Mercurial - HTTPS or SSH?

Question

I have switched our internal codebase to use Mercurial, with a hosted remote repository. I've read that using Mercurial over SSH instead of HTTPS is faster because the data is compressed before it is sent. But... compared to HTTPS, it's quite a pain to set up, especially on Windows.

For those of you who have used both regularly on large projects...

1. Is the performance gain worth the headache of setting up public/private keys for each user, and dealing with other finicky configuration issues?
2. Is there even a noticeable performance gain? I haven't seen one on smaller projects.
3. Is SSH more secure?
4. Would you enforce a policy of using one over the other, or let each developer choose?

Answer 1

Yes for a very large repository, it is recommended that you use SSH as Mercurial for large repo. Mercurial is able to compress data being sent for both ssh and https, so you can push and pull faster. Also, by default, Mercurial does not use compression when sending or retrieving data via SSH.You will need to enable it via configuration.

There are two ways you can do this:

1. Tell Mercurial which SSH command to run
2. Specify compression in your ~/.ssh/config file

In.hgrc

# Use compression
ssh = ssh -C

To specify it in your SSH config file, edit ~/.ssh/config

All said, HTTPS setup is easy. If you have it, just use it, unless you are going to write mega ton frameworks.

Answer 2

Either works just fine; go with whatever is easier for you.

HTTPS also does compression before encryption, so that's not much of an issue. The only real difference I've seen is that clones can abort for huge repos over HTTP, but folks can always re-try.

I personally like using https as a read-only setup so people can view/browse/clone, and then using ssh for all writing, and allowing clone/pull from ssh too.

Many folks start with ssh access because they already have UNIX user accounts for everyone, so there's no additional setup required.

If you already have https working for you, just stick with it.