证书拒绝尝试通过防火墙后面的

证书拒绝尝试通过防火墙后面的

本文介绍了SSL 证书拒绝尝试通过防火墙后面的 HTTPS 访问 GitHub的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我被防火墙挡住了,所以必须使用 HTTPS 访问我的 GitHub 存储库.我在 Windows XP 上使用 cygwin 1.7.7.

I'm stuck behind a firewall so have to use HTTPS to access my GitHub repository. I'm using cygwin 1.7.7 on Windows XP.

我已经尝试将遥控器设置为 https://[email protected]/username/ExcelANT.git,但是推送提示输入密码,但是一旦我什么都不做已经输入了.https://username:<password>github.com/username/ExcelANT.git 并从头开始克隆空仓库,但每次都给我同样的错误

I've tried setting the remote to https://[email protected]/username/ExcelANT.git, but pushing prompts for a password, but doesn't do anything once I've entered it.https://username:<password>github.com/username/ExcelANT.git and cloning the empty repo from scratch but each time it gives me the same error

错误:SSL 证书问题,请验证 CA 证书是否正常.详情:
错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:访问 https://github.com 时证书验证失败/username/ExcelANT.git/info/refs

打开GIT_CURL_VERBOSE=1 给我

* 即将连接() 到 github.com 端口 443 (#0)
* 正在尝试 207.97.227.239... * 成功设置证书验证位置:
* CA文件:无
CApath:/usr/ssl/certs
* SSL证书问题,验证CA证书是否OK.详情:
错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败
* 过期清除
* 关闭连接 #0
* 即将连接()到 github.com 端口 443 (#0)
* 正在尝试 207.97.227.239... * 成功设置证书验证位置:
* CA文件:无
CApath:/usr/ssl/certs
* SSL证书问题,验证CA证书是否OK.详情:
错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败
* 过期清除
* 关闭连接 #0
错误:SSL 证书问题,请验证 CA 证书是否正常.详情:
错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:访问 https://github.com 时证书验证失败/username/ExcelANT.git/info/refs

fatal: HTTP request failed

这是我的防火墙、cygwin 还是什么的问题?

Is this a problem with my firewall, cygwin or what?

我没有在 Git 配置中设置 HTTP 代理,但是它是一个需要 NTLM 身份验证的 ISA 服务器,不是基本的,所以除非有人知道如何强制 git 使用 NTLM,否则我很沮丧.

I hadn't set the HTTP proxy in the Git config, however it's an ISA server that needs NTLM authentication, not basic, so unless anyone knows how to force git to use NTLM, I'm scuppered.

推荐答案

如果您想解决证书问题,请跳过此答案.这个答案涉及通过防火墙的隧道 ssh,恕我直言,这是处理防火墙/代理问题的更好解决方案.

Feel free to skip past this answer if you want to fix the certificates issue. This answer deals with tunneling ssh through the firewall which is IMHO a better solution to dealing with firewall/proxy thingies.

有一个比使用http访问更好的方法,那就是在ssh.github.com服务器的443端口使用github提供的ssh服务.

There is a better way than using http access and that is to use the ssh service offered by github on port 443 of the ssh.github.com server.

我们使用一种叫做开瓶器的工具.这适用于 CygWin(通过从 cygwin 主页进行设置)和使用您最喜欢的打包工具的 Linux.对于 MacOSX,它至少可以从 macports 和 brew 获得.

We use a tool called corkscrew. This is available for both CygWin (through setup from the cygwin homepage) and Linux using your favorite packaging tool. For MacOSX it is available from macports and brew at least.

命令行如下:

$ corkscrew <proxyhost> <proxyport> <targethost> <targetport> <authfile>

proxyhost 和 proxyport 是 https 代理的坐标.targethost 和 targetport 是要建立隧道的主机的位置.authfile 是一个文本文件,其中 1 行包含您的代理服务器用户名/密码,以冒号分隔

The proxyhost and proxyport are the coordinates of the https proxy. The targethost and targetport is the location of the host to tunnel to. The authfile is a textfile with 1 line containing your proxy server username/password separated by a colon

例如:

abc:very_secret

使用普通"ssh协议进行git通信的安装

Installation for using "normal" ssh protocol for git communication

通过将它添加到 ~/.ssh/config 这个技巧可以用于正常的 ssh 连接.

By adding this to the ~/.ssh/config this trick can be used for normal ssh connections.

Host github.com
  HostName ssh.github.com
  Port 443
  User git
  ProxyCommand corkscrew <proxyhost> <proxyport> %h %p ~/.ssh/proxy_auth

现在你可以通过 ssh-ing 到 gitproxy 来测试它是否有效

now you can test it works by ssh-ing to gitproxy

pti@pti-laptop:~$ ssh github.com
PTY allocation request failed on channel 0
Hi ptillemans! You've successfully authenticated, but GitHub does not provide shell access.
       Connection to github.com closed.
pti@pti-laptop:~$

(注意:如果你之前从未登录过github,ssh会要求将服务器密钥添加到已知的hosts文件中.如果你偏执,建议将RSA指纹验证为github上显示的指纹您上传密钥的网站).

(Note: if you never logged in to github before, ssh will be asking to add the server key to the known hosts file. If you are paranoid, it is recommended to verify the RSA fingerprint to the one shown on the github site where you uploaded your key).

当您需要使用另一个密钥访问存储库时,例如将您的私人账户与您的专业账户分开.

A slight variant on this method is the case when you need to access a repository with another key, e.g. to separate your private account from your professional account.

#
# account dedicated for the ACME private github account
#
Host acme.github.com
  User git
  HostName ssh.github.com
  Port 443
  ProxyCommand corkscrew <proxyhost> <3128> %h %p ~/.ssh/proxy_auth
  IdentityFile ~/.ssh/id_dsa_acme

享受吧!

我们多年来一直在 Linux、Mac 和 Windows 上使用它.

We've been using this for years now on both Linux, Macs and Windows.

如果你愿意,你可以阅读在这篇博文中有更多关于它的信息

这篇关于SSL 证书拒绝尝试通过防火墙后面的 HTTPS 访问 GitHub的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 17:22