Short tip: Clone Git repository via SSH and SOCKS proxy

When using tools such as GitLab can cloned via HTTP and SSH. Especially the second choice can be handy if there is no VPN available – but keep in mind, also sending DNS via the jumphost.

The first step is establishing a SSH connection leveraging port forwarding:

ssh -A -D 1337 USER@IP -i pinkepank.key

Afterwards, http://localhost:1337 can be used as SOCKS proxy verwenden – web servers in the remote networks should be accessable including DNS.

Clonen the Git repositories is done with an customized http configuration:

$ git -c http.proxy=socks5h://localhost:1337 clone http://gitlab.pinkepank.remote-site.org/group/repo.git

Notice the socks5h protocol – the following protocols are supported:

Parameter Exaplanation
socks4://
SOCKS4 proxy, DNS resolution via client
socks4h://
SOCKS4 proxy, DNS resolution via remote system
socks5://
SOCKS5 proxy, DNS resolution via client
socks5h://
SOCKS5 proxy, DNS resolution via remote system

To ensure that you don’t need to override the configuration every time, you can set the proxy on repository or global level (–global):

$ git config http.proxy socks5h://localhost:1337

Sharing is caring

2 comments Write a comment

  1. this all works good, however, the DNS naming is not being resolved. I had to input muy hand entries into my local /etc/hosts file for the remote repository site name.
    In Firefox when using the socks5 proxy, there is an option to use the socks connection for DNS name resolving [Proxy DNS when using SOCKS v5] and after this DNS happens on the SSH server and all work good.
    For git over ssh tunnel I could not find such an option, do you know one?

    • Hey Eugene,
      sorry for the late answer. You’re right – DNS resolution is not working properly if you’re using socks5 instead of socks5h.
      I also have some environments where I can’t use this mechanism requiring me to also maintain local hosts entries..

      Best wishes – stay healthy,
      Christian.

Leave a Reply