windows where there is no
equivalent, by default.

~~~
babo
Two-factor authentication is the reason. A use case is to access code from
VSTS where two-factor authentication is a forced.

------
tjohns
I like the idea of adding second-factor authentication to your Git
credentials. But doing this using OAuth to a cloud service just seems like the
wrong approach. Use SSH keys, and then either (a) set a good password on your
key, or (b) store the key on a hardware token, like a Yubikey. [1]

I think the big problem here is that they're using HTTP(S) as a transport for
Git. And there's just not very many options left for layering on extra
security if you do that.

[1]: I'm a big fan of Yubikeys for credential storage. You can put them in PGP
Smartcard mode, and then use the PGP key with SSH:
[https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-
yubike...](https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/)

------
anon4
Remember Microsoft's patented triple-e tactic:

1\. Embrace

2\. Extend

3\. Extinguish

We're at step 2. They've gotten pretty fast at it, I must say.

------
creshal
OAuth for SSH? What the hell are you guys doing? No, stop. _Stop._ Drop it. Go
back to the drawing board and learn what SSH can do apart from password and
public key auth (hint: Everything from challenge-response schemes to
Kerberos).

~~~
dragonwriter
Are they using Git SSH at all? I assumed they were using OAuth with Git HTTPS
transport...

~~~
creshal
Yes, but why?

~~~
yaur
Because VSTS doesn't support SSH

~~~
creshal
Embrace, extend, extinguish, phase 2?

------
ctstover
honestly this is just sad

------
newman314
Off-topic, but personally what I would really like to have is for my password
manager (1Password) to manage the ssh keys.

------
NickHaflinger
On the front page:

3 mentions of Visual Studio, 2 mentions of Microsoft, 1 mention of ASP.NET

Yes, yes, yes Microsoft are still bleeding edge with the software :)

