Configuration

alt text

I use 2 kinds of repo. gitlab for internal/corporate projects, hosted inside my company. github for public/pet projects and as a blogging platform. 3 days a week I am inside company, 4 days a week outside.

Green lines are the natural path to collaborate.

When outside I don't have proxy configuration or firewall, and I can directly access github. I cannot access to gitlab but I don't want to address it now, this is why it is set as a black line. (if this is really needed I have a vpn access and this is as being inside)

When inside, I use internal proxy. I can directly access gitlab. But I want to access github in a transparent way. And yes from both Windows and Linux (WSL). This is the red line.

Setup the red line

Here is the https://stackoverflow.com/questions/21318535/how-to-setup-corkscrew-to-connect-to-github-through-draconian-proxy discussion.

1st step is to install workscrew: sudo apt install corkscrew

Then I create 2 ssh config files:

(base) guillaume@LL11LPC0PQARQ:~/proxy_files$ cat ssh_config_noproxy
Host github.com
IdentityFile ~/.ssh/id_rsa_gmail

Host gitlab.<mycompany>.com
IdentityFile ~/.ssh/id_rsa

(base) guillaume@LL11LPC0PQARQ:~/proxy_files$ cat ssh_config_proxy
Host github.com
ProxyCommand /usr/bin/corkscrew <my_proxy_hostname> <my_proxy_port> %h %p
IdentityFile ~/.ssh/id_rsa_gmail

Host gitlab.<mycompany>.com
IdentityFile ~/.ssh/id_rsa

It is just a matter of linking appropriate files when I am in or out of corporate network.

As in my_ip.sh:

# Set Proxy
function setproxy() {
     echo "Calling setproxy"
     export {http,https,ftp}_proxy="http://proxy_ip:80"
     export {HTTP,HTTPS,FTP}_PROXY="http://proxy_ip:80"
     #proxy for wget
     ln -sf ~/proxy_files/.wgetrc_proxy ~/.wgetrc
     #proxy for apt
     #sudo ln -sf ~/proxy_files/apt_proxy.conf /etc/apt/apt.conf.d/proxy.conf
     #proxy for conda
     ln -sf ~/proxy_files/.condarc_proxy ~/.condarc
     #proxy for git
     git config --global http.proxy http://proxy_ip:80
     ln -sf ~/proxy_files/ssh_config_proxy ~/.ssh/config
}

# Unset Proxy
function unsetproxy() {
     echo "Calling unsetproxy"
     unset {http,https,ftp}_proxy
     unset {HTTP,HTTPS,FTP}_PROXY
     #no proxy for wget
     ln -sf ~/proxy_files/.wgetrc_noproxy ~/.wgetrc
     #no proxy for apt
     #sudo rm -f /etc/apt/apt.conf.d/proxy.conf
     #no proxy for conda
     ln -sf ~/proxy_files/.condarc_noproxy ~/.condarc
     #no proxy for git
     git config --global --unset http.proxy
     ln -sf ~/proxy_files/ssh_config_noproxy ~/.ssh/config
}

July-21: Update following change of entreprise network

Now that we are behing GlobalProxy protection, we get some transparent proxy (good!) with no ssh access (bad).

$  ssh -Tvv git@github.com
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /home/guillaume/.ssh/config
debug1: /home/guillaume/.ssh/config line 1: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Executing proxy command: exec /bin/nc -X 5 -x 192.168.50.202:1080 github.com 22
debug1: permanently_drop_suid: 1000
debug1: identity file /home/guillaume/.ssh/id_rsa_gmail type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/guillaume/.ssh/id_rsa_gmail-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
ssh_exchange_identification: Connection closed by remote host

First step is to get rid of socks5 configuration

Revert socks5 for git

Just by commenting ProxyCommand in ssh for github

$ cat .ssh/config
Host github.com
IdentityFile ~/.ssh/id_rsa_gmail
#ProxyCommand /bin/nc -X 5 -x 192.168.50.202:1080 %h %p

Host gitlab.michelin.com
IdentityFile ~/.ssh/id_rsa

Second step is to migrate remote-url from ssh to https:

from git ssh to git https

$ git remote set-url origin https://githib.com/castorfou/mit_600.2x.git
$ git remote -v
origin  https://github.com/castorfou/mit_600.2x.git (fetch)
origin  https://github.com/castorfou/mit_600.2x.git (push)

This allows to fetch and pull updates

git fetch
git pull

Lastly to setup passwordless access to github

Github token to access passwordless using https

To Generate token in github:

  • (profile > Settings > Developer settings > Personal access tokens)
  • Generate new token
  • Select repo section

Integrate into git config:

  • copy token into .git/config remote url ( from url = https://github.com/castorfou/guillaume_blog.git to url = https://mytoken@github.com/castorfou/guillaume_blog.git)