Monday, March 30, 2009

Accessing GIT repository on internet behind firewall.

Accessing GIT repository on internet behind firewall.


1. What is tunneling?

Tunneling is the mechanism of sending any kind of bi-directional request (ssh,ping..) to internet, within available http connection.

Example: In case if we want to access a server in internet over SSH, by default it is not possible since all the any requests going to that port will be blocked by firewall.


More details: http://en.wikipedia.org/wiki/Http_tunnel

http://www.ibm.com/developerworks/linux/library/l-10sysadtips/


2. What are tunneling software’s available?

In one word “many”. All does the same thing!


3. What we have choosen?

Corkscrew is simple tunneling software. It has to be installed on ubuntu boxes.


On Ubuntu, sudo apt-get install corkscrew.


More details: http://209.85.229.132/search?q=cache:ok0rYK9kOKsJ:wiki.kartbuilding.net/index.php/Corkscrew_-_ssh_over_https+&cd=2&hl=en&ct=clnk


4. What parameters have to be passed to corkscrew?

Proxy user name,

Proxy password.

Proxy server port (8080, in our case)

Destination host’s name or IP.

Destination service’s port (GIT, SMTP,SSH…)

Example:

corkscrew 10.199.8.61 8080 android.git.kernel.org 9418 ~/bin/.myauth

Where,

10.199.8.61 -> Proxy server’s IP.

8080 -> Proxy server’s port.

android.git.kernel.org -> Destination hostname

9418 -> Destination service’s port. Here in this case GIT.

~/bin/.myauth -> contains proxy server username and password in the form username:password.

PS: In case our proxy doesn’t resolve IP’s of machine in internet, we have to use IP address of them. Not hostnames.


5. How to find the IP address of machine in internet?

http://www.kloth.net/services/nslookup.php


6. Now finally, how we use this to clone(get) GIT repo’s in internet?


Git has the environment variable “GIT_PROXY_COMMAD”. This variable can be used to set the proxy command for each repository.


Example:

a.


prompt> git clone git://git.denx.de/u-boot-arm.git

Initialized empty Git repository in /vobstore1/tmp/u-boot-arm/.git/

fatal: Unable to look up git.denx.de (port 9418) (Name or service not known)

b.


Find the IP of git.denx.de and define the command with corkscrew.

A shell script (for tcsh) is created as below,

prompt> more /home1/git/bin/.git.uboot.org

#!/bin/sh

exec corkscrew 10.199.8.61 8080 85.214.87.163 9418 ~/bin/.myauth


c. set the GIT variable.

setenv GIT_PROXY_COMMAND /home1/git/bin/.git.uboot.org


d. prompt> git clone git://git.denx.de/u-boot-arm.git

Initialized empty Git repository in /vobstore1/tmp/u-boot-arm/.git/

remote: Counting objects: 88784, done.

remote: Compressing objects: 44% (10474/23804)

.


Sunday, November 16, 2008

Why I love GIT and GITHUB..:)

.......is I can push my changes to public repo, sitting behind one of those corporate network, which allows only http/https through them...

On GITHUB we can host our repos and access from anywhere..( from behind corporate firewalls, proxy...)

There are many links out there over internet, which helps us how to do that...but the basic thing what I was doing wrong was trying to push on ssh's default port 22 and to server github.com, rather than ssh.github.com.

Finally reading this end, I was successful in git-push!. Here is how we can do that....

Variables to be set before proceeding.

++ For those who are lucky ( got root / sudo access ) ++

1. Install corkscrew...( apt-get upgrade corkscrew)
2. edit ~/.ssh/config

Host 65.74.177.142
ProxyCommand corkscrew 8080 %h %p ~/.ssh/proxyauth
Port 443
ServerAliveInterval 10
IdentityFile /home/dilipm/.ssh/github

Where,
- 65.74.177.142 is the IP of ssh.github.com. found from nslookup
- File ~/.ssh/proxyauth contains your username and passwd of proxy server. in format username:passwd

- 443, this is where I was doing wrong! I was trying port 22.
- /home/dilipm/.ssh/github, path of my private key

3. set env variable GIT_PROXY_COMMAND=/home/dilipm/.ssh/proxy_cmd_for_github.
where cat /home/dilipm/.ssh/proxy_cmd_for_github is,
corkscrew 8080 65.74.177.142 443 ~/.ssh/proxyauth


That's it...now just do ssh -v git@ 65.74.177.142
At the first attempt the server's (ssh.github.com) fingerprint will be added to local know_hosts file.

++ For those who are unlucky ( don't have root access ) ++

1. download the perl script of Mark suter..
ssh-https-tunnel

2. change the proxy details as required...

3. change the ProxyCommand in ~/.ssh/config as below,
ProxyCommand ~/ssh-https-tunnel.pl %h %p

that's it....try doing ssh -v git@65.74.177.142