-
Notifications
You must be signed in to change notification settings - Fork 718
DEV Chaining_Git_Over_SSH
Dave Wallace edited this page May 8, 2026
·
1 revision
**Problem: **
Your development machine is a lab machine in DMZ. However, you need to access some git repo (gerrit.fd.io) that you cannot directly clone onto a lab-development machine. How to achieve it ? **Rudimentary Solution: **
Clone the repo onto a machine (say laptop) that can access gerrit.fd.io and scp it to the lab-development machine. **Issues: **
- For any change you wish to send out for review, you need to create a patch and patch the repo on your laptop.
- In the mean time, if remote-repo is modified, you need to do a git pull . Unfortunately, you cannot as your lab-development machine is in DMZ.
- Many other git commands cannot be used and I do not go over them here.
**Solution: **SSH Chaining.
The following solution description takes gerrit.fd.io as an example. One can extend this solution to any other code repo or even for multi-hop ssh.
- First you need a system from where you have access to gerrit.fd.io . For our documentation here, lets call hostname as mystery and username as arcane .
- Create a ssh-key pair using ssh-keygen to enable password-less ssh login. For details 'man ssh-keygen'. The below command generates two files multihop.rsa and multihop.rsa.pub in ~/.ssh directory. multihop.rsa.pub is a public key and multihop.rsa is a private key. Details: Public Key Cryptography. **NOTE: **This step is optional if you already have a pair of keys, which you would like to use.
ssh-keygen -C "SSH key for multi-hop for arcane" -f ~/.ssh/multihop.rsa -N ""
-C: Comment
-f: ouput filename
-N: passphrase; using "" is fine.
-
Login to mystery as arcane and append contents of multihop.rsa.pub to ~/.ssh/authorized_keys. By doing so, mystery will allow password-less ssh login when corresponding private key is used, which you will specify in the next step on the lab-development machine from where you login.
-
Edit ~/.ssh/config on the lab-development machine and add the following:
Host mystery
User arcane
IdentityFile ~/.ssh/multihop.rsa
# Should have port on the first line
Host gerrit.fd.io
ProxyCommand ssh -q mystery nc gerrit.fd.io 29418
User <gerrit username>
IdentityFile <path to gerrit identity private key on lab-development machine>
How to get access to gerrit ? Obtain VPP Source Code
**Now you should be able to perform your favorite git operations. **
ssh://gerrit.fd.io/vpp.git
git clone
Cloning into 'vpp'...
remote: Counting objects: 986, done
remote: Finding sources: 100% (41/41)
remote: Total 1655 (delta 0), reused 1626 (delta 0)
Receiving objects: 100% (1655/1655), 2.66 MiB | 1.42 MiB/s, done.
Resolving deltas: 100% (651/651), done.
Checking connectivity... done.
There was no need to specify username and port on the command line as you have added them in ~/.ssh/config.
- VPP-ABF
- VPP API Concepts
- VPP API Versioning
- VPP-ApiChangeProcess
- VPP-ArtifactVersioning
- VPP-BIER
- VPP-Bihash
- VPP-BugReports
- VPP Build System Deep Dive
- VPP Build, Install, And Test Images
- VPP-BuildArtifactRetentionPolicy
- VPP-c2cpel
- VPP-CodingTips
- VPP Command Line Arguments
- VPP Command Line Interface CLI Guide
- VPP-CommitMessages
- VPP-CommitterTasks-ApiFreeze
- VPP CommitterTasks Compare API Changes
- VPP-CommitterTasks-CutPointRelease
- VPP-CommitterTasks-CutRelease
- VPP-CommitterTasks-FinalReleaseCandidate
- VPP-CommitterTasks-PullThrottleBranch
- VPP-CommitterTasks-ReleasePlan
- VPP Configure An LW46 MAP E Terminator
- VPP Configure VPP As A Router Between Namespaces
- VPP Configure VPP TAP Interfaces For Container Routing
- VPP-CoreFileMismatch
- VPP-cpel
- VPP-cpeldump
- VPP-DHCPv6
- VPP-DistributedOwnership
- VPP DPOs And Feature Arcs
- VPP EC2 Instance With SRIOV
- VPP-elog
- VPP-FAQ
- VPP Feature Arcs
- VPP-g2
- VPP-HA
- VPP-HostStack
- VPP-HostStack-BuiltinEchoClientServer
- VPP-HostStack-EchoClientServer
- VPP-HostStack-ExternalEchoClientServer
- VPP HostStack Hs Test
- VPP-HostStack-LDP-iperf
- VPP-HostStack-LDP-nginx
- VPP-HostStack-LDP-sshd
- VPP-HostStack-nginx
- VPP-HostStack-SessionLayerArchitecture
- VPP-HostStack-TestHttpServer
- VPP-HostStack-TestProxy
- VPP-HostStack-TLS
- VPP-HostStack-VCL
- VPP-HostStack-VclEchoClientServer
- VPP How To Add A Tunnel Encapsulation
- VPP How To Build The Sample Plugin
- VPP How To Connect A PCI Interface To VPP
- VPP How To Create A VPP Binary Control Plane API
- VPP How To Deploy VPP In EC2 Instance And Use It To Connect Two Different VPCs
- VPP How To Optimize Performance %28System Tuning%29
- VPP How To Use The API Trace Tools
- VPP How To Use The C API
- VPP How To Use The Packet Generator And Packet Tracer
- VPP-Howtos
- VPP Installing VPP Binaries From Packages
- VPP Interconnecting vRouters With VPP
- VPP Introduction To IP Adjacency
- VPP Introduction To N Tuple Classifiers
- VPP-IPFIX
- VPP-IPSec
- VPP IPSec And IKEv2
- VPP-Macswapplugin
- VPP-Meeting
- VPP-MFIB
- VPP Missing Prefetches
- VPP Modifying The Packet Processing Directed Graph
- VPP MPLS FIB
- VPP-NAT
- VPP Per Feature Notes
- VPP Performance Analysis Tools
- VPP-perftop
- VPP Project Meeting Minutes
- VPP Pulling, Building, Running, Hacking And Pushing VPP Code
- VPP Pure L3 Between Namespaces With 32s
- VPP Pure L3 Container Networking
- VPP Pushing And Testing A Tag
- VPP Python API
- VPP-QuickTrexSetup
- VPP Random Hints And Kinks For KVM Usage
- VPP Release Plans Release Plan 26.06
- VPP-RM
- VPP-SecurityGroups
- VPP Segment Routing For IPv6
- VPP Segment Routing For MPLS
- VPP Setting Up Your Dev Environment
- VPP-SNAT
- VPP Software Architecture
- VPP STN Testing
- VPP The VPP API
- VPP Training Events
- VPP-Troubleshooting
- VPP-Troubleshooting-BuildIssues
- VPP-Troubleshooting-Vagrant
- VPP Tutorial DPDK And MacSwap
- VPP-Tutorials
- VPP Use VPP To Chain VMs Using Vhost User Interface
- VPP Use VPP To Connect VMs Using Vhost User Interface
- VPP Using mTCP User Mode TCP Stack With VPP
- VPP Using VPP As A VXLAN Tunnel Terminator
- VPP VPP BFD Nexus
- VPP VPP Home Gateway
- VPP-VPPCommunicationsLibrary
- VPP What Is VPP
- VPP Working With The 16.06 Throttle Branch