While it may be easy to access git at home or a personal Internet connection, doing the same in a corporate environment or at a university connection is not an easy task. Draconian proxies creep around the free Internet at such places where access to free knowledge to the world of IRC and Git is forbidden. In such circumstances, the use of a simple tool named corkscrew can do the trick.

Corkscrew is simple tool that allows tunneling ssh via port 443 which is used by SSL. As a result if a university or a company allows connect on port 443, ssh can make use of this. Using this technique, one can easily access github repos via the custom URL ssh.github.com .


Unix/GNU Linux Family

1. Download Git. At the time I was writing this I am using Kubuntu so I simply did apt-get install git-core

2. Download and install corkscrew (http://www.agroman.net/corkscrew/). This is a tool for tunneling SSH through HTTP proxies.

3. Edit or create the file ~/.ssh/config and put the following:

ProxyCommand /usr/bin/corkscrew proxy.example.com 443 %h %p ~/.ssh/myauth

Host github.com
User git
Port 22
Hostname github.com
IdentityFile “/media/truecrypt1/Keys/GitHubKey.private”
TCPKeepAlive yes
IdentitiesOnly yes

Host ssh.github.com
User git
Port 443
Hostname ssh.github.com
IdentityFile “/media/truecrypt1/Keys/GitHubKey.private”
TCPKeepAlive yes
IdentitiesOnly yes

  • The ProxyCommand is invoked when ssh needs to make a connection. We are telling ssh to use /usr/bin/corkscrew. This is a 3rd party program that sets up a socket through the HTTP proxy.
  • The program /usr/bin/corkscrew takes as its 5th argument a file containing credentials for your HTTP proxy. Not all proxies need authentication but if you do just put in the file a single line formatted username:password.
  • The Host github.com indicates to ssh that if we are connecting to github.com to use these specific settings. There is nothing special here except we specify the location of the private key that corresponds to the public key we had over in http://www.github.com/
  • Notice we have another entry titled “Host ssh.github.com” . This is to get around proxies that only allow the CONNECT command over 443 (the truly locked down ones). To get around this github setup a whole separate host that listens on port 443. We add both entries here since they are both valid.

4. If everything is setup correctly you should be able to run:
# ssh github.com

Hi user! You’ve successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.

If this doesn’t work you can run
# ssh ssh.github.com

And get the exact same thing. If the first command didn’t work it means you are using a proxy that blocks CONNECT on port 22. Almost no proxies block CONNECT on port 443 because you need that for SSL.

We get a no shell access message from github because we are trying to obtain a shell and github has it disabled. However this indicates everything is working. This concludes the setup for POSIX based Oses.

Advertisements