Products

Symantec ZTNA

Issue/Introduction

Accessing Git Services from Microsoft Windows using Luminate Secure Access Cloud

Resolution

Luminate Secure Access Cloud (TM) can be used for network-less access to Git servers hosted in any type of datacenter. For general setup instruction please refer to this article (also check for articles related to specific brands of hosted git servers).

Unlike on Linux and Mac OS X operating systems, there are a number of different git clients for Windows. This article will describe specific configuration that might be required in different configurations. IDEs that have built-in git capabilities usually integrate with client configurations below.

There are two main approaches in using Git over SSH under Windows:

Using an OpenSSH provided with a default Git for Windows distribution
Using Putty and its command-line version (plink.exe)

Below configurations cover various possible access scenarios using either of these.

Please note that examples below assume that the Git server is providing SSH access on port 7999 (it is a default configuration of Atlassian Bitbucket). Other Enterprise Git Server products, such as GitHub Enterprise or Gitlab, provide this on other ports. The configuration should be adjusted to your specific environment.

Git for Windows using OpenSSH

This is a standard configuration of Git for Windows, that can be installed either from https://git-scm.com/downloads or, using a lighter installer from https://gitforwindows.org/

When using this configuration, the CLI access via SSH is not different from the way it is done on Mac OS X or on Linux.

Inside Git-Bash, go to a home directory of the user, move to .ssh sub-directory and create a file called "config" with the content identical to one in the generic article.

Cloning into git repositories can later be done in the following way:

(mybitbucket is the host name of the git server, as defined in .ssh/config and /lum/test-repo.git is the URI of the repository being cloned)

Same procedure can be carried out from Git UI:

TortoiseGit for Windows with OpenSSH

TortoiseGit, a popular Windows Git Shell Extension can use either the standard OpenSSH client for connecting to Git servers (in this case, the configuration is very similar to the above) or to use a TortoiseGitPlink optimized SSH client (explanation about this can be found below).

In case OpenSSH is used, the configuration is identical to the one described above. When cloning a repository, use the same URL:

TortoiseGit for Windows with TortoiseGitPlink instead of OpenSSH

The choice of which SSH client will be used by TortoiseGit is done when installing TortoiseGit or when preparing it for first use:

This configuration can also be switched in TortoiseGit settings under "Network" tab at any given moment:

In order to configure TortoiseGit using plink to connect via Luminate, instead of modifying .ssh/config file, putty session(s) need to be defined and configured, conforming to the name/DNS of the git server. Created sessions will be stored in Registry under Computer\HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions, they can be exported and imported into other computers.

The below configuration is split into two separate sessions. It is done for better modular structure and supportability. The same configuration can be achieved within a single Putty session configuration as well.

External tunnel session via Luminate

This session is defining the connection to the SSH Application (defined in the Luminate Administration Portal) representing the Bitbucket server(s). Its name doesn't affect any part of the eventual user experience, only of the configuration. For the sake of an example, lets assume that it is git-server.

In the Session tab, define the following:

Host Name (as appears in the Luminate Applications Portal) - <application-name>.<company-name>.luminatesec.com
Port - 22
Saved Session - git-server

In the Connection --> Data tab, define the following:

Auto-login username - User name as shown in the Luminate Application Portal (local_account@ssh-application-name)

In the Connection --> SSH --> Auth tab, define the following:

Private Key File for Authentication - path to a PPK (Key in Puttygen format) leading to the SSH Key downloaded from the Luminate User Portal, converted by puttygen

Git session

This session should be named for a host representing the git server, part of the Git URL used in commands, such as "git push" or "git pull" (a-la "git clone ssh://git@git-session-name/repo/path)

In the Session tab, define the following:

Host Name - localhost
Port - 22
Saved Session - the host name that will be used in the git URLs

In the Connection --> Data tab, define the following:

Auto-login username - git

In the Connection --> Proxy tab, define the following:

Proxy type - Local
Proxy hostname - Doesn't matter if you don't use the %proxyhost variable in the local proxy command. Should be identical to the name of the session defined previously.
Proxy port - Doesn't matter if you don't use the variable in the local proxy command.
Consider proxying local host connections - very important that this is checked
Telnet command, or local proxy command - plink.exe <External-tunnel-session-name> -nc 127.0.0.1:7999

In the Connection --> SSH --> Auth tab, define the following:

Private Key File for Authentication - path to a PPK (Key in Puttygen format) leading to the SSH Key uploaded to the Git Server as the user's key (converted by puttygen)

After completing the above steps, cloning into the repository with TortoiseGit should be done using the server name corresponding to the Git session:

IntelliJ Idea (and similar tools) Built-in Git

IntelliJ Idea, as well as other IDE products developed by JetBrains come with a built-in Git client.

In order to benefit from the configurations made for an existing ssh/git clients, it is better to switch the ssh executable to"Native" from "Builtin" in the Settings:

Atlassian SourceTree

Atlassian SourceTree is a popular UI for Git for Windows. In order to use it properly, a choice of SSH Client needs to be made in the Preferences. Depending on the configuration that was implemented (OpenSSH - .ssh/config or Putty/plink sessions) the proper client should be selected:

Microsoft Visual Studio Code

Microsoft Visual Studio Code works with the Git client that is installed and configured on the Windows environment, therefore, any of the above configurations are supported by VSCode out of the box.

Syntevo SmartGit

When installing Syntevo SmartGit, a choice of using a system SSH client can be made. This way, all of the above configurations will be supported automatically in SmartGit:

The SSH client can be switched after installing SmartGit at any time in the Preferences:

Axosoft Gitcracken

According to its documentation (https://support.gitkraken.com/integrations/authentication) Gitcracken does not support the use of SSH Configurations. In order to use it with Luminate Secure Access Cloud (TM) an SSH Tunnel to the Git server needs to be established, mapping its SSH port to a local port, as described in this article.