Install this theme
Using Github Through Draconian Proxies (Windows And Unix)

Here is a pretty standard scenario at most corporations:

- All access to the internet is restricted to a proxy
- The proxy only allows connections out on port 80 and 443
- CONNECT method is only enabled for 443
- Proxy Authentication is required (NTLM or Basic)

I like to use both Windows and Unix environments. On Unix tunneling to Github is a bit easier because lots of tools are included.

Unix

1. Download Git. At the time I was writing this I was using Ubuntu so I simply did apt-get install git-core

2. Download and install corkscrew (http://www.agroman.net/corkscrew/). This is a tool for tunneling SSH through HTTP proxies.

3. Edit or create the file ~/.ssh/config and put the following:

ProxyCommand /usr/bin/corkscrew proxy.example.com 443 %h %p ~/.ssh/myauth

Host github.com
User git
Port 22
Hostname github.com
IdentityFile “/media/truecrypt1/Keys/GitHubKey.private”
TCPKeepAlive yes
IdentitiesOnly yes

Host ssh.github.com
User git
Port 443
Hostname ssh.github.com
IdentityFile “/media/truecrypt1/Keys/GitHubKey.private”
TCPKeepAlive yes
IdentitiesOnly yes


  • The ProxyCommand is invoked when ssh needs to make a connection. We are telling ssh to use /usr/bin/corkscrew. This is a 3rd party program that sets up a socket through the HTTP proxy.
  • The program /usr/bin/corkscrew takes as its 5th argument a file containing credentials for your HTTP proxy. Not all proxies need authentication but if you do just put in the file a single line formatted username:password.
  • The Host github.com indicates to ssh that if we are connecting to github.com to use these specific settings. There is nothing special here except we specify the location of the private key that corresponds to the public key we had over in http://www.github.com/
  • Notice we have another entry titled “Host ssh.github.com” . This is to get around proxies that only allow the CONNECT command over 443 (the truly locked down ones). To get around this github setup a whole separate host that listens on port 443. We add both entries here since they are both valid.
4. If everything is setup correctly you should be able to run:
# ssh github.com

Hi tachang! You’ve successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.

If this doesn’t work you can run
# ssh ssh.github.com

And get the exact same thing. If the first command didn’t work it means you are using a proxy that blocks CONNECT on port 22. Almost no proxies block CONNECT on port 443 because you need that for SSL.


We get a no shell access message from github because we are trying to obtain a shell and github has it disabled. However this indicates everything is working. This concludes the setup for Unix.

————————————

Windows


1. Download msysgit http://code.google.com/p/msysgit/

Some settings:

- “Run Git from the Windows Command Prompt”
- “Use OpenSSH” (this one is very important)
- Pick your line endings

2. Download connect.c
http://bent.latency.net/bent/darcs/goto-san-connect-1.85/src/connect.html

This tool deserves its own post mostly because of its utter simplicity. It mirrors the open source tool corkscrew and is used for tunneling through proxies. Yes the tool’s name is really called “connect.c”.

For Window’s users, a pre-compiled binary is available:
connect.exe
I put my connect.exe in C:\Windows\connect.exe

3. Decide whether you like to use the Windows cmd.exe to do stuff or the Cygwin style shell. Or both.

Cygwin Git Bash Shell
For the Cygwin style shell start up the Git icon and edit the file ~/.ssh/config
*Make sure the file has no extension.

Put the following in that file:

ProxyCommand /c/windows/connect.exe -H username@proxy.example.com:443 %h %p

Host github.com
User git
Port 22
Hostname github.com
IdentityFile “/c/Keys/GitHubKey.private”
TCPKeepAlive yes
IdentitiesOnly yes

Host ssh.github.com
User git
Port 443
Hostname ssh.github.com
IdentityFile “/c/Keys/GitHubKey.private”
TCPKeepAlive yes
IdentitiesOnly yes

  • Notice the slash style in order to access the file system.
  • The proxy username is specified as part of the proxy setting. The password for the proxy is prompted for. Read more about connect.c to figure out how to get rid of this prompt.
At this point, using the Git Bash shell should yield:

$ ssh github.com

Hi tachang! You’ve successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed


Windows cmd.exe shell

Suppose you don’t like the Git Bash shell. You prefer the cmd.exe interpreter.

- Go to your config file at C:\Documents and Settings\.ssh\config
- Make a copy of it or make a new one. I called mine config-windows

Put the following in the file:


ProxyCommand C:/Windows/connect.exe -H username@proxy.example.com:443 %h %p

Host github.com
User git
Port 22
Hostname github.com
IdentityFile “C:\Keys\GitHubKey.private”
TCPKeepAlive yes
IdentitiesOnly yes

Host ssh.github.com
User git
Port 443
Hostname ssh.github.com
IdentityFile “C:\Keys\GitHubKey.private”
TCPKeepAlive yes
IdentitiesOnly yes

  • Notice the mixture of slash styles. I find this rather odd but it is what works. We have a forward slash style for the ProxyCommand but for the IdentityFile a forward slash or backward slash both work.
Running the command (making sure we run Git\bin’s ssh.exe and not some other one in the PATH):

C:\Program Files\Git\bin>ssh.exe -F “C:\Documents and Settings\.ssh\config-windows” github.com

Hi tachang! You’ve successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed


General Git Cloning

- Make sure you are using the right Git URL:

Suppose your Public Clone URL is: git://github.com/tachang/EyeFiServer.git

You should use the following URL that utilizes the SSH transport:

git clone ssh://git@github.com:22/tachang/EyeFiServer.git
git clone ssh://git@ssh.github.com:443/tachang/EyeFiServer.git
 
  1. opexxx reblogged this from tachang
  2. tachang posted this