1

Server blocks outgoing SSH on port 22.

Trying to connect a new repo to an existing private GitHub repo.

On server:

git init .
git remote add [email protected]:<github_username>/repo_name.git

Strangest result sees my unable to communicate with GitHub whilst checked out into the main branch because it uses SSH transport.

However, on the only secondary branch, communication with GitHub works fine, seemingly because it's connecting to a different domain: ssh.github.com and / or using HTTPS, however I do not recall ever connecting to the repository over HTTPS! Let alone for one branch and not the other.

git config --list only shows one URL:

push.default=simple
core.autocrlf=false
grep.linenumber=true
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
core.sshcommand=ssh -vvv
[email protected]:<github_username>/repo_name.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.main.remote=origin
branch.main.merge=refs/heads/main
branch.2nd.remote=origin
branch.2nd.merge=refs/heads/2nd

Debugging whilst checked out into '2nd' branch:

debug2: resolving "ssh.github.com" port 443
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ssh.github.com [20.248.137.50] port 443.
debug1: Connection established.

Debugging whilst checked out into 'main' branch:

debug2: resolving "github.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to github.com [20.248.137.48] port 22.
# Hangs here (firewall) but why the different address / protocol?

Has anyone experienced one branch attempting to use SSH transport whilst another uses HTTPS?

I wasn't aware this was possible but it seemingly is.

Update for @LeGEC:

Within the '2nd' branch:

ssh -vv [email protected]
OpenSSH_7.2p2 Ubuntu-4ubuntu2.10+esm2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 22: Applying options for *
debug2: resolving "ssh.github.com" port 443
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ssh.github.com [20.248.137.50] port 443.
debug1: Connection established.

So, again, ssh.github.com and 443

Within the 'main' branch:

ssh -vv [email protected]
OpenSSH_7.2p2 Ubuntu-4ubuntu2.10+esm2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 22: Applying options for *
debug2: resolving "github.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to github.com [20.248.137.48] port 22.
debug1: Connection established.

And again, github.com and 22

Improve this question
5
  • 3
    Branches aren't Remotes. Commented Mar 14, 2023 at 2:28
  • don't you have something like a versioned .env file that your shell or some part of your system takes into account ? can you check env in both cases ? if you run ssh --vv [email protected], do you see the same difference in how the name is resolved ? Commented Mar 14, 2023 at 4:17
  • it's definitely not git alone, there is something else that changes your context. Commented Mar 14, 2023 at 4:20
  • hmmm ... I just recalled you can have an [includeIf "onbranch:foo"] section in your configuration. Can you check whether this is the case ? most probably in your repo's .git/config, or perhaps in your global ~/.gitconfig file ? Commented Mar 14, 2023 at 10:16
  • @LeGEC no includeIf in either .gitconfig or /.git/config Commented Mar 21, 2023 at 13:32

1 Answer 1

Reset to default
2

There is a visible difference in your two ssh -vv outputs :

in the first one ("Within the '2nd' branch:"), you can see:

debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for github.com

which doesn't show up in the other trace.

If your repo versions the ssh config files for the account you are running on, then this can obviously change the way ssh behaves if you change branches ...

Since that account appears to be root, I will also give you a very strong warning against using git in such a setup.

git has good features for a versioning tool, it however has a few foot shooters and is definitely not a provisioning tool. You probably don't want root to run hooks, to trigger merge conflicts in some central configuration files, or run git clean -f or git restore on your disk.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Out of interest, what tool(s) would you suggest for provisioning?
Thanks for being a decent person about this. I thought the /root/.ssh/config file was missing but it's not. Explains a lot but perhaps not why that file kicks in for the '2nd' branch but not the main branch. Nevermind. had enough of the trolling in this question so I'll probably delete it rather than give that unkind cyber bullying a platform. Wanted to make sure your help was acknowledged though, even if deleting may remove credit. Sorry.
no worries about the deletion :)
about your .ssh/config : my guess is that it is versioned in at least one of your branches (you can confirm that by running git ls-tree -r <HEAD or branch name or commit sha>), so when you checkout to/from 2nd branch, its content gets modified (if you have no .ssh/config file in your main branch, it gets completely deleted when you run git checkout main)
my remark about not using git as a provisioning tool is a generic catch-all remark. I really don't recommend doing that on your main system. If you run it on a system which you can easily recreate (for example: a VM, or within a container ...), perhaps you can fly with it. I have no provisioning framework in mind, in my own case my deployment needs were simple enough, I could answer them by writing shell scripts. In those situations, the first things I had to script was: set the correct access rights on files (owner, group, acl), handle services when some specific files were changed.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.