Wednesday, March 28, 2012

GitHub with cygwin git behind corporate firewall and proxy

GitHub: me too! Port 22 doesn't work! Bummer! Corporate firewalls suck!

I find it complicated enough to establish a tunnel to GitHub through a corporate firewall to share my results. The following steps describe what I have done on my Windows 7 to finally succeed.

Install

Install cygwin with git, ssh and corkscrew.
All commands are now entered in the cygwin shell, not the Windows command shell.
We use git from the cygwin package, not from the git bash.

Configure the proxy for git

make sure you have the HTTP_PROXY environment variable set:
echo $HTTP_PROXY
should print your proxy host and port

Now enter
git config --global http.proxy $HTTP_PROXY

On to the fun part: tunnel SSH through the https port 443

Follow the ssh key generation process as described in the GitHub installation page.
The command
ssh -T git@github.com
fails because port 22 is blocked. That's why you are reading this page after all.

Create the file /.ssh/config and put the following content in it

Host gitproxy
User git
HostName ssh.github.com
Port 443
ProxyCommand /usr/bin/corkscrew.exe proxyhost proxyport %h %p
IdentityFile /.ssh/id_rsa

If you don't like the host name gitproxy, feel free to choose your own.
The indentity file is you private key file, which has been generated with ssh-keygen.

Make sure the rights are set correctly, otherwise ssh wil complain
chmod 644 /.ssh/config

Now try
ssh gitproxy

ssh will ask you for the passphrase you have defined for your ssh key
GitHub says:
Hi (your GitHub name)! You've successfully authenticated, but GitHub does not provide shell access.

Use the host gitproxy instead of github.com for all further git commands. The passphrase is prompted for the  git push command and likely a bunch of others. I am new to git and GitHub, so forgive me for my lack of precision.

The programs ssh-agent and ssh-add can automate the passphrase so that you don't have to enter it every time.

Set up ssh-agent

Add
eval `ssh-agent`
to your .bashrc

Reopen the cygwin shell and run
ssh-add /.ssh/id_rsa

I am sure I have forgotten something, but hopefully this will take you 95% ;-)

Did I already mention that I hate network plumbing with a passion?
Posted by at
Labels: , , , ,

4 comments:

  1. Dieter LuypaertOctober 23, 2012 at 12:08 PM

    Worked great!

    Just make sure you use the SSH url and not the HTTPS url for cloning your github.

    eg. git@github.com:username/your-project.git

    ReplyDelete
  2. JeanDecember 20, 2012 at 6:25 PM

    how do I set the HTTP_PROXY environment variable?

    ReplyDelete
  3. AlpengeistDecember 20, 2012 at 8:01 PM

    Nothing special there:

    export HTTP_PROXY=....

    like any variable in the bash shell :-)

    ReplyDelete
  4. UnknownFebruary 20, 2015 at 1:58 PM

    Great help. Thanks from dpa newslab!

    ReplyDelete

Subscribe to: Post Comments (Atom)