简短
为什么git pull/push
现在无法正常工作,因为防火墙后面的ssh
正在运行(尤其是ssh git@bitbucket.org
)。
已经提出了类似的问题,我已经阅读过了。 但我仍然缺乏理解。
我坐在公司防火墙后面,我设法通过配置~/.ssh/config
(带有git push/pull
设置到我的路由器(DD-Wrt @ Asus RT-N16,sshserver是dropbear)的ssh连接(端口443) corkscrew +公司http代理)。
由于端口22被阻塞,我认为我可以设置一个ssh隧道,这使我能够使用端口22从我的工作机器进一步使用ssh命令,特别是与$GIT_SSH
一起使用(使用bitbucket,它没有' t通过端口443支持ssh访问...)
我很乐意提供一些意见。或者甚至是其他方法。
我只是注意到... git使用它自己的ssh命令(在ssh git@bitbucket.org
中),我没有考虑过。但这只是问题的一小部分,因为即使Host asus
HostName myrouter.com
User admin
Port 443
ProxyCommand C:/cygwin/bin/corkscrew.exe companyproxy proxy_port %h %p
IdentityFile C:/cygwin/home/*user*/.ssh/id_rsa
Host *
ProxyCommand ssh asus nc -w1 %h %p
IdentityFile C:/cygwin/home/*user*/.ssh/id_rsa
也无效。
SCENARIO
workmachine - > 防火墙 - > asus_rtn16 - > git repo
修改
转发现在正在运行,我可以直接进入每台机器。 Git仍有一些麻烦。
的〜/ .ssh /配置
GIT_SSH
我没有提示登录。我添加了RSA身份验证,但我也没有提示输入保护密钥的密码。
我确实将$ git push --verbose -u origin --all
Pushing to ssh://git@bitbucket.org/*username*/myrepo.git
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /c/cygwin/home/*user*/.ssh/config
debug1: Applying options for asus
debug1: Applying options for *
debug1: Executing proxy command: exec C:/cygwin/bin/corkscrew.exe *proxy* *port* *router* 443
debug1: permanently_drop_suid: 500
debug1: identity file /c/cygwin/home/<user>/.ssh/id_rsa type 1
debug1: identity file /c/cygwin/home/<user>/.ssh/id_rsa type 1
debug1: Remote protocol version 2.0, remote software version dropbear_0.52
debug1: no match: dropbear_0.52
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '[*router*]:443' is known and matches the RSA host key.
debug1: Found key in /c/cygwin/home/*user*/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
DD-WRT v24-sp2 big (c) 2011 NewMedia-NET GmbH
Release: 02/17/11 (SVN revision: 16214)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /c/cygwin/home/*user*/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown> # freezes here...
fatal: Could not read from remote repository. # continues after ctrl + c
Please make sure you have the correct access rights
and the repository exists.
设置为指向正确的ssh,并且配置中的路径是绝对的。
当我尝试推送
时会发生这种情况Enter passphrase for key '/home/*user*/.ssh/id_rsa':
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to *router* (via proxy).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: nc -w1 sdf-eu.org 22
正常的ssh连接应该像
一样继续git push -u origin --all
DEBUG LV3
debug1: Next authentication method: publickey
debug1: Offering public key: C:/cygwin/home/*user*/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 31:cc:3b:fa:xx:xx:xx:a1:ae:d6:21:97:62:68:fa:f0
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
失败
ssh -vvv asus
debug1: Next authentication method: publickey
debug1: Offering RSA public key: C:/cygwin/home/*user*/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 31:cc:3b:fa:xx:xx:xx:a1:ae:d6:21:97:62:68:fa:f0
debug3: sign_and_send_pubkey: RSA 31:cc:3b:fa:xx:xx:xx:a1:ae:d6:21:97:62:68:fa:f0
debug1: Authentication succeeded (publickey).
Authenticated to *router* (via proxy).
成功
debug3: sign_and_send_pubkey
~/
似乎有问题。
其他数据
id_rsa.pub
的chmod为755,id_rsa
的chmod为644,{{1}}为600
答案 0 :(得分:2)
免责声明:如果允许此类连接,请安全人员为您启用此类连接。如果不允许,你仍然使用一些隧道来规避贵公司的安全概念,那将会遇到很多麻烦!警告。
您已设法进入路由器。在这种情况下,我会使用
ProxyCommand ssh router nc -w1 %h %p
在你的.ssh / config。
这将首先打开与您的路由器的ssh连接并连接到实际的目标主机,然后启动实际的ssh连接。 git也可以使用这种设置。