2

I would like to create an ssh client that would send git commands to an ssh proxy that would pipe the data in a bidirectional way from the client to a git server repository (for example hosted on github). Is there an easy way to do this? I tried the following : https://www.systutorials.com/git-through-ssh-tunnel-as-proxy/ with no luck. Hope this is clear.

Something like this with the client sending for example git clone and the SSH server funneling back the files to the client machine

SSH Client <---> SSH Server <---> Github Repo

Any help really appreciated!

Improve this question
2
  • Try ProxyJump. At the client side configure ssh to use the server as a jump-host for GitHub. Commented Jun 25, 2020 at 15:52
  • 1
    What isn't working for you? Commented Jun 25, 2020 at 20:01

2 Answers 2

Reset to default
1

The solution which 'systutorials.com' provides is right, being lack of some config info. The Complete config :

vi ~/.ssh/config

Host github.com
        HostName github.com
        User git
        Port 22
        ProxyCommand nc -x 127.0.0.1:1080 %h %p
        IdentityFile ~/.ssh/id_rsa
  • '127.0.0.1:1080' is your SSH Server, you can modify the address to yours
  • good luck
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I got an nc: invalid option -- 'x' error when trying to run the command
'ProxyCommand nc -proxy 127.0.0.1:1080 %h %p' or 'ProxyCommand nc -X 127.0.0.1:1080 %h %p' it depends on your nc version, seeking details in 'man nc'. By the way, ensure that the port(1080) is your Socks5 port
Thanks for the tip arrived at the same conclusion ! Is there a reason you talk about a socks5 proxy when I mentionned an ssh proxy?
I used the http proxy failed, guessing that the firewall stops it.Socks5 port works for me.Have you succeded in tunneling git commands through the http proxy?
So basically the intermediate hop in the middle is not an http proxy even though it could be, but is instead an ssh proxy (as seen on github.com/dutchcoders/sshproxy) running on port 2222; I can redirect the flow to the proxy but I get an handshake failed error for now. Thanks for your help!
1

Here is another solution, for a slightly different use case, namely:

  • You can access github.com from a host, say, foo.
  • You actually need to connect to it from a different host, say bar.
  • You only need to do this interactively - never from cron jobs or some other automated action.
  • However, bar is not allowed to make any outgoing TCP connections - either directly or via a proxy host.
  • You can use SSH to connect from foo to bar.
  • On this connection, you are allowed to set up a reverse SSH tunnel.

In this situation, you can do the following:

  1. On foo, in ~/.ssh/config, specify a reverse SSH tunnel for host bar.
  2. On bar, in ~/.ssh/config, specify the tunnel endpoint as a proxy for host github.com.

For example, with reasonably modern versions of OpenSSH, you can use:

Host bar
  RemoteForward 22022 bar:22

on foo, and on bar:

Host github.com
  ProxyJump localhost:22022

Now, if all is well, after doing

slogin bar

on foo, you can use, on bar:

git clone [email protected]:github/gitignore.git

(or whatever repository you wish to use) and this will attempt to use the reverse tunnel from localhost:22022 to foo to connect to github.com.

This works for me (with both hosts running Ubuntu 18.04).

Notes:

  • It should be possible to replace the ~/.ssh/config lines on bar with something equivalent in ~/.gitconfig; e.g., using gitProxy or [url (...) .insteadOf (...)]. I haven't managed to make this work.
  • To connect to github.com using HTTPS instead of SSH, reverse tunnel to port 443 instead of 22.
  • This is pretty brittle, as it relies on special bits of configuration on foo and bar working in tandem. So I wouldn't recommend this, except for the given use case, for which it is hard to think of anything better.
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.