>From a 50K foot perspective, what I'm trying to do is punch a hole through my >corporate http proxy to get to github. By itself, cygwin, along with openssh >and corkscrew, does not have a problem (i.e. remote git commands work). >However, I would also like to make use of the eGit Eclipse plugin, which >unfortunately does not support the notion of a proxy. So, I thought that if I >could setup a local port forwarding I might be able to get eGit to connect ... >but it isn't working.
I've included the openssh, git, and corkscrew packages in my cygwin install. I then ran ssh-host-config, but I didn't think actually running the sshd via 'net start sshd' would be required. The port forwarding does not seem to work either way. My only modifications to /etc /sshd_config, from default, are ... AllowTcpForwarding yes PermitTunnel yes my ~/.ssh/config has ... Host github.com User git HostName ssh.github.com Port 443 ProxyCommand corkscrew 10.169.1.20 80 %h %p /home/ssmaring/.ssh/.corkscrew-auth IdentityFile /home/ssmaring/.ssh/id_rsa Here is what works (I do the -N because github.com does not offer a PTY) ... $ ssh -v -N g...@github.com OpenSSH_5.6p1, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /home/ssmaring/.ssh/config debug1: Applying options for github.com debug1: Reading configuration data /etc/ssh_config debug1: Executing proxy command: exec corkscrew 10.169.1.20 80 ssh.github.com 443 /home/ssmaring/.ssh/.corkscrew-auth debug1: permanently_drop_suid: 93351 debug1: identity file /home/ssmaring/.ssh/id_rsa type 1 debug1: identity file /home/ssmaring/.ssh/id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5github2 debug1: match: OpenSSH_5.1p1 Debian-5github2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: checking without port identifier debug1: Host 'ssh.github.com' is known and matches the RSA host key. debug1: Found key in /home/ssmaring/.ssh/known_hosts:3 debug1: found matching key w/out port debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/ssmaring/.ssh/id_rsa debug1: Remote: Forced command: gerve smaring debug1: Remote: Port forwarding disabled. debug1: Remote: X11 forwarding disabled. debug1: Remote: Agent forwarding disabled. debug1: Remote: Pty allocation disabled. debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/ssmaring/.ssh/id_rsa': debug1: read PEM private key done: type RSA debug1: Remote: Forced command: gerve smaring debug1: Remote: Port forwarding disabled. debug1: Remote: X11 forwarding disabled. debug1: Remote: Agent forwarding disabled. debug1: Remote: Pty allocation disabled. debug1: Authentication succeeded (publickey). Authenticated to ssh.github.com (via proxy). debug1: Requesting no-more-sessi...@openssh.com debug1: Entering interactive session. If I start up a tunnel like this ... $ ssh -L 22:github.com:22 -v -N g...@github.com OpenSSH_5.6p1, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /home/ssmaring/.ssh/config debug1: Applying options for github.com debug1: Reading configuration data /etc/ssh_config debug1: Executing proxy command: exec corkscrew 10.169.1.20 80 ssh.github.com 443 /home/ssmaring/.ssh/.corkscrew-auth debug1: permanently_drop_suid: 93351 debug1: identity file /home/ssmaring/.ssh/id_rsa type 1 debug1: identity file /home/ssmaring/.ssh/id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5github2 debug1: match: OpenSSH_5.1p1 Debian-5github2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: checking without port identifier debug1: Host 'ssh.github.com' is known and matches the RSA host key. debug1: Found key in /home/ssmaring/.ssh/known_hosts:3 debug1: found matching key w/out port debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/ssmaring/.ssh/id_rsa debug1: Remote: Forced command: gerve smaring debug1: Remote: Port forwarding disabled. debug1: Remote: X11 forwarding disabled. debug1: Remote: Agent forwarding disabled. debug1: Remote: Pty allocation disabled. debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/ssmaring/.ssh/id_rsa': debug1: read PEM private key done: type RSA debug1: Remote: Forced command: gerve smaring debug1: Remote: Port forwarding disabled. debug1: Remote: X11 forwarding disabled. debug1: Remote: Agent forwarding disabled. debug1: Remote: Pty allocation disabled. debug1: Authentication succeeded (publickey). Authenticated to ssh.github.com (via proxy). debug1: Local connections to LOCALHOST:22 forwarded to remote address github.com:22 debug1: Local forwarding listening on 127.0.0.1 port 22. debug1: channel 0: new [port listener] debug1: Requesting no-more-sessi...@openssh.com debug1: Entering interactive session. and then try to connect from another console like this ... $ ssh -v -N g...@localhost OpenSSH_5.6p1, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /home/ssmaring/.ssh/config debug1: Reading configuration data /etc/ssh_config debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /home/ssmaring/.ssh/id_rsa type 1 debug1: identity file /home/ssmaring/.ssh/id_rsa-cert type -1 debug1: identity file /home/ssmaring/.ssh/id_dsa type -1 debug1: identity file /home/ssmaring/.ssh/id_dsa-cert type -1 ssh_exchange_identification: Connection closed by remote host then my tunnel says ... debug1: Connection to port 22 forwarding to github.com port 22 requested. debug1: channel 1: new [direct-tcpip] channel 1: open failed: administratively prohibited: open failed debug1: channel 1: free: direct-tcpip: listening port 22 for github.com port 22, connect from 127.0.0.1 port 1130, nchannels 2 my guess is that since I'm trying to open a new connection and the only way to connect to github.com is with a key pair, that things are being screwed up by the localhost reference. I'm not sure what to do to fix this though. I've also tried removing the localhost entry in known_hosts and throwing in a '-A' option, but that didn't help, not that I could do that from eGit anyway. I'm also open to completely different strategies to get Eclipse/eGit on Windoze to connect to Github from behind an http proxy. Thanks, Steve Maring -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
