I have a git server that is behind a firewall. I can access the firewall from my home, but not the git server. However, I can access the git server from the firewall (that is, I can SSH to the firewall and then SSH from the firewall to the git server). I am looking to push and pull to the git repos from my home machine, and I thought the SSH ProxyCommand would do it. So I added the following to my SSH config file:
Host git_server
HostName git_server.dom
User user_git_server
IdentityFile ~/.ssh/id_rsa
ProxyCommand ssh firewall exec nc %h %p
Host firewall
HostName firewall.dom
User user_firewall
IdentityFile ~/.ssh/id_rsa
With this setup, I can directly SSH to the git server by doing ssh git_server
. However, git commands that need to talk to the server do not work. git remote show origin
fails with the message:
ssh: connect to host git_server.dom port 22: Operation timed out
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
The url of the origin repo is
ssh://user_git_server@git_server.dom/path/to/bare/repository/repo.git
I think I have most of the things in place, but am missing a small crucial piece. Any pointers to what I could be doing wrong?
ssh://user_git_server@git_server.dom/path/to/bare/repository/repo.git
^^^^^^^^^^^^^^
You are using the wrong URL for your repository. Since your ssh config file has a host entry for git_server
you need to use that host name in your repository URL as well, otherwise SSH will not use a ProxyCommand.
The correct URL should be either
ssh://user_git_server@git_server/path/to/bare/repository/repo.git
or simply
user_git_server@git_server:/path/to/bare/repository/repo.git
It is possible, as mentioned in "Git clone from remote ssh repository - change the machine on the remote network before executing the clone command", that you don't have the command netcat
on the proxy server.
You have also another solution with socat
, which will negotiate with the HTTP(S) proxy server using the CONNECT method to get you a clean pipe to the server on the far side. See socat.
host gh
user git
hostname github.com
port 22
proxycommand socat - PROXY:your.proxy.ip:%h:%p,proxyport=3128,proxyauth=user:pwd
Now you can just say (for example):
git clone gh:sitaramc/git-notes.git
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With