当前位置: 文江博客话题详情

git clone 是否通过 NTLM 代理工作?

发布于 2024-08-12 17:28:29 字数 1590 浏览 9 评论 0原文

我尝试过使用 export http_proxy=http://[username]:[pwd]@[proxy]git config --global http.proxy http://[username] :[密码]@[代理]

我无法让它发挥作用。看起来 git 使用基本身份验证:

Initialized empty Git repository in /home/.../.git/
* Couldn't find host github.com in the .netrc file, using defaults
* About to connect() to github.com port 8080 (#0)
*   Trying 10.... * Connected to github.com (10....) port 8080 (#0)
* Proxy auth using Basic with user '...'
> GET http://github.com/sunlightlabs/fiftystates.git/info/refs HTTP/1.1
Proxy-Authorization: Basic MD...
User-Agent: git/1.6.1.2
Host: github.com
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive

< HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to t
he Web Proxy filter is denied.  )
< Via: 1.1 ...
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: Kerberos
< Proxy-Authenticate: NTLM
< Connection: Keep-Alive
< Proxy-Connection: Keep-Alive
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 4118
* The requested URL returned error: 407
* Closing connection #0
fatal: http://github.com/sunlightlabs/fiftystates.git/info/refs download error - The requested URL returned error: 407

Google 搜索返回了混合且可能未更新的结果。它在某个地方说 curl 是(曾经?)在幕后使用的,但它的选项是(曾经?)硬连线到代码中的。例如,

curl --proxy-ntlm --proxy ...:8080 google.com

可以,我想在 git 中使用相同的选项。

我在这里需要一些更明确的答案:有人通过 Windows 代理成功使用 git 吗?哪个版本?

谢谢。

原文

I've tried both using export http_proxy=http://[username]:[pwd]@[proxy] and git config --global http.proxy http://[username]:[pwd]@[proxy].

I couldn't make it work. It looks like git uses Basic authentication:

Initialized empty Git repository in /home/.../.git/
* Couldn't find host github.com in the .netrc file, using defaults
* About to connect() to github.com port 8080 (#0)
*   Trying 10.... * Connected to github.com (10....) port 8080 (#0)
* Proxy auth using Basic with user '...'
> GET http://github.com/sunlightlabs/fiftystates.git/info/refs HTTP/1.1
Proxy-Authorization: Basic MD...
User-Agent: git/1.6.1.2
Host: github.com
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive

< HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to t
he Web Proxy filter is denied.  )
< Via: 1.1 ...
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: Kerberos
< Proxy-Authenticate: NTLM
< Connection: Keep-Alive
< Proxy-Connection: Keep-Alive
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 4118
* The requested URL returned error: 407
* Closing connection #0
fatal: http://github.com/sunlightlabs/fiftystates.git/info/refs download error - The requested URL returned error: 407

Google search returned mixed and probably not updated results. Somewhere it says that curl is (was?) used under the hood, but its options are (were?) hardwired into code. For example,

curl --proxy-ntlm --proxy ...:8080 google.com

works, and I'd like to use the same option with git.

I need some more definite answers here: has anybody succeed using git through Windows proxies? Which version?

Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(9

唯憾梦倾城 2024-08-19 17:28:29

默认 NTLM 凭据

为了使用默认 NTLM 凭据,请

git config --global http.proxy https://:@proxy:port

为 ISA 服务器提供一个空的用户名和密码 防火墙客户端

您可以使用 Microsoft 的 ISA Server 防火墙客户端。安装后:

开始>自动启动> Microsoft 防火墙客户端管理

“设置”选项卡>手动指定ISA服务器>代理:端口
Web 浏览器选项卡 >取消选中“启用网络浏览器自动配置”。

Default NTLM credentials

In order to use default NTLM credentials, provide an empty username and password

git config --global http.proxy https://:@proxy:port

Firewall Client for ISA Server

Instead of setting proxy for git, npm, etc. you can use Firewall Client for ISA Server from Microsoft. After installation:

Start > Autostart > Microsoft Firewall Client Management

Settings tab > Manual specified ISA Server > proxy:port
Web Browser tab > Uncheck "Enable web browser automatic configuration."

回复 原文
楠木可依 2024-08-19 17:28:29

Git 从 1.7.10 版本开始支持 NTLM 代理身份验证,相关提交为 https://github。 com/gitster/git/commit/dd6139971a18e25a5089c0f96dc80e454683ef0b

1.7.10 发行说明简要提到它:

* HTTP transport learned to authenticate with a proxy if needed.

我已经在我的工作场所成功使用代理进行了测试,该代理是 NTLM 并且需要用户/密码,您可以使用以下命令进行测试:

git config --global http.proxy http://user:[email protected]:port
git clone http://git.videolan.org/git/bitstream.git

问候,

Git supports NTLM proxy authentication from version 1.7.10 onwards, relevant commit is https://github.com/gitster/git/commit/dd6139971a18e25a5089c0f96dc80e454683ef0b

1.7.10 release notes briefly mentioned it as:

* HTTP transport learned to authenticate with a proxy if needed.

I've successfully tested it with the proxy at my workplace which is NTLM and requires user/pass, you can test yourself with following commands:

git config --global http.proxy http://user:[email protected]:port
git clone http://git.videolan.org/git/bitstream.git

Regards,

回复 原文
未央 2024-08-19 17:28:29

克隆对我有用,但只能通过 HTTP(因为我们的公司防火墙阻止 ssh/git 协议):

$ export http_proxy="http://username:password@proxy:port/"
$ git clone http://github.com/sunlightlabs/fiftystates_site.git fifty
Initialized empty Git repository in /home/user/fifty/.git/
got e15f5192b923d8e87abaeb9406d0f4d80403da09
walk e15f5192b923d8e87abaeb9406d0f4d80403da09
got a78b792191f1cf5e961753dcfe05e9c809bdb0ed
got 76e6e86e72a0f998f7663da69ca49c457a302e27
walk 76e6e86e72a0f998f7663da69ca49c457a302e27
got 35b68a3b876fb90e73ba7a7eb51432e825ef2aa3
...

Github 建议通过 git://github.com/... 进行克隆,但你必须将其更改为手动http://github.com/...

编辑:我使用的是 git 版本 1.5.6.3。

希望有帮助!

Cloning works for me but only over HTTP (since our corporate firewall blocks the ssh/git protocols):

$ export http_proxy="http://username:password@proxy:port/"
$ git clone http://github.com/sunlightlabs/fiftystates_site.git fifty
Initialized empty Git repository in /home/user/fifty/.git/
got e15f5192b923d8e87abaeb9406d0f4d80403da09
walk e15f5192b923d8e87abaeb9406d0f4d80403da09
got a78b792191f1cf5e961753dcfe05e9c809bdb0ed
got 76e6e86e72a0f998f7663da69ca49c457a302e27
walk 76e6e86e72a0f998f7663da69ca49c457a302e27
got 35b68a3b876fb90e73ba7a7eb51432e825ef2aa3
...

Github suggests cloning via git://github.com/... but you have to change it to http://github.com/... manually.

Edit: I'm using git version 1.5.6.3.

Hope that helps!

回复 原文
没企图 2024-08-19 17:28:29

AndreaG(在上面的评论中)对这个问题有我能找到的唯一可接受的答案。看起来 Git 无法与 NTLM 代理一起工作,尽管它确实应该工作,因为 cURL(它在下面使用)确实工作得很好。为什么这个问题无法解决我不知道。这似乎是一个相当普遍的问题。

完整的解决方案是使用 ntlmaps 充当代理的代理。您所需要做的就是从以下位置下载最新版本的应用程序:http://ntlmaps.sourceforge.net/

更改配置文件以包含您的身份验证和代理详细信息,然后将代理设置为新的本地代理:

git config --global http.proxy http://localhost:5865

我可以确认它工作正常。不仅如此,您还可以将它用于任何需要 NTLM 身份验证但不提供完整 NTLM 支持的应用程序。

AndreaG (in a comment above) has the only acceptable answer to this problem that I can find. It seems that Git just won't work with NTLM proxies even though it really should because cURL (which it uses underneath) does work just fine. Why this issue can't be fixed I have no idea. It seems to be a fairly common issue.

The solution, in full then, is to use ntlmaps to act as a proxy to the proxy. All you need to do is to download the latest version of the app from: http://ntlmaps.sourceforge.net/

Change the config file to include your authentication and proxy details and then set the proxy to be your new local one:

git config --global http.proxy http://localhost:5865

I can confirm that it works just fine. Not only that you can use it for any app that requires NTLM authentication but does not provide full NTLM support.

回复 原文
自由如风 2024-08-19 17:28:29

您还可以使用cntlm,

http://cntlm.sourceforge.net/

类似于ntlmaps但编写的解决方案纯C.
它的工作方式与 ntlmaps 相同,通过在计算机上的端口(默认为 3128)创建本地代理服务器 (127.0.0.1)。这个新的本地创建的代理服务器不需要任何身份验证,因此可以与任何支持 http 代理的应用程序一起使用。
如果您需要的话,它还可以创建本地袜子代理。

与用 python 编写的 ntlmaps 相比,主要优点是 cntlm 的 CPU 和 RAM 使用率非常低,通常小于 2%。

You can also use cntlm,

http://cntlm.sourceforge.net/

A solution similar to ntlmaps but written in pure C.
It works in the same way as ntlmaps by creating a local proxy server (127.0.0.1) at a port (3128 default) on your machine. This new locally created proxy server does not require any authentication and thus can be used with any application that supports http proxy.
It can also create a local socks proxy if you need one.

The main advantage over ntlmaps which is written in python, is that cntlm has very low CPU and RAM usage, typically <2%.

回复 原文
笑脸一如从前 2024-08-19 17:28:29

TL/DR:

export GIT_HTTP_PROXY_AUTHMETHOD=basic

或者

git config --global http.proxyauthmethod basic

当 git (curl) 代理身份验证不起作用时我遇到了同样的问题。凭证是正确的。升级到最新的 git-v2.15.0 没有帮助。

该问题是由于 git-libcurl 选择了错误的代理身份验证方法造成的。

有效的 proxy_authmethod 选项在 git 源代码中定义:
在C398CC03342E5AD222F85B8A8/HTTP .c#L81

proxyauthmethod 可以通过 GIT_HTTP_PROXY_AUTHMETHOD 环境变量或 http.proxyauthmethod git 配置选项来定义。环境变量覆盖配置选项值。

TL/DR:

export GIT_HTTP_PROXY_AUTHMETHOD=basic

or

git config --global http.proxyauthmethod basic

I had the same issue when git (curl) proxy auth did not work. Credentials were right. Upgrade to the latest git-v2.15.0 did not help.

The issue was due to wrong proxy authentication method chosen by git-libcurl.

The valid proxy_authmethod options are defined in git source:
https://github.com/git/git/blob/d0e9983980a25e0c398cc03342e5ad22ef85b8a8/http.c#L81

The proxyauthmethod can be defined either through GIT_HTTP_PROXY_AUTHMETHOD environment variable or http.proxyauthmethod git config option. Environment variable overrides the config option value.

回复 原文
栖迟 2024-08-19 17:28:29

由于这是我在搜索中不断发现的一个问题,因此我将在此处添加我的答案。

我需要在一个网络上通过 http(s) 代理(需要 NTLM 身份验证)访问 github.com 托管的存储库,并且在正常的互联网连接上,从我们的 Mac OS X 开发机器上仍然可以工作。

这是我让它发挥作用的方法。这并不适用于每个 git 托管提供商,但我发布它是为了帮助您解决这个问题。这也仅适用于 Mac OS X,但如果您弄清楚如何在系统的网络更改上运行某些内容,其余的应该随之而来。

我必须使用 git clone [email protected]:user/ repo.git 正常设置 ssh 访问后 (http://help.github.com/mac-set-up-git/)。

然后,我需要设置一个本地 http(s) 代理来处理 NTLM 身份验证,例如 ntlmaps、cntlm 或 Authoxy。我已经用 Authoxy 进行了测试。我将把配置留给您,因为您需要知道您自己的代理详细信息。

您还需要 corkscrew,如果您有 MacPort,则只需 sudo port install corkscrew 即可。

然后我将以下内容添加到 ~/.ssh/config

Host github.com.disabled
User git
HostName ssh.github.com
Port 443
ProxyCommand /opt/local/bin/corkscrew localhost 6574 %h %p

其中 6574 是我设置 Authoxy 侦听的 TCP 端口。

现在我创建了一个脚本,尝试在 /usr/local/bin/locationchanger 中查找 http(s) 代理服务器,并根据找到的内容配置 ssh 设置:

#!/bin/sh

set -o nounset
set -o errexit

sleep 10 # allow for WiFi to actually connect.

# if we can find the proxy server, then use it.
if ! host proxy.internal.network;
then
    echo "Proxy server not found, clearing http(s) proxy";
    sed -i '.backup' -E 's/^Host github.com$/Host github.com.disabled/' "$HOME/.ssh/config"
else
    echo "Proxy server found, setting http(s) proxy";
    sed -i '.backup' -E 's/^Host github.com.disabled$/Host github.com/' "$HOME/.ssh/config"
fi
echo "Done."

不要忘记chmod +x /usr/local/bin/locationchanger

现在创建~/Library/LaunchAgents/LocationChanger.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
    "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>tech.inhelsinki.nl.locationchanger</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/locationchanger</string>
    </array>
    <key>WatchPaths</key>
    <array>
        <string>/Library/Preferences/SystemConfiguration</string>
    </array>
</dict>
</plist>

然后launchctl加载~/Library/LaunchAgents/LocationChanger.plist。只要网络发生变化,此 launchd 作业就会运行。如果它可以找到您的内部网络 http(s) 代理服务器,它将使 ssh 使用 corkscrew 通过 Authoxy 进行工作,Authoxy 将处理通过公司代理的工作。如果找不到代理服务器,它将禁用特殊的 ssh 配置,您就可以像平常一样工作。

现在我们的团队不必再考虑网络切换了。

Since this was a question I kept finding on my search to make this work, I'll add my answer here.

I needed to get access to a github.com hosted repo working via an http(s) proxy (that requires NTLM authentication) on one network, and have it still work when on a normal internet connection, from our Mac OS X dev machines.

Here is how I made it work. This won't work for every git hosting provider, but I'm posting in case it helps you figure this out. This is also only for Mac OS X, but if you figure out how to run something on network change for your system, the rest should follow.

I had to use git clone [email protected]:user/repo.git after setting up ssh access as normal (http://help.github.com/mac-set-up-git/).

I then needed to setup a local http(s) proxy that handles the NTLM authentication, such as ntlmaps, cntlm or Authoxy. I've tested with Authoxy. I'll leave configuring this to you, because you'll need to know your own proxy details.

You'll also need corkscrew, which is just sudo port install corkscrew if you have MacPorts.

Then I added the following to ~/.ssh/config:

Host github.com.disabled
User git
HostName ssh.github.com
Port 443
ProxyCommand /opt/local/bin/corkscrew localhost 6574 %h %p

Where 6574 is the TCP port I set Authoxy to listen on.

Now I created a script that tries to find the http(s) proxy server, and configures the ssh setup according to what it finds, at /usr/local/bin/locationchanger:

#!/bin/sh

set -o nounset
set -o errexit

sleep 10 # allow for WiFi to actually connect.

# if we can find the proxy server, then use it.
if ! host proxy.internal.network;
then
    echo "Proxy server not found, clearing http(s) proxy";
    sed -i '.backup' -E 's/^Host github.com$/Host github.com.disabled/' "$HOME/.ssh/config"
else
    echo "Proxy server found, setting http(s) proxy";
    sed -i '.backup' -E 's/^Host github.com.disabled$/Host github.com/' "$HOME/.ssh/config"
fi
echo "Done."

Don't forget to chmod +x /usr/local/bin/locationchanger.

Now create ~/Library/LaunchAgents/LocationChanger.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
    "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>tech.inhelsinki.nl.locationchanger</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/locationchanger</string>
    </array>
    <key>WatchPaths</key>
    <array>
        <string>/Library/Preferences/SystemConfiguration</string>
    </array>
</dict>
</plist>

And then launchctl load ~/Library/LaunchAgents/LocationChanger.plist. This launchd job will run whenever the network changes. If it can find your internal network http(s) proxy server, it will make ssh use corkscrew to work through Authoxy, which will handle working through the company proxy. If it can't find the proxy server, it will disable the special ssh config, and you're working just like normal.

Now our team doesn't have to think about network switching anymore.

回复 原文
情魔剑神 2024-08-19 17:28:29

我一直在使用 ntlmaps 并通过 windows/NT 代理获得良好的结果: http://ntlmaps.sourceforge.net/

git 配置为:

git config --global http.proxy http://localhost:5865

I've been using ntlmaps and been having good results getting through windows/NT proxies: http://ntlmaps.sourceforge.net/

The git configuration is:

git config --global http.proxy http://localhost:5865

回复 原文
困倦 2024-08-19 17:28:29

我偶然发现了一种更简单、可能更安全的解决方案,它不仅适用于 git,还适用

  • 于节点中 ruby
  • ​​ npm

中的任何基于命令的安装程序 Rubygems一个从命令行运行所有流量的解决方案都通过身份验证进行代理。

不会以用户:密码@域:端口格式暴露您的密码

解决方案:

下载Fiddler,它有一种内置方法可以向所有请求添加身份验证标头。

一旦运行菜单规则->自动验证(勾选)

然后进行 git

git config --global http.proxy http://localhost:8888
git config --global https.proxy http://localhost:8888

就这样了!

I have stumbled on a more easier and possibly safer solution that works not just for git but also any command based installers

  • Rubygems in ruby
  • npm in node

One solution running all your traffic from command line is proxied with authentiction.

Wont expose your password in the user:password@domain:port format

Solution:

Download Fiddler, It has a built in way to add authentication headers to all requests.

Once running menu Rules-> Automatically Authenticate (Tick that)

Then for git

git config --global http.proxy http://localhost:8888
git config --global https.proxy http://localhost:8888

Thats it!

回复 原文
~没有更多了~

关于作者

迷离°

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文