通过防火墙后面的 ssh 访问 git 存储库

发布于 2024-08-10 22:11:25 字数 503 浏览 11 评论 0原文

我想在仅允许 http 代理访问的公司防火墙后面访问(克隆/推/拉)私有(通过 ssh)git 存储库。我已经编写了一个强大的 Java(守护程序)程序(基于 JSCh 类库),它允许我利用本地和远程端口转发,我希望利用它,但当我尝试设想如何设置它时,我的大脑受伤了。

git repo depot(创造一个短语)位于 foo.server.com/var/git,因此忽略 fireall,设置克隆的自然倾向是:

$ git clone ssh://foo.server.com/var/git/myrepo.git

但防火墙会阻止此命令。我倾向于尝试类似

$ git clone ssh://localhost:8022/var/git/myrepo.git

localhost:8022 转发到 foo.server.com:22

那么这条路径值得追求吗?有没有更简单且安全的解决方案?是否有我应该注意的陷阱或陷阱?

I would like to access (clone/push/pull) a private (via ssh) git repository while behind a corporate firewall that only allows http proxy access. I have written a robust Java (daemon) program (based on the JSCh class library) that will allow me to leverage local and remote port forwarding and I am hoping to leverage this but my brain hurts when I try to envision how to set this up.

The git repo depot (to coin a phrase) is at foo.server.com/var/git so the natural inclination, ignoring the fireall, to set up a clone would be:

$ git clone ssh://foo.server.com/var/git/myrepo.git

but the firewall will block this command. I'm inclined to try something like

$ git clone ssh://localhost:8022/var/git/myrepo.git

where localhost:8022 is forwarded to foo.server.com:22

So is this path worth pursuing? Is there any easier solution that is still secure? Are there pitfalls or gotchas I should be aware of?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

哀由 2024-08-17 22:11:25

使用 socat.ssh/config 如下:

Host=foo.server.com
ProxyCommand=socat - PROXY:your.proxy.ip:%h:%p,proxyport=3128,proxyauth=user:pwd

您应该能够 sshfoo.server.com >

git clone ssh://foo.server.com/var/git/myrepo.git

预计可以工作。

Using socat and a .ssh/config like this:

Host=foo.server.com
ProxyCommand=socat - PROXY:your.proxy.ip:%h:%p,proxyport=3128,proxyauth=user:pwd

You should be able to ssh to foo.server.com and

git clone ssh://foo.server.com/var/git/myrepo.git

is expected to work.

懷念過去 2024-08-17 22:11:25

您可以正常进行 ssh(命令行)会话吗?如果是这样,git 也应该可以工作。

使用 ssh 时,git 应在 .ssh/config 中获取您的配置选项。
如果这还不够,您可以将环境变量 GIT_SSH 指向 ssh(或 shell 脚本包装器)的修改版本。

Can you get a normal ssh (command-line) session going? If so, git should also work.

When using ssh, git should pick up your configuration options in .ssh/config.
If that is not enough, you can point the environment variable GIT_SSH at a modified version of ssh (or shell script wrapper).

不疑不惑不回忆 2024-08-17 22:11:25

这是我在 Linux 机器下运行的设置(端口 18081 上的本地主机是代理)。

cat ~/.ssh/config
Host  github.com
  User git
  ProxyCommand nc -x localhost:18081 -Xconnect %h %p

This is my setup working under a Linux machine (localhost on port 18081 is a proxy).

cat ~/.ssh/config
Host  github.com
  User git
  ProxyCommand nc -x localhost:18081 -Xconnect %h %p
享受孤独 2024-08-17 22:11:25

当您执行 git clone http://example.com/gitproject.git 或 git clone https://example.com/gitproject.git 时,您正在使用HTTP/HTTPS 协议。

Git 尊重 http_proxy 和 https_proxy 环境变量,因此您只需在 shell 中执行以下命令即可:

export http_proxy=socks5://localhost:1080 https_proxy=socks5://localhost:1080

之后,同一 shell 下的 git 命令将使用代理进行 HTTP/HTTPS 连接。

When you do git clone http://example.com/gitproject.git or git clone https://example.com/gitproject.git, you're using the HTTP/HTTPS protocol.

Git respects http_proxy and https_proxy envrionment variables, so you can simply execute the following command in a shell:

export http_proxy=socks5://localhost:1080 https_proxy=socks5://localhost:1080

After that, your git command under the same shell will use the proxy for HTTP/HTTPS connections.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文