通过防火墙后面的 ssh 访问 git 存储库
我想在仅允许 http 代理访问的公司防火墙后面访问(克隆/推/拉)私有(通过 ssh)git 存储库。我已经编写了一个强大的 Java(守护程序)程序(基于 JSCh 类库),它允许我利用本地和远程端口转发,我希望利用它,但当我尝试设想如何设置它时,我的大脑受伤了。
git repo depot(创造一个短语)位于 foo.server.com/var/git,因此忽略 fireall,设置克隆的自然倾向是:
$ git clone ssh://foo.server.com/var/git/myrepo.git
但防火墙会阻止此命令。我倾向于尝试类似
$ git clone ssh://localhost:8022/var/git/myrepo.git
localhost:8022 转发到 foo.server.com:22
那么这条路径值得追求吗?有没有更简单且安全的解决方案?是否有我应该注意的陷阱或陷阱?
I would like to access (clone/push/pull) a private (via ssh) git repository while behind a corporate firewall that only allows http proxy access. I have written a robust Java (daemon) program (based on the JSCh class library) that will allow me to leverage local and remote port forwarding and I am hoping to leverage this but my brain hurts when I try to envision how to set this up.
The git repo depot (to coin a phrase) is at foo.server.com/var/git so the natural inclination, ignoring the fireall, to set up a clone would be:
$ git clone ssh://foo.server.com/var/git/myrepo.git
but the firewall will block this command. I'm inclined to try something like
$ git clone ssh://localhost:8022/var/git/myrepo.git
where localhost:8022 is forwarded to foo.server.com:22
So is this path worth pursuing? Is there any easier solution that is still secure? Are there pitfalls or gotchas I should be aware of?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
使用
socat和.ssh/config如下:您应该能够
ssh到foo.server.com>预计可以工作。
Using
socatand a.ssh/configlike this:You should be able to
sshtofoo.server.comandis expected to work.
您可以正常进行 ssh(命令行)会话吗?如果是这样,git 也应该可以工作。
使用 ssh 时,git 应在 .ssh/config 中获取您的配置选项。
如果这还不够,您可以将环境变量 GIT_SSH 指向 ssh(或 shell 脚本包装器)的修改版本。
Can you get a normal ssh (command-line) session going? If so, git should also work.
When using ssh, git should pick up your configuration options in .ssh/config.
If that is not enough, you can point the environment variable GIT_SSH at a modified version of ssh (or shell script wrapper).
这是我在 Linux 机器下运行的设置(端口 18081 上的本地主机是代理)。
This is my setup working under a Linux machine (localhost on port 18081 is a proxy).
当您执行 git clone http://example.com/gitproject.git 或 git clone https://example.com/gitproject.git 时,您正在使用HTTP/HTTPS 协议。
Git 尊重 http_proxy 和 https_proxy 环境变量,因此您只需在 shell 中执行以下命令即可:
之后,同一 shell 下的 git 命令将使用代理进行 HTTP/HTTPS 连接。
When you do
git clone http://example.com/gitproject.gitorgit clone https://example.com/gitproject.git, you're using the HTTP/HTTPS protocol.Git respects http_proxy and https_proxy envrionment variables, so you can simply execute the following command in a shell:
After that, your git command under the same shell will use the proxy for HTTP/HTTPS connections.