Wednesday, November 3, 2021

[SOLVED] SSH via HTTP proxy with password on Windows with mingw64

Issue

I use Portable Git x64 on Windows. I run everything thought Git Bash. I need to ssh to a server which is reachable only via HTTP proxy. Authentication for server is via pubkey, authentication for proxy is via password, usernames are different. My ~/.ssh/config:

Host server
  Hostname server_hostname
  User server_username
  IdentityFile ~/.ssh/id_rsa
  ProxyCommand /c/PortableGit/mingw64/bin/connect.exe -H proxy_username@proxy_ip:12345 %h %p

The problem starts when ssh tries to pop-up the window where you need to enter a password for the HTTP proxy, log from ssh -vvv server:

$ ssh -vvv server
OpenSSH_7.9p1, OpenSSL 1.1.1a  20 Nov 2018
debug1: Reading configuration data /c/Users/username/.ssh/config
debug1: /c/Users/username/.ssh/config line 1: Applying options for server
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Executing proxy command: exec /c/PortableGit/mingw64/bin/connect.exe -H proxy_username@proxy_ip:12345 server_hostname 22
debug1: identity file /c/Users/username/.ssh/id_rsa type 0
debug1: identity file /c/Users/username/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
'C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass' is not recognized as an internal or external command,
operable program or batch file.
FATAL: Cannot decide password for proxy authentication.ssh_exchange_identification: Connection closed by remote host

git-gui--askpass is there, but for some reason it's not picked up by ssh. Running file 'C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass' gives:

$ file 'C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass'
C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass: POSIX shell script, ASCII text executable

Content of the git-gui--askpass is identical to https://github.com/git/git/blob/3bab5d56259722843359702bc27111475437ad2a/git-gui/git-gui--askpass

I tried to run this script via command line, it works fine:

enter image description here

Also, I tried to specify another program as SSH_ASKPASS=/mingw64/libexec/git-core/git-askpass.exe (which I assume a stupid thing to do). This does not work either:

...
fatal: failed to acquire credentials.

I tried to supply a password in ~/.ssh/config as:

ProxyCommand /c/PortableGit/mingw64/bin/connect.exe -H proxy_username:proxy_password@proxy_ip:12345 %h %p
                                                                     ^^^^^^^^^^^^^^^

but this is ignored by ssh.

Besides, I tried to connect via MobaXterm and this works completely fine -- I've been asked for a proxy password and after entering it I am connected. Also, after connecting in MobaXterm I can connect in command line since the proxy does not ask for a password for some time. But for a different reason I cannot use MobaXterm.

Any ideas on how to make it work?


Solution

Utility connect.exe works with HTTP_PROXY_USER and HTTP_PROXY_PASSWORD environment variables. Solution found in source code



Answered By - Jiří Vysoký
at