Connect to BitBucket via proxy

Question

Hoi,

I try to hg pull
from my private repo on Bitbucket.org
into my local repo on my Windows machine
from behind the company proxy that requires Windows authentication.

• I found the proxy server and port (Internet options of IE)

• I found the settings Mercurial.ini file in my %USERPROFILE%

• I added this section to it (info):

  [http_proxy]
  host = TheProxyServer : TheProxyServerPort
  user = MyWindowsLogin
  passwd = MyWindowsPassword

• This works:

C:\path\to\repo> hg pull
http authorization required
realm: Bitbucket.org HTTP
user:

after I enter the credentials of Bitbucket, I get:

searching for changes
no changes found

But writing down the password in Mercurial.ini is obviously a major security issue (besides having to update this file each month because of our password policies).

Is it somehow possible to let Mercurial ask for the proxy credentials?
Or store these credentials in a more secure way?

Edit:

I tried with the same settings and SSH, but I got this:

C:\path\to\repo> hg clone ssh://[email protected]/ME/repo/
running ""C:\Program Files\TortoiseHg\TortoisePlink.exe" -ssh -2 [email protected] "hg -R ME/repo/ serve --stdio"

abort: no suitable response from remote hg!

And a dialog : "PuTTY Fatal Error - Network error: Connection timed out"

Edit2:

This question came up because Subversion handles this situation correctly:

In the Subversion servers file I specify the proxy host and port too, and Subversion automagically sends my windows authentication to it. I don't have to enter nor write down my credentials anywhere when checking out source from the web via the proxy using e.g.

C:\workingdir> svn checkout http://okarito.googlecode.com/svn/trunk/ okarito-read-only
... Checked out revision 5.

Thanks in advance!
Jan

Answer 1

Another alternative is to run a local http proxy which then authenticates with your companies http proxy. You can run cntlm under Cygwin and safely store an NTLMv2 hash in the cntlm conf file. You then set you http proxy to be localhost:3128, and don't specify a username or password.

My other suggestion is to use TortoiseHg. This will store your proxy information, but I'm not sure if it's stored securely.

Answer 2

You can use the --config option to hg as this allows you override configuration settings from the command line. The syntax is --config <section>.<name>=<value>, so try this:

hg --config http_proxy.passwd=YourWindowsPassword pull

This will leave your password in your command history but this is probably better than in the Mercurial.ini file.