On 3/15/07, Bill Lear <rael@xxxxxxxxxx> wrote:
This fails, and I was wondering if anyone has any experience using
port-forwarding and the git protocol, or if it is not presently
possible.
We do it all the time. We have an internal server for git hosting, and
to use git+ssh you have to be inside the firewall. If you are outside,
you have to run through several SSH hops to get through the firewall.
We automate this using ssh-agent and keys forwarding.
To get ssh to work for you transparently, what you need to do is to
setup a special Host entry for your git server. For example, I have a
Host gitproxied.yourdomain
ProxyCommand ssh firewallhost "perl -MSocket -e
'\$h=shift;socket(X,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));connect(X,sockaddr_in(22,inet_aton(\$h)));\$x=fileno(X);vec(\$r,\$x,1)=1;vec(\$r,0,1)=1;\$|=1;\$0=\"connect
to \$h\";while(1){1 until
select(\$ro=\$r,undef,\$eo=\$r,undef);if(vec(\$ro,\$x,1)){recv(X,\$buf,2000,0);print
\$buf;}elsif(vec(\$ro,0,1)){sysread(STDIN,\$buf,2000)or
last;send(X,\$buf,0);}elsif(vec(\$eo,0,1)||vec(\$eo,\$x,1)){last}}'
git.yourdomain"
as I have several hops to go through, "firewallhost" has another Host
entry, describing how to get to it.
With this, when I'm outside the lan I can ssh into the "git" host by
invoking "ssh gitproxied.yourdomain", sftp and scp work too. So I
often have an "extra" remote called originproxied or similar.
cheers,
martin
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html