通过ssh隧道转发ssh协议|企业防火墙

时间:2013-06-04 20:32:54

标签: git ssh cygwin ssh-tunnel dd-wrt

简短

为什么git pull/push现在无法正常工作,因为防火墙后面的ssh正在运行(尤其是ssh git@bitbucket.org)。


已经提出了类似的问题,我已经阅读过了。 但我仍然缺乏理解。

我坐在公司防火墙后面,我设法通过配置~/.ssh/config(带有git push/pull设置到我的路由器(DD-Wrt @ Asus RT-N16,sshserver是dropbear)的ssh连接(端口443) corkscrew +公司http代理)。

由于端口22被阻塞,我认为我可以设置一个ssh隧道,这使我能够使用端口22从我的工作机器进一步使用ssh命令,特别是与$GIT_SSH一起使用(使用bitbucket,它没有' t通过端口443支持ssh访问...)

我很乐意提供一些意见。或者甚至是其他方法。

我只是注意到... git使用它自己的ssh命令(在ssh git@bitbucket.org中),我没有考虑过。但这只是问题的一小部分,因为即使Host asus HostName myrouter.com User admin Port 443 ProxyCommand C:/cygwin/bin/corkscrew.exe companyproxy proxy_port %h %p IdentityFile C:/cygwin/home/*user*/.ssh/id_rsa Host * ProxyCommand ssh asus nc -w1 %h %p IdentityFile C:/cygwin/home/*user*/.ssh/id_rsa 也无效。

SCENARIO

workmachine - > 防火墙 - > asus_rtn16 - > git repo

修改

转发现在正在运行,我可以直接进入每台机器。 Git仍有一些麻烦。

的〜/ .ssh /配置

GIT_SSH

我没有提示登录。我添加了RSA身份验证,但我也没有提示输入保护密钥的密码。

我确实将$ git push --verbose -u origin --all Pushing to ssh://git@bitbucket.org/*username*/myrepo.git OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug1: Reading configuration data /c/cygwin/home/*user*/.ssh/config debug1: Applying options for asus debug1: Applying options for * debug1: Executing proxy command: exec C:/cygwin/bin/corkscrew.exe *proxy* *port* *router* 443 debug1: permanently_drop_suid: 500 debug1: identity file /c/cygwin/home/<user>/.ssh/id_rsa type 1 debug1: identity file /c/cygwin/home/<user>/.ssh/id_rsa type 1 debug1: Remote protocol version 2.0, remote software version dropbear_0.52 debug1: no match: dropbear_0.52 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug1: Host '[*router*]:443' is known and matches the RSA host key. debug1: Found key in /c/cygwin/home/*user*/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received DD-WRT v24-sp2 big (c) 2011 NewMedia-NET GmbH Release: 02/17/11 (SVN revision: 16214) debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: /c/cygwin/home/*user*/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> # freezes here... fatal: Could not read from remote repository. # continues after ctrl + c Please make sure you have the correct access rights and the repository exists. 设置为指向正确的ssh,并且配置中的路径是绝对的。

当我尝试推送

时会发生这种情况
Enter passphrase for key '/home/*user*/.ssh/id_rsa': 
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to *router* (via proxy).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: nc -w1 sdf-eu.org 22

正常的ssh连接应该像

一样继续
git push -u origin --all

DEBUG LV3

debug1: Next authentication method: publickey debug1: Offering public key: C:/cygwin/home/*user*/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp 31:cc:3b:fa:xx:xx:xx:a1:ae:d6:21:97:62:68:fa:f0 debug3: sign_and_send_pubkey debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> 失败

ssh -vvv asus

debug1: Next authentication method: publickey debug1: Offering RSA public key: C:/cygwin/home/*user*/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp 31:cc:3b:fa:xx:xx:xx:a1:ae:d6:21:97:62:68:fa:f0 debug3: sign_and_send_pubkey: RSA 31:cc:3b:fa:xx:xx:xx:a1:ae:d6:21:97:62:68:fa:f0 debug1: Authentication succeeded (publickey). Authenticated to *router* (via proxy). 成功

debug3: sign_and_send_pubkey

~/似乎有问题。


其他数据

id_rsa.pub的chmod为755,id_rsa的chmod为644,{{1}}为600

1 个答案:

答案 0 :(得分:2)

免责声明:如果允许此类连接,请安全人员为您启用此类连接。如果不允许,你仍然使用一些隧道来规避贵公司的安全概念,那将会遇到很多麻烦!警告。

您已设法进入路由器。在这种情况下,我会使用

ProxyCommand ssh router nc -w1 %h %p

在你的.ssh / config。

这将首先打开与您的路由器的ssh连接并连接到实际的目标主机,然后启动实际的ssh连接。 git也可以使用这种设置。