git push not working, when intercepted with SSH-MITM

[manfred-kaiser]

Hello @manfred-kaiser,

Your post about ssh-mitm around git audits was pretty helpful.
I was able to configure ssh-mitm to audit git clone commands to github remote repo from my local, using configs mentioned in this thread as well as in https://docs.ssh-mitm.at/user_guide/advanced-usage.html.
However, when trying to do writes on the same branch (tracking github remote branch), git push fails with error:

fatal: the remote end hung up unexpectedly

and on the ssh-mitm process, the output was

                    INFO     ℹ b72e07c7-b16d-4da6-b491-420063043d9c - session
                             started
                    INFO     got remote command: git-receive-pack '/user/foo.git'
Server data:
...
Client data:
...
[02/22/23 17:28:08] INFO     ℹ session b72e07c7-b16d-4da6-b491-420063043d9c closed

note: not seeing the remote command exit code, while I was expecting something like

remote command: git-receive-pack '/user/foo.git' exited with code: 0

Question:

• is this expected that ssh-mitm does not work for git push?
• why does git clone working but not git push? Is it because ssh-mitm implements some of the git protocol but not all?

Appreciate your help!

Originally posted by @hc-dev991 in #115 (comment)

[manfred-kaiser]

I have added a fix, which should work with most git commands: e2a2212

@hc-dev991 can you check, if it is working for you

[hc-dev991]

Thanks the prompt responses!

now as I do more testing on another machine, I discovered another behavior:
during push, git client see

send-pack: unexpected disconnect while reading sideband packet
fatal: the remote end hung up unexpectedly

but the push of new commit is successful to the remote github branch

this is observed on the new machine both before the workaround commit (direct installation using python3 -m pip install ssh-mitm) and after it (directly getting latest source code from your github repo). I don't have the earlier machine at hand, will do more testing to compare once getting time. both machines are macs, their git client versions might differ.

[manfred-kaiser]

@hc-dev991 have you tested the fix and is it working for you?

[hc-dev991]

@manfred-kaiser yes I got my

git version 2.39.2
Python 3.11.2

Before e2a2212

0. python3 -m pip uninstall ssh-mitm
1. run mitm server: python3 -m sshmitm -d server --remote-host github.com
2. git pull works
3. git push actually pushes contents to remote github branch, but with error message on client side

send-pack: unexpected disconnect while reading sideband packet
fatal: the remote end hung up unexpectedly

After e2a2212

0. download source code from github, pack into wheel, and python3 -m pip install ssh_mitm-3.0.2-py3-none-any.whl
1. run mitm server: python3 -m sshmitm -d server --remote-host github.com
2. git pull won't be able to finish, and it stuck
3. git push actually pushes contents to remote github branch, but with error message on client side

error: failed to push some refs to 'ssh://localhost:10022/<repo name>

[manfred-kaiser]

@hc-dev991 Thanks for testing.

It seems that GitHub works different to other code hosters/git implementations.

During my tests I'm working with "Gitea", which is an selfhosted alternative to GitHub.

I will try to fix it for Github.

[manfred-kaiser]

I have created a fix/workarround for Github.

Github and Gitea have different implementations 😞

It seems, Github needs to close the session on EOF in some cases, while Gitea does not need this.

There are more git commands, which needs to be tested. At the moment, Gitea is my major test platform for git, because this is selfhosted and I can do as much tests as I want.

Using Github might be more interesting for most users, but I need more test accounts, because too much failed tests can result in blocked users.