Hoi,
I try to hg pull
from my private repo on Bitbucket.org
into my local repo on my Windows machine
from behind the company proxy that requires Windows authentication.
- I found the proxy server and port (Internet options of IE)
- I found the settings
Mercurial.ini
file in my%USERPROFILE%
I added this section to it (info):
[http_proxy]
host =TheProxyServer
:TheProxyServerPort
user =MyWindowsLogin
passwd =MyWindowsPassword
This works:
C:\path\to\repo> hg pull
http authorization required
realm: Bitbucket.org HTTP
user:
after I enter the credentials of Bitbucket, I get:
searching for changes
no changes found
But writing down the password in Mercurial.ini
is obviously a major security issue (besides having to update this file each month because of our password policies).
Is it somehow possible to let Mercurial ask for the proxy credentials?
Or store these credentials in a more secure way?
Edit:
I tried with the same settings and SSH, but I got this:
C:\path\to\repo> hg clone ssh://hg@bitbucket.org/ME/repo/
running ""C:\Program Files\TortoiseHg\TortoisePlink.exe" -ssh -2 hg@bitbucket.org "hg -R ME/repo/ serve --stdio"abort: no suitable response from remote hg!
And a dialog : "PuTTY Fatal Error - Network error: Connection timed out"
Edit2:
This question came up because Subversion handles this situation correctly:
In the Subversion servers
file I specify the proxy host and port too, and Subversion automagically sends my windows authentication to it. I don't have to enter nor write down my credentials anywhere when checking out source from the web via the proxy using e.g.
C:\workingdir> svn checkout http://okarito.googlecode.com/svn/trunk/ okarito-read-only
... Checked out revision 5.
Thanks in advance!
Jan
You can use the
--config
option tohg
as this allows you override configuration settings from the command line. The syntax is--config <section>.<name>=<value>
, so try this:This will leave your password in your command history but this is probably better than in the
Mercurial.ini
file.Another alternative is to run a local http proxy which then authenticates with your companies http proxy. You can run cntlm under Cygwin and safely store an NTLMv2 hash in the cntlm conf file. You then set you http proxy to be localhost:3128, and don't specify a username or password.
My other suggestion is to use TortoiseHg. This will store your proxy information, but I'm not sure if it's stored securely.