Accessing a git repository via ssh behind a firewall

Question

I would like to access (clone/push/pull) a private (via ssh) git repository while behind a corporate firewall that only allows http proxy access. I have written a robust Java (daemon) program (based on the JSCh class library) that will allow me to leverage local and remote port forwarding and I am hoping to leverage this but my brain hurts when I try to envision how to set this up.

The git repo depot (to coin a phrase) is at foo.server.com/var/git so the natural inclination, ignoring the fireall, to set up a clone would be:

$ git clone ssh://foo.server.com/var/git/myrepo.git

but the firewall will block this command. I'm inclined to try something like

$ git clone ssh://localhost:8022/var/git/myrepo.git

where localhost:8022 is forwarded to foo.server.com:22

So is this path worth pursuing? Is there any easier solution that is still secure? Are there pitfalls or gotchas I should be aware of?

Answer 1

Using socat and a .ssh/config like this:

Host=foo.server.com
ProxyCommand=socat - PROXY:your.proxy.ip:%h:%p,proxyport=3128,proxyauth=user:pwd

You should be able to ssh to foo.server.com and

git clone ssh://foo.server.com/var/git/myrepo.git

is expected to work.

Answer 2

Can you get a normal ssh (command-line) session going? If so, git should also work.

When using ssh, git should pick up your configuration options in .ssh/config. If that is not enough, you can point the environment variable GIT_SSH at a modified version of ssh (or shell script wrapper).

Answer 3

This is my setup working under a Linux machine (localhost on port 18081 is a proxy).

cat ~/.ssh/config
Host  github.com
  User git
  ProxyCommand nc -x localhost:18081 -Xconnect %h %p