Jeef
Jeef

Reputation: 27285

git clone issues via an SSH proxied host

I have a setup where we are using a bastion/jump-host to access a remote server and I'm having issues doing my git clone.

In my git config i have the followings setup:

Local .ssh/config

Host *.remotedomain.org
   ProxyCommand ssh -l username jumphost nc %h 22`
   LogLevel DEBUG1

Remote .ssh/config

LogLevel DEBUG1

So if I do ssh remoteDevel.remotedomain.org it will route me via this proxy host and all is good.

Case 1 - Clone on the Remote side

#Log into remote machine via SSH
ssh remoteDevel

#Clone repo
git clone ssh://[email protected]:7999/mirror/disjockey.git

What I noticed is the SSH debug "stuff" prints out this line

Initialized empty Git repository in /home/USER/disjockey/.git/
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 7999 stash.remotedomain.org

This looks like to me like its making a proxy into the Atlassian Stash server to pull down the git repo (good)

Case 2 - Local via Proxy

When I try the same command locally things go awry

git clone ssh://[email protected]:7999/mirror/disjockey.git

First I see it tries to go via the jumpiest

debug1: Executing proxy command: exec ssh -l USERNAME jumphost nc stash.remotedomain.org 22
....
#Lots of junk
....
debug1: Next authentication method: password
[email protected]'s password:

So?

Well obviously it isn't working as I hoped. From what I can tell my proxy command is likely off as it looks like its trying to proxy into stash:22 when I run it locally and into stash:7999 when I run it remotely.

I tried to change my proxy command to:

ProxyCommand ssh -l username jumphost nc %h 7999

But that seems to never log in correctly. Not exactly sure what to do here but I'm assuming its probably something simple that I'm missing?

Updates SocksProxy

I found a way to make things work - but I'm confused as to how this actually helps things

First I create a Socks Proxy with : ssh -D 1080 machine.remotedomain.org

Then I edit my .ssh/config

#Host *.remotedomain.org
#   ProxyCommand ssh -l username jumphost nc %h 22`
#   LogLevel DEBUG1

Host stash.remotedomain.org
    User git
    ProxyCommand nc -x localhost:1080 %h %p

And then my git clone will work, however, this is problematic because i had to comment out the lines i needed in the 1st place to create my socks tunnel.

Upvotes: 5

Views: 8706

Answers (1)

Jeef
Jeef

Reputation: 27285

We got things working! Here was the .ssh/config that did the trick.

Host remote connects to the machine gen1 on the remote network.

Connecting to: stash.remotedomain.org basically does a 2nd proxy on top of the remote one, and proxies into port 7999 which is what the git server (atlassian stash) is running.

Host remote
    HostName gen1
    ProxyCommand ssh -l username jumphost nc %h %p

Host stash.remotedomain.org
    ProxyCommand ssh remote nc stash 7999

So when I do: git clone ssh://[email protected]:7999/mirror/disjockey.git everything works!!

Upvotes: 10

Related Questions