[ACCEPTED]-Does git clone work through NTLM proxies?-ntlm

Accepted answer
Score: 26

Default NTLM credentials

In order to use default NTLM credentials, provide 3 an empty username and password

git config --global http.proxy https://:@proxy:port

Firewall Client for ISA Server

Instead of 2 setting proxy for git, npm, etc. you can 1 use Firewall Client for ISA Server from Microsoft. After installation:

Start > Autostart > Microsoft Firewall Client Management

Settings tab > Manual specified ISA Server > proxy:port Web Browser tab > Uncheck "Enable web browser automatic configuration."

Score: 23

Git supports NTLM proxy authentication from 5 version 1.7.10 onwards, relevant commit is https://github.com/gitster/git/commit/dd6139971a18e25a5089c0f96dc80e454683ef0b

1.7.10 release notes briefly 4 mentioned it as:

* HTTP transport learned to authenticate with a proxy if needed.

I've successfully tested 3 it with the proxy at my workplace which 2 is NTLM and requires user/pass, you can 1 test yourself with following commands:

git config --global http.proxy http://user:password@proxy.com:port
git clone http://git.videolan.org/git/bitstream.git


Score: 10

Cloning works for me but only over HTTP 4 (since our corporate firewall blocks the 3 ssh/git protocols):

$ export http_proxy="http://username:password@proxy:port/"
$ git clone http://github.com/sunlightlabs/fiftystates_site.git fifty
Initialized empty Git repository in /home/user/fifty/.git/
got e15f5192b923d8e87abaeb9406d0f4d80403da09
walk e15f5192b923d8e87abaeb9406d0f4d80403da09
got a78b792191f1cf5e961753dcfe05e9c809bdb0ed
got 76e6e86e72a0f998f7663da69ca49c457a302e27
walk 76e6e86e72a0f998f7663da69ca49c457a302e27
got 35b68a3b876fb90e73ba7a7eb51432e825ef2aa3

Github suggests cloning 2 via git://github.com/... but you have to change it to http://github.com/... manually.

Edit: I'm 1 using git version

Hope that helps!

Score: 10

AndreaG (in a comment above) has the only 17 acceptable answer to this problem that I 16 can find. It seems that Git just won't 15 work with NTLM proxies even though it really 14 should because cURL (which it uses underneath) does 13 work just fine. Why this issue can't be 12 fixed I have no idea. It seems to be 11 a fairly common issue.

The solution, in full 10 then, is to use ntlmaps to act as a proxy 9 to the proxy. All you need to do is 8 to download the latest version of the app 7 from: http://ntlmaps.sourceforge.net/

Change the config file to include 6 your authentication and proxy details and 5 then set the proxy to be your new local 4 one:

git config --global http.proxy http://localhost:5865

I can confirm that it works just fine. Not 3 only that you can use it for any app that 2 requires NTLM authentication but does not 1 provide full NTLM support.

Score: 9

You can also use cntlm,


A solution similar 12 to ntlmaps but written in pure C. It works 11 in the same way as ntlmaps by creating a 10 local proxy server ( at a port 9 (3128 default) on your machine. This new 8 locally created proxy server does not require 7 any authentication and thus can be used 6 with any application that supports http 5 proxy. It can also create a local socks 4 proxy if you need one.

The main advantage 3 over ntlmaps which is written in python, is 2 that cntlm has very low CPU and RAM usage, typically 1 <2%.

Score: 4

Since this was a question I kept finding 36 on my search to make this work, I'll add 35 my answer here.

I needed to get access to 34 a github.com hosted repo working via an 33 http(s) proxy (that requires NTLM authentication) on 32 one network, and have it still work when 31 on a normal internet connection, from our 30 Mac OS X dev machines.

Here is how I made 29 it work. This won't work for every git hosting 28 provider, but I'm posting in case it helps 27 you figure this out. This is also only for 26 Mac OS X, but if you figure out how to run 25 something on network change for your system, the 24 rest should follow.

I had to use git clone git@github.com:user/repo.git after setting 23 up ssh access as normal (http://help.github.com/mac-set-up-git/).

I 22 then needed to setup a local http(s) proxy 21 that handles the NTLM authentication, such 20 as ntlmaps, cntlm or Authoxy. I've tested 19 with Authoxy. I'll leave configuring this 18 to you, because you'll need to know your 17 own proxy details.

You'll also need corkscrew, which 16 is just sudo port install corkscrew if you have MacPorts.

Then I added 15 the following to ~/.ssh/config:

Host github.com.disabled
User git
HostName ssh.github.com
Port 443
ProxyCommand /opt/local/bin/corkscrew localhost 6574 %h %p

Where 6574 is the TCP 14 port I set Authoxy to listen on.

Now I created 13 a script that tries to find the http(s) proxy 12 server, and configures the ssh setup according 11 to what it finds, at /usr/local/bin/locationchanger:


set -o nounset
set -o errexit

sleep 10 # allow for WiFi to actually connect.

# if we can find the proxy server, then use it.
if ! host proxy.internal.network;
    echo "Proxy server not found, clearing http(s) proxy";
    sed -i '.backup' -E 's/^Host github.com$/Host github.com.disabled/' "$HOME/.ssh/config"
    echo "Proxy server found, setting http(s) proxy";
    sed -i '.backup' -E 's/^Host github.com.disabled$/Host github.com/' "$HOME/.ssh/config"
echo "Done."

Don't forget to chmod +x /usr/local/bin/locationchanger.

Now 10 create ~/Library/LaunchAgents/LocationChanger.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
<plist version="1.0">

And then launchctl load ~/Library/LaunchAgents/LocationChanger.plist. This launchd job will 9 run whenever the network changes. If it 8 can find your internal network http(s) proxy 7 server, it will make ssh use corkscrew to 6 work through Authoxy, which will handle 5 working through the company proxy. If it 4 can't find the proxy server, it will disable 3 the special ssh config, and you're working 2 just like normal.

Now our team doesn't have 1 to think about network switching anymore.

Score: 4




git config --global http.proxyauthmethod basic

I had the same issue when git (curl) proxy 8 auth did not work. Credentials were right. Upgrade 7 to the latest git-v2.15.0 did not help.

The 6 issue was due to wrong proxy authentication 5 method chosen by git-libcurl.

The valid proxy_authmethod 4 options are defined in git source: https://github.com/git/git/blob/d0e9983980a25e0c398cc03342e5ad22ef85b8a8/http.c#L81

The proxyauthmethod 3 can be defined either through GIT_HTTP_PROXY_AUTHMETHOD environment 2 variable or http.proxyauthmethod git config option. Environment 1 variable overrides the config option value.

Score: 3

I've been using ntlmaps and been having 3 good results getting through windows/NT 2 proxies: http://ntlmaps.sourceforge.net/

The git configuration is:

git config 1 --global http.proxy http://localhost:5865

Score: 0

I have stumbled on a more easier and possibly 8 safer solution that works not just for git 7 but also any command based installers

  • Rubygems in ruby
  • npm in node

One 6 solution running all your traffic from command 5 line is proxied with authentiction.

Wont expose your password in the user:password@domain:port format


Download 4 Fiddler, It has a built in way to add authentication 3 headers to all requests.

Once running menu 2 Rules-> Automatically Authenticate (Tick 1 that)

Then for git

git config --global http.proxy http://localhost:8888
git config --global https.proxy http://localhost:8888

Thats it!

More Related questions