5

I was able to set cntlm (see its sourceforge project) to our corporate proxy and browser works through it. Both on http and https.
But when I try to run git clone -v https://github.com/spraints/git-tfs.git, it sends several initial packages and hangs. Resulting .git directory is about 14kb.

On the contrary when I set it directly in git via:

git config --global http.proxy http://domain\\\login:password@our-proxy-server:8088

everything works well.

Do you have any suggestions?
Or probably some proposal how to connect git to repositories without putting password in plaintext configs?

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
Ivan Danilov
  • 14,287
  • 6
  • 48
  • 66

2 Answers2

6

It seems it is a bug in Cntlm: http://sourceforge.net/tracker/?func=detail&aid=3106663&group_id=197861&atid=963162

Pity.

UPD: just released 0.92 version handles this situation correctly. At least author claims so :)

UPD2: 0.92.3 works, I checked.

Ivan Danilov
  • 14,287
  • 6
  • 48
  • 66
1

Git usually hangs when there is some I/O expected during this proces. In your case, the username and password.
Once you set http.proxy (or %http_proxy% like in this question), git should try to get those login information in $HOME/.netrc (or %HOME%/_netrc on Windows)

The login information will still be in plain text, but in a file only readable by you. If the https protocol works, that information won't be in plain text over the network.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Yep, I read that question before posting, thanks. It is my last resort actually - to read and set HTTP_PROXY in script just before running git's sh.exe from msysgit. So I won't have passwords in plaintext but will type them each time I need git. Cntlm allows me to set just password hash in its config which is far better for me as I need to setup git on windows box in the domain where not only I have admin rights. – Ivan Danilov Jun 14 '11 at 15:17
  • @Ivan: so `_netrc` wouldn't be a good solution for you? I use it all the time, except I define `%HOME%` (which isn't defined by default on Windows, by the way) to an external drive (not a drive on my computer), which is protected to be read only by me. That way, even if I have to change workstation, I still have access to my `%HOME%/_netrc` file. – VonC Jun 14 '11 at 15:20
  • Well, Domain Administrator will have access to this folder anyway. It is somewhat paranoid, I know :) But I haven't different passwords for everything and everywhere so prefer never to store them plaintext. – Ivan Danilov Jun 14 '11 at 15:34
  • @Ivan: in that case, you can a wrapper for the git push which will: a/ decode the `username/password` from an encrypted source of your choice, generate the `_netrc` file, do the git push, ** [securely erase](http://superuser.com/questions/86824/how-to-secure-delete-file-or-folder-in-windows) ** the `_netrc`. And here you have it, no more "plain text" information ;) – VonC Jun 14 '11 at 16:53
  • Well if there's some util that doing this - I would have been happy :) Cntlm's approach though seems simpler. – Ivan Danilov Jun 14 '11 at 17:19