git clone 是否通过 NTLM 代理工作?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1783659/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Does git clone work through NTLM proxies?
提问by AndreaG
I've tried both using export http_proxy=http://[username]:[pwd]@[proxy]and git config --global http.proxy http://[username]:[pwd]@[proxy].
我试过使用export http_proxy=http://[username]:[pwd]@[proxy]和git config --global http.proxy http://[username]:[pwd]@[proxy]。
I couldn't make it work. It looks like git uses Basic authentication:
我无法让它发挥作用。看起来 git 使用基本身份验证:
Initialized empty Git repository in /home/.../.git/
* Couldn't find host github.com in the .netrc file, using defaults
* About to connect() to github.com port 8080 (#0)
* Trying 10.... * Connected to github.com (10....) port 8080 (#0)
* Proxy auth using Basic with user '...'
> GET http://github.com/sunlightlabs/fiftystates.git/info/refs HTTP/1.1
Proxy-Authorization: Basic MD...
User-Agent: git/1.6.1.2
Host: github.com
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive
< HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to t
he Web Proxy filter is denied. )
< Via: 1.1 ...
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: Kerberos
< Proxy-Authenticate: NTLM
< Connection: Keep-Alive
< Proxy-Connection: Keep-Alive
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 4118
* The requested URL returned error: 407
* Closing connection #0
fatal: http://github.com/sunlightlabs/fiftystates.git/info/refs download error - The requested URL returned error: 407
Google search returned mixed and probably not updated results. Somewhere it says that curlis (was?) used under the hood, but its options are (were?) hardwired into code. For example,
Google 搜索返回的结果混合且可能未更新。某处说这curl是(曾经?)在引擎盖下使用,但它的选项(是?)硬连线到代码中。例如,
curl --proxy-ntlm --proxy ...:8080 google.com
works, and I'd like to use the same option with git.
有效,我想对 git 使用相同的选项。
I need some more definite answers here: has anybody succeed using git through Windows proxies? Which version?
我需要一些更明确的答案:有没有人通过 Windows 代理成功使用 git?哪个版本?
Thanks.
谢谢。
采纳答案by Nelson
Git supports NTLM proxy authentication from version 1.7.10onwards, relevant commit is https://github.com/gitster/git/commit/dd6139971a18e25a5089c0f96dc80e454683ef0b
Git 从1.7.10版本开始支持 NTLM 代理认证,相关提交是https://github.com/gitster/git/commit/dd6139971a18e25a5089c0f96dc80e454683ef0b
1.7.10release notesbriefly mentioned it as:
1.7.10发行说明简要提及它为:
* HTTP transport learned to authenticate with a proxy if needed.
I've successfully tested it with the proxy at my workplace which is NTLM and requires user/pass, you can test yourself with following commands:
我已经在我的工作场所使用 NTLM 代理成功对其进行了测试,并且需要用户/密码,您可以使用以下命令进行测试:
git config --global http.proxy http://user:[email protected]:port
git clone http://git.videolan.org/git/bitstream.git
Regards,
问候,
回答by rofrol
Default NTLM credentials
默认 NTLM 凭据
In order to use default NTLM credentials, provide an empty username and password
为了使用默认的 NTLM 凭据,请提供一个空的用户名和密码
git config --global http.proxy https://:@proxy:port
Firewall Client for ISA Server
ISA 服务器的防火墙客户端
Instead of setting proxy for git, npm, etc. you can use Firewall Client for ISA Serverfrom Microsoft. After installation:
您可以使用Microsoft 的ISA Server 防火墙客户端,而不是为 git、npm 等设置代理。安装后:
Start > Autostart > Microsoft Firewall Client Management
Start > Autostart > Microsoft Firewall Client Management
Settings tab > Manual specified ISA Server > proxy:port
Web Browser tab > Uncheck "Enable web browser automatic configuration."
Settings tab > Manual specified ISA Server > proxy:port
Web Browser tab > Uncheck "Enable web browser automatic configuration."
回答by lemonad
Cloning works for me but only over HTTP (since our corporate firewall blocks the ssh/git protocols):
克隆对我有用,但只能通过 HTTP(因为我们的公司防火墙阻止了 ssh/git 协议):
$ export http_proxy="http://username:password@proxy:port/"
$ git clone http://github.com/sunlightlabs/fiftystates_site.git fifty
Initialized empty Git repository in /home/user/fifty/.git/
got e15f5192b923d8e87abaeb9406d0f4d80403da09
walk e15f5192b923d8e87abaeb9406d0f4d80403da09
got a78b792191f1cf5e961753dcfe05e9c809bdb0ed
got 76e6e86e72a0f998f7663da69ca49c457a302e27
walk 76e6e86e72a0f998f7663da69ca49c457a302e27
got 35b68a3b876fb90e73ba7a7eb51432e825ef2aa3
...
Github suggests cloning via git://github.com/...but you have to change it to http://github.com/...manually.
Github 建议通过克隆,git://github.com/...但您必须将其更改为http://github.com/...手动。
Edit:I'm using git version 1.5.6.3.
编辑:我正在使用 git 版本 1.5.6.3。
Hope that helps!
希望有帮助!
回答by Steve Knight
AndreaG (in a comment above) has the only acceptable answer to this problem that I can find. It seems that Git just won't work with NTLM proxies even though it really should because cURL (which it uses underneath) does work just fine. Why this issue can't be fixed I have no idea. It seems to be a fairly common issue.
AndreaG(在上面的评论中)对我能找到的这个问题有唯一可以接受的答案。似乎 Git 只是不能使用 NTLM 代理,即使它确实应该使用,因为 cURL(它在下面使用)确实可以正常工作。为什么这个问题不能解决我不知道。这似乎是一个相当普遍的问题。
The solution, in full then, is to use ntlmaps to act as a proxy to the proxy. All you need to do is to download the latest version of the app from: http://ntlmaps.sourceforge.net/
完整的解决方案是使用 ntlmaps 作为代理的代理。您需要做的就是从以下位置下载最新版本的应用程序:http: //ntlmaps.sourceforge.net/
Change the config file to include your authentication and proxy details and then set the proxy to be your new local one:
更改配置文件以包含您的身份验证和代理详细信息,然后将代理设置为新的本地代理:
git config --global http.proxy http://localhost:5865
I can confirm that it works just fine. Not only that you can use it for any app that requires NTLM authentication but does not provide full NTLM support.
我可以确认它工作得很好。您不仅可以将它用于需要 NTLM 身份验证但不提供完整 NTLM 支持的任何应用程序。
回答by xask
You can also use cntlm,
你也可以使用cntlm,
A solution similar to ntlmaps but written in pure C. It works in the same way as ntlmaps by creating a local proxy server (127.0.0.1) at a port (3128 default) on your machine. This new locally created proxy server does not require any authentication and thus can be used with any application that supports http proxy. It can also create a local socks proxy if you need one.
一种类似于 ntlmaps 但用纯 C 编写的解决方案。它的工作方式与 ntlmaps 相同,通过在您机器上的端口(默认为 3128)创建本地代理服务器(127.0.0.1)。这个新的本地创建的代理服务器不需要任何身份验证,因此可以与支持 http 代理的任何应用程序一起使用。如果您需要,它还可以创建本地袜子代理。
The main advantage over ntlmaps which is written in python, is that cntlm has very low CPU and RAM usage, typically <2%.
与用 python 编写的 ntlmaps 相比,cntlm 的主要优势在于 cntlm 的 CPU 和 RAM 使用率非常低,通常 <2%。
回答by Michael Baltaks
Since this was a question I kept finding on my search to make this work, I'll add my answer here.
由于这是我在搜索过程中不断发现的一个问题,因此我将在此处添加我的答案。
I needed to get access to a github.com hosted repo working via an http(s) proxy (that requires NTLM authentication) on one network, and have it still work when on a normal internet connection, from our Mac OS X dev machines.
我需要通过一个网络上的 http(s) 代理(需要 NTLM 身份验证)访问 github.com 托管的存储库,并且在我们的 Mac OS X 开发机器上使用正常的互联网连接时它仍然可以工作。
Here is how I made it work. This won't work for every git hosting provider, but I'm posting in case it helps you figure this out. This is also only for Mac OS X, but if you figure out how to run something on network change for your system, the rest should follow.
这是我如何使它工作。这不适用于每个 git 托管服务提供商,但我发帖是为了帮助您解决这个问题。这也仅适用于 Mac OS X,但如果您想知道如何在网络更改时为您的系统运行某些程序,其余的应该随之而来。
I had to use git clone [email protected]:user/repo.gitafter setting up ssh access as normal (http://help.github.com/mac-set-up-git/).
我必须git clone [email protected]:user/repo.git在正常设置 ssh 访问后使用(http://help.github.com/mac-set-up-git/)。
I then needed to setup a local http(s) proxy that handles the NTLM authentication, such as ntlmaps, cntlm or Authoxy. I've tested with Authoxy. I'll leave configuring this to you, because you'll need to know your own proxy details.
然后我需要设置一个本地 http(s) 代理来处理 NTLM 身份验证,例如 ntlmaps、cntlm 或 Authoxy。我已经用 Authoxy 测试过了。我会把这个配置留给你,因为你需要知道你自己的代理详细信息。
You'll also need corkscrew, which is just sudo port install corkscrewif you have MacPorts.
您还需要开瓶器,sudo port install corkscrew前提是您有 MacPorts。
Then I added the following to ~/.ssh/config:
然后我添加了以下内容~/.ssh/config:
Host github.com.disabled
User git
HostName ssh.github.com
Port 443
ProxyCommand /opt/local/bin/corkscrew localhost 6574 %h %p
Where 6574 is the TCP port I set Authoxy to listen on.
其中 6574 是我设置 Authoxy 侦听的 TCP 端口。
Now I created a script that tries to find the http(s) proxy server, and configures the ssh setup according to what it finds, at /usr/local/bin/locationchanger:
现在我创建了一个脚本来尝试查找 http(s) 代理服务器,并根据它找到的内容配置 ssh 设置,位于/usr/local/bin/locationchanger:
#!/bin/sh
set -o nounset
set -o errexit
sleep 10 # allow for WiFi to actually connect.
# if we can find the proxy server, then use it.
if ! host proxy.internal.network;
then
echo "Proxy server not found, clearing http(s) proxy";
sed -i '.backup' -E 's/^Host github.com$/Host github.com.disabled/' "$HOME/.ssh/config"
else
echo "Proxy server found, setting http(s) proxy";
sed -i '.backup' -E 's/^Host github.com.disabled$/Host github.com/' "$HOME/.ssh/config"
fi
echo "Done."
Don't forget to chmod +x /usr/local/bin/locationchanger.
不要忘记chmod +x /usr/local/bin/locationchanger。
Now create ~/Library/LaunchAgents/LocationChanger.plist:
现在创建~/Library/LaunchAgents/LocationChanger.plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>tech.inhelsinki.nl.locationchanger</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/locationchanger</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Library/Preferences/SystemConfiguration</string>
</array>
</dict>
</plist>
And then launchctl load ~/Library/LaunchAgents/LocationChanger.plist. This launchd job will run whenever the network changes. If it can find your internal network http(s) proxy server, it will make ssh use corkscrew to work through Authoxy, which will handle working through the company proxy. If it can't find the proxy server, it will disable the special ssh config, and you're working just like normal.
然后launchctl load ~/Library/LaunchAgents/LocationChanger.plist。每当网络发生变化时,这个launchd 作业就会运行。如果它可以找到您的内部网络 http(s) 代理服务器,它将使 ssh 使用 corkscrew 通过 Authoxy 工作,这将处理通过公司代理的工作。如果它找不到代理服务器,它将禁用特殊的 ssh 配置,您就可以正常工作了。
Now our team doesn't have to think about network switching anymore.
现在我们的团队不必再考虑网络切换了。
回答by synapse
TL/DR:
TL/DR:
export GIT_HTTP_PROXY_AUTHMETHOD=basic
or
或者
git config --global http.proxyauthmethod basic
I had the same issue when git (curl) proxy auth did not work. Credentials were right. Upgrade to the latest git-v2.15.0 did not help.
当 git (curl) 代理身份验证不起作用时,我遇到了同样的问题。凭据是正确的。升级到最新的 git-v2.15.0 没有帮助。
The issue was due to wrong proxy authentication method chosen by git-libcurl.
问题是由于 git-libcurl 选择了错误的代理身份验证方法。
The valid proxy_authmethod options are defined in git source: https://github.com/git/git/blob/d0e9983980a25e0c398cc03342e5ad22ef85b8a8/http.c#L81
git 源中定义了有效的 proxy_authmethod 选项:https: //github.com/git/git/blob/d0e9983980a25e0c398cc03342e5ad22ef85b8a8/http.c#L81
The proxyauthmethod can be defined either through GIT_HTTP_PROXY_AUTHMETHODenvironment variable or http.proxyauthmethodgit config option. Environment variable overrides the config option value.
proxyauthmethod 可以通过GIT_HTTP_PROXY_AUTHMETHOD环境变量或http.proxyauthmethodgit config 选项定义。环境变量覆盖配置选项值。
回答by Frank Schwieterman
I've been using ntlmaps and been having good results getting through windows/NT proxies: http://ntlmaps.sourceforge.net/
我一直在使用 ntlmaps 并且通过 windows/NT 代理取得了很好的结果:http: //ntlmaps.sourceforge.net/
The git configuration is:
git 配置是:
git config --global http.proxy http://localhost:5865
git config --global http.proxy http://localhost:5865
回答by Abs
I have stumbled on a more easier and possibly safer solution that works not just for git but also any command based installers
我偶然发现了一个更简单、可能更安全的解决方案,它不仅适用于 git,还适用于任何基于命令的安装程序
- Rubygems in ruby
- npm in node
- 红宝石中的红宝石
- 节点中的 npm
One solution running all your traffic from command line is proxied with authentiction.
从命令行运行所有流量的一种解决方案是使用身份验证代理。
Wont expose your password in the user:password@domain:port format
不会以 user:password@domain:port 格式公开您的密码
Solution:
解决方案:
Download Fiddler, It has a built in way to add authentication headers to all requests.
下载Fiddler,它具有向所有请求添加身份验证标头的内置方法。
Once running menu Rules-> Automatically Authenticate (Tick that)
一旦运行菜单规则 - >自动身份验证(勾选)
Then for git
然后对于 git
git config --global http.proxy http://localhost:8888
git config --global https.proxy http://localhost:8888
Thats it!
就是这样!
