问题
I've tried both using export http_proxy=http://[username]:[pwd]@[proxy] and git config --global http.proxy http://[username]:[pwd]@[proxy].
I couldn't make it work. It looks like git uses Basic authentication:
Initialized empty Git repository in /home/.../.git/
* Couldn't find host github.com in the .netrc file, using defaults
* About to connect() to github.com port 8080 (#0)
* Trying 10.... * Connected to github.com (10....) port 8080 (#0)
* Proxy auth using Basic with user '...'
> GET http://github.com/sunlightlabs/fiftystates.git/info/refs HTTP/1.1
Proxy-Authorization: Basic MD...
User-Agent: git/1.6.1.2
Host: github.com
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive
< HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to t
he Web Proxy filter is denied. )
< Via: 1.1 ...
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: Kerberos
< Proxy-Authenticate: NTLM
< Connection: Keep-Alive
< Proxy-Connection: Keep-Alive
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 4118
* The requested URL returned error: 407
* Closing connection #0
fatal: http://github.com/sunlightlabs/fiftystates.git/info/refs download error - The requested URL returned error: 407
Google search returned mixed and probably not updated results. Somewhere it says that curl is (was?) used under the hood, but its options are (were?) hardwired into code. For example,
curl --proxy-ntlm --proxy ...:8080 google.com
works, and I'd like to use the same option with git.
I need some more definite answers here: has anybody succeed using git through Windows proxies? Which version?
Thanks.
回答1:
Git supports NTLM proxy authentication from version 1.7.10 onwards, relevant commit is https://github.com/gitster/git/commit/dd6139971a18e25a5089c0f96dc80e454683ef0b
1.7.10 release notes briefly mentioned it as:
* HTTP transport learned to authenticate with a proxy if needed.
I've successfully tested it with the proxy at my workplace which is NTLM and requires user/pass, you can test yourself with following commands:
git config --global http.proxy http://user:password@proxy.com:port
git clone http://git.videolan.org/git/bitstream.git
Regards,
回答2:
Default NTLM credentials
In order to use default NTLM credentials, provide an empty username and password
git config --global http.proxy https://:@proxy:port
Firewall Client for ISA Server
Instead of setting proxy for git, npm, etc. you can use Firewall Client for ISA Server from Microsoft. After installation:
Start > Autostart > Microsoft Firewall Client Management
Settings tab > Manual specified ISA Server > proxy:port
Web Browser tab > Uncheck "Enable web browser automatic configuration."
回答3:
Cloning works for me but only over HTTP (since our corporate firewall blocks the ssh/git protocols):
$ export http_proxy="http://username:password@proxy:port/"
$ git clone http://github.com/sunlightlabs/fiftystates_site.git fifty
Initialized empty Git repository in /home/user/fifty/.git/
got e15f5192b923d8e87abaeb9406d0f4d80403da09
walk e15f5192b923d8e87abaeb9406d0f4d80403da09
got a78b792191f1cf5e961753dcfe05e9c809bdb0ed
got 76e6e86e72a0f998f7663da69ca49c457a302e27
walk 76e6e86e72a0f998f7663da69ca49c457a302e27
got 35b68a3b876fb90e73ba7a7eb51432e825ef2aa3
...
Github suggests cloning via git://github.com/... but you have to change it to http://github.com/... manually.
Edit: I'm using git version 1.5.6.3.
Hope that helps!
回答4:
AndreaG (in a comment above) has the only acceptable answer to this problem that I can find. It seems that Git just won't work with NTLM proxies even though it really should because cURL (which it uses underneath) does work just fine. Why this issue can't be fixed I have no idea. It seems to be a fairly common issue.
The solution, in full then, is to use ntlmaps to act as a proxy to the proxy. All you need to do is to download the latest version of the app from: http://ntlmaps.sourceforge.net/
Change the config file to include your authentication and proxy details and then set the proxy to be your new local one:
git config --global http.proxy http://localhost:5865
I can confirm that it works just fine. Not only that you can use it for any app that requires NTLM authentication but does not provide full NTLM support.
回答5:
You can also use cntlm,
http://cntlm.sourceforge.net/
A solution similar to ntlmaps but written in pure C. It works in the same way as ntlmaps by creating a local proxy server (127.0.0.1) at a port (3128 default) on your machine. This new locally created proxy server does not require any authentication and thus can be used with any application that supports http proxy. It can also create a local socks proxy if you need one.
The main advantage over ntlmaps which is written in python, is that cntlm has very low CPU and RAM usage, typically <2%.
回答6:
Since this was a question I kept finding on my search to make this work, I'll add my answer here.
I needed to get access to a github.com hosted repo working via an http(s) proxy (that requires NTLM authentication) on one network, and have it still work when on a normal internet connection, from our Mac OS X dev machines.
Here is how I made it work. This won't work for every git hosting provider, but I'm posting in case it helps you figure this out. This is also only for Mac OS X, but if you figure out how to run something on network change for your system, the rest should follow.
I had to use git clone git@github.com:user/repo.git after setting up ssh access as normal (http://help.github.com/mac-set-up-git/).
I then needed to setup a local http(s) proxy that handles the NTLM authentication, such as ntlmaps, cntlm or Authoxy. I've tested with Authoxy. I'll leave configuring this to you, because you'll need to know your own proxy details.
You'll also need corkscrew, which is just sudo port install corkscrew if you have MacPorts.
Then I added the following to ~/.ssh/config:
Host github.com.disabled
User git
HostName ssh.github.com
Port 443
ProxyCommand /opt/local/bin/corkscrew localhost 6574 %h %p
Where 6574 is the TCP port I set Authoxy to listen on.
Now I created a script that tries to find the http(s) proxy server, and configures the ssh setup according to what it finds, at /usr/local/bin/locationchanger:
#!/bin/sh
set -o nounset
set -o errexit
sleep 10 # allow for WiFi to actually connect.
# if we can find the proxy server, then use it.
if ! host proxy.internal.network;
then
echo "Proxy server not found, clearing http(s) proxy";
sed -i '.backup' -E 's/^Host github.com$/Host github.com.disabled/' "$HOME/.ssh/config"
else
echo "Proxy server found, setting http(s) proxy";
sed -i '.backup' -E 's/^Host github.com.disabled$/Host github.com/' "$HOME/.ssh/config"
fi
echo "Done."
Don't forget to chmod +x /usr/local/bin/locationchanger.
Now create ~/Library/LaunchAgents/LocationChanger.plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>tech.inhelsinki.nl.locationchanger</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/locationchanger</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Library/Preferences/SystemConfiguration</string>
</array>
</dict>
</plist>
And then launchctl load ~/Library/LaunchAgents/LocationChanger.plist. This launchd job will run whenever the network changes. If it can find your internal network http(s) proxy server, it will make ssh use corkscrew to work through Authoxy, which will handle working through the company proxy. If it can't find the proxy server, it will disable the special ssh config, and you're working just like normal.
Now our team doesn't have to think about network switching anymore.
回答7:
TL/DR:
export GIT_HTTP_PROXY_AUTHMETHOD=basic
or
git config --global http.proxyauthmethod basic
I had the same issue when git (curl) proxy auth did not work. Credentials were right. Upgrade to the latest git-v2.15.0 did not help.
The issue was due to wrong proxy authentication method chosen by git-libcurl.
The valid proxy_authmethod options are defined in git source: https://github.com/git/git/blob/d0e9983980a25e0c398cc03342e5ad22ef85b8a8/http.c#L81
The proxyauthmethod can be defined either through GIT_HTTP_PROXY_AUTHMETHOD environment variable or http.proxyauthmethod git config option. Environment variable overrides the config option value.
回答8:
I've been using ntlmaps and been having good results getting through windows/NT proxies: http://ntlmaps.sourceforge.net/
The git configuration is:
git config --global http.proxy http://localhost:5865
回答9:
I have stumbled on a more easier and possibly safer solution that works not just for git but also any command based installers
- Rubygems in ruby
- npm in node
One solution running all your traffic from command line is proxied with authentiction.
Wont expose your password in the user:password@domain:port format
Solution:
Download Fiddler, It has a built in way to add authentication headers to all requests.
Once running menu Rules-> Automatically Authenticate (Tick that)
Then for git
git config --global http.proxy http://localhost:8888
git config --global https.proxy http://localhost:8888
Thats it!
来源:https://stackoverflow.com/questions/1783659/does-git-clone-work-through-ntlm-proxies