新建/编辑 ~/.ssh/config 文件
# 如果用默认端口,这里是 github.com,如果想用443端口,这里就是 ssh.github.com
# 详见 https://help.github.com/articles/using-ssh-over-the-https-port/
Host github.com
HostName github.com
User git
# 如果是 HTTP 代理,使用下面这行,并把 proxyport 改成自己的 http 代理的端口
ProxyCommand socat - PROXY:127.0.0.1:%h:%p,proxyport=6667
# 如果是 socks5 代理,则把下面这行取消注释,并把 6666 改成自己 socks5 代理的端口
ProxyCommand nc -v -x 127.0.0.1:1080 %h %p
related post:
https://briteming.blogspot.com/2011/12/ssh-via-http-proxy.html
https://briteming.blogspot.com/2016/02/proxytunnel.html
------
配置git使用proxy
Git 目前支持的三种协议 git:// ssh:// http:// 和 https://
其代理配置各不相同.
(1) core.gitproxy 用于 git:// 协议
(2) http.proxy 用于 http:// 协议
(3) ssh:// 协议的代理需要配置 ssh 的 ProxyCommand 参数
(一) 针对GIT 协议(git://)配置代理
git 协议配置代理可以有两种方式,但是都是需要安装软件: socat
(1) Debian/Ubuntu just sudo apt-get install socat
(2) CentOS use yum install epel source yum -y install socat
(3) Mac OS: brew install socat
1. Git Through A HTTP Proxy
让 git 走 HTTP 代理需要创建 gitproxy.sh 脚本,然后赋予可执行权限: 参考的这个文章
然后配置 git 使用这个代理, 在 ~/.gitconfig 文件里写入:
2. Git Through A SOCKS Proxy (or SSH Tunnel)
第一步: 使用 ssh开启一个socks 代理.
第二步: 创建一个新的 gitproxysocks.sh 脚本,并赋予可执行权限.
第三步: 配置 git 使用这个脚本,可以像上面那样写入到配置文件 ~/.gitconfig 中,也可以配置 GIT_PROXY_COMMAND 环境变量, git 获取数据时会检查这个环境变量.
(二) 针对HTTP 协议(http://)配置代理
配置 git 对 http:// 协议开头的仓库使用 http 代理,可以直接编辑 ~/.gitconfig 文件.
或者,可以通过下面的脚本直接设置 http_proxy, https_proxy 与 all_proxy 环境变量。 把下面的脚本保存为 http_proxy.sh ,并在 ~/.bashrc 或者 ~/.zshrc 里加入 source /path/to/http_proxy.sh, 这样在想使用 proxy 时,运行 http_proxy_enable 命令就可以了,取消时运行 http_proxy_disable
(三) 针对SSH 协议(ssh://)配置代理
使用 ssh 的好处就是在 clone 数据,或者提交数据到 github.com 时,不用在输入 github 的帐号密码.
下面是 ssh 的设置,打开 ~/.ssh/config 输入 :
参考:https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/using-ssh-over-the-https-port
------------------------------------------------------------------
为Git设置代理
Git 目前支持的三种协议 git://、ssh:// 和 http://,其代理配置各不相同:core.gitproxy 用于 git:// 协议,http.proxy 用于 http:// 协议,ssh:// 协议的代理需要配置 ssh 的 ProxyCommand 参数。
使用connect工具:
使用https://github.com/sonywork/connect 工具进行代理的转换。
对于所有的协议全部使用 SSH 隧道进行代理
GIT 协议的配置
建立 /path/to/socks5proxywrapper 文件:
#!/bin/sh
connect -S 127.0.0.1:7070 "$@"
配置 git
[core]
gitproxy = /path/to/socks5proxywrapper
或者
export GIT_PROXY_COMMAND="/path/to/socks5proxywrapper"
SSH 协议的配置
建立 /path/to/soks5proxyssh 文件
#!/bin/sh
ssh -o ProxyCommand="/path/to/socks5proxywrapper %h %p" "$@"
配置 git 使用该 wrapper
export GIT_SSH="/path/to/socks5proxyssh“
当然也可以直接配置 ~/.ssh/config 的 ProxyCommand
HTTP 协议的配置
[http]
#这里是因为 Git 使用 libcurl 提供 http 支持
proxy = socks5://127.0.0.1:7070
所有协议全部使用 http 代理
在前一部分的基础上, /path/to/socks5proxywrapper 文件改为
#!/bin/sh
connect -H 192.168.1.100:8080 "$@"
HTTP 协议配置
[http]
proxy = http://192.168.1.100:8080
针对域名启用代理
gitproxy 参数提供 * for * 结构,具体看 man git-config 的 core.gitproxy 部分。
附1:
* How To Use
* ==========
*
* You can specify proxy method in an environment variable or in a
* command line option.
*
* usage: connect [-dnhst45] [-R resolve] [-p local-port] [-w sec]
* [-H [user@]proxy-server[:port]]
* [-S [user@]socks-server[:port]]
* [-T proxy-server[:port]]
* [-c telnet proxy command]
* host port
*
* "host" and "port" is for the target hostname and port-number to
* connect to.
*
* The -H option specifys a hostname and port number of the http proxy
* server to relay. If port is omitted, 80 is used. You can specify this
* value in the environment variable HTTP_PROXY and pass the -h option
* to use it.
*
* The -S option specifys the hostname and port number of the SOCKS
* server to relay. Like -H, port number can be omitted and the default
* is 1080. You can also specify this value pair in the environment
* variable SOCKS5_SERVER and give the -s option to use it.
*
* The '-4' and the '-5' options are for specifying SOCKS relaying and
* indicates protocol version to use. It is valid only when used with
* '-s' or '-S'. Default is '-5' (protocol version 5)
*
* The '-R' option is for specifying method to resolve the
* hostname. Three keywords ("local", "remote", "both") or dot-notation
* IP address are acceptable. The keyword "both" means, "Try local
* first, then remote". If a dot-notation IP address is specified, use
* this host as nameserver. The default is "remote" for SOCKS5 or
* "local" for others. On SOCKS4 protocol, remote resolving method
* ("remote" and "both") requires protocol 4a supported server.
*
* The '-p' option will forward a local TCP port instead of using the
* standard input and output.
*
* The '-P' option is same to '-p' except keep remote session. The
* program repeats waiting the port with holding remote session without
* disconnecting. To disconnect the remote session, send EOF to stdin or
* kill the program.
*
* The '-w' option specifys timeout seconds for making connection with
* TARGET host.
*
* The '-d' option is used for debug. If you fail to connect, use this
* and check request to and response from server.
*
* You can omit the "port" argument when program name is special format
* containing port number itself. For example,
* $ ln -s connect connect-25
* means this connect-25 command is spcifying port number 25 already
* so you need not 2nd argument (and ignored if specified).
*
* To use proxy, this example is for SOCKS5 connection to connect to
* 'host' at port 25 via SOCKS5 server on 'firewall' host.
* $ connect -S firewall host 25
* or
* $ SOCKS5_SERVER=firewall; export SOCKS5_SERVER
* $ connect -s host 25
*
* For a HTTP-PROXY connection:
* $ connect -H proxy-server:8080 host 25
* or
* $ HTTP_PROXY=proxy-server:8080; export HTTP_PROXY
* $ connect -h host 25
* To forward a local port, for example to use ssh:
* $ connect -p 5550 -H proxy-server:8080 host 22
* ($ ssh -l user -p 5550 localhost )
*
* TIPS
* ====
*
* Connect.c doesn't have any configuration to specify the SOCKS server.
* If you are a mobile user, this limitation might bother you. However,
* You can compile connect.c and link with other standard SOCKS library
* like the NEC SOCKS5 library or Dante. This means connect.c is
* socksified and uses a configration file like to other SOCKSified
* network commands and you can switch configuration file any time
* (ex. when ppp startup) that brings you switching of SOCKS server for
* connect.c in same way with other commands. For this case, you can
* write ~/.ssh/config like this:
*
* ProxyCommand connect -n %h %p
*
* SOCKS5 authentication
* =====================
*
* Only USER/PASS authentication is supported.
*
* Proxy authentication
* ====================
*
* Only BASIC scheme is supported.
*
* Authentication informations
* ===========================
*
* User name for authentication is specifed by an environment variable
* or system login name. And password is specified from environment
* variable or external program (specified in $SSH_ASKPASS) or tty.
*
* Following environment variable is used for specifying user name.
* SOCKS: $SOCKS5_USER, $LOGNAME, $USER
* HTTP Proxy: $HTTP_PROXY_USER, $LOGNAME, $USER
*
* ssh-askpass support
* ===================
*
* You can use ssh-askpass (came from OpenSSH or else) to specify
* password on graphical environment (X-Window or MS Windows). To use
* this, set program name to environment variable SSH_ASKPASS. On UNIX,
* X-Window must be required, so $DISPLAY environment variable is also
* needed. On Win32 environment, $DISPLAY is not mentioned.
*
* Related Informations
* ====================
*
* SOCKS5 -- RFC 1928, RFC 1929, RFC 1961
* NEC SOCKS Reference Implementation is available from:
* http://www.socks.nec.com
* DeleGate version 5 or earlier can be SOCKS4 server,
* and version 6 can be SOCKS5 and SOCKS4 server.
* and version 7.7.0 or later can be SOCKS5 and SOCKS4a server.
* http://www.delegate.org/delegate/
*
* HTTP-Proxy --
* Many http proxy servers supports this, but https should
* be allowed as configuration on your host.
* For example on DeleGate, you should add "https" to the
* "REMITTABLE" parameter to allow HTTP-Proxy like this:
* delegated -Pxxxx ...... REMITTABLE="+,https" ...
*
* Hypertext Transfer Protocol -- HTTP/1.1 -- RFC 2616
* HTTP Authentication: Basic and Digest Access Authentication -- RFC 2617
* For proxy authentication, refer these documents.
附2:
$*,$@和$# 解释
$*表示全部参数(一起被引号包住)$@表示全部参数(分别被引号包住)$#表示参数个数
No comments:
Post a Comment