1

Let's imagine the current scenario :

We have a Github repository account, the repo, protected both by a password and an ssh key. We have an http proxy which possesses both the correct password and ssh key to access a repo under the account. Finally we have a worker which posses neither the password or the key but can access the proxy.

Is there a way to hijack the http requests from the workers at the http proxy and then add the authentication needed without the knowledge of the worker, letting them thus access the repo without having access to the authentication methods?

Thanks in advance, any help really appreciated !

Improve this question

1 Answer 1

Reset to default
1

A GitHub repository is not password protected: its owner account is.
An SSH key might have an associated passphrase.

Normally, an HTTP proxy is used for HTTPS queries, not SSH URLs.
It is true you can do SSH access through HTTP proxy, but the user would be:

  • without the private SSH key
  • without the GitHub account password
  • with no collaboration right over the repository (meaning, they are not declared as collaborator)

Such a user would not be able to access the repository at all.

As mentioned in the comments, you would need to deploy your own proxy to add authentication headers to the client query.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

You are 100% right I meant the account, not the repo. If I can rephrase the idea a bit : the goal would be to intercept the git queries from the end user at the proxy and then add authentication at this point before forwarding it to the git server (github in this case). Is this possible with an HTTP proxy?
@Solerus Matbe, if you own the proxy and add the missing bits yourself: stackoverflow.com/a/51176368/6309 (thos show adding the proxy-authorization, which is not what you want, but you could add other headers)
Thanks for the answer! So I would need to craft the proxy myself to intercept the requests add the authentication header (or is it in the body), send it to the git server then forward it back to the end user?
@Solerus Yes, that would be the idea. I don't kow of a native proxy feature which would allow you to add authentication, without you installing your own proxy.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.