使用git bash通过HTTPS在特定计算机上进行身份验证失败-后续问题 [英] Authentication failed on a specific machine via HTTPS with git bash - follow up question

问题描述

有了这个先前的答案，我就能够在有问题的机器上使用 git clone，等等，并且使用SSH . 但是-仅在这样的机器上-我仍然从git bash收到 https 的错误:

With this previous answer I was able to use git clone, etc using SSH on the problematic machine. But - only on such machine - I'm still getting an error from git bash for https:

$ git clone https://giuliohome:mypassword@github.com/giuliohome/MyPrivateRepo.git
Cloning into 'MyPrivateRepo'...
remote: Repository not found.
fatal: Authentication failed for 'https://github.com/giuliohome/MyPrivateRepo.git/'

我试图通过github Web设置创建一个个人访问令牌，并使用它代替密码，但是它也像上面那样在有问题的机器上失败了(同样，它可以在另一台机器上工作).

I've tried to create a personal access token via github web settings and use it instead of the password but it also fails like above on the problematic machine (again, it works on another machine).

我还尝试通过Windows凭据管理器删除/更改/添加git凭据.

I've also tried to remove/change/add the git credentials through windows credential manager.

修改 抱歉，我原来的问题是

Edit Sorry guys, my original problem was

证书问题:无法获取本地颁发者证书

(这个问题是昨天在tortoisegit更新导致一个浏览器进程被杀死并弄乱了我的PC中的东西之后产生的.)

(The problem originated yesterday after an update of tortoisegit killed an explorer process and messed up something in my pc...)

我尝试了快速解决方法sslVerify = false，但遇到上述错误，但返回到true，我看到了证书问题

I tried the quick workaround sslVerify = false and I got the above error, but returning to true I see the certificate problem back

在此请求的详细信息

MYDOMAIN+MYDOMAINUSER@MYMACHINE MINGW64 /c/sviluppi/.../code/git/test2
$ git config -l --show-origin
file:C:/Program Files/Git/etc/gitconfig diff.astextplain.textconv=astextplain
file:C:/Program Files/Git/etc/gitconfig filter.lfs.clean=git-lfs clean -- %f
file:C:/Program Files/Git/etc/gitconfig filter.lfs.smudge=git-lfs smudge -- %f
file:C:/Program Files/Git/etc/gitconfig filter.lfs.process=git-lfs filter-process
file:C:/Program Files/Git/etc/gitconfig filter.lfs.required=true
file:C:/Program Files/Git/etc/gitconfig http.sslbackend=openssl
file:C:/Program Files/Git/etc/gitconfig http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
file:C:/Program Files/Git/etc/gitconfig core.autocrlf=true
file:C:/Program Files/Git/etc/gitconfig core.fscache=true
file:C:/Program Files/Git/etc/gitconfig core.symlinks=false
file:C:/Program Files/Git/etc/gitconfig core.editor="C:\\Program Files\\Notepad++\\notepad++.exe" -multiInst -notabbar -nosession -noPlugin
file:C:/Program Files/Git/etc/gitconfig credential.helper=manager
file:C:/Users/mydomainuser/.gitconfig        user.name=Giulio
file:C:/Users/mydomainuser/.gitconfig        user.email=giuliohome@xxxx.com
file:C:/Users/mydomainuser/.gitconfig        http.sslverify=true
file:C:/Users/mydomainuser/.gitconfig        credential.https://github.com.helper=manager
file:C:/Users/mydomainuser/.gitconfig        credential.https://github.com.username=giuliohome

我使用的是Windows 10 Enterprise，最终希望使用tortoisegit，但此刻我在git bash级别受阻. 所以现在我使用的是纯git，我想在那里解决问题，那么我想我将可以返回tortoisegit(同样，我说的是git https，因为git ssh如前所述工作)

I'm on Windows 10 Enterprise, I wish to use tortoisegit in the end but at the moment I'm blocked at git bash level. So now I'm using the pure git and I want to solve the issue there, then I guess I will be able to return to tortoisegit (again, I'm speaking about git https, because git ssh works as already said)

现在是我的c:\users\mydomainuser\.gitconfig

[user]
    name = Giulio
    email = giuliohome@xxxx.com
[http]
    sslVerify = true
    sslbackend = openssl
    sslcainfo = C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
[credential "https://github.com"]
    helper = manager
    username = giuliohome

用openssl替换sslbackend=schannel后，我得到unable to get local issuer certificate

最后，让我补充说，此计算机上的McAfee Endpoint Security和 Blue Coat Unified Agent 均处于活动状态.

Finally, let me add that McAfee Endpoint Security is active on this machine and also the Blue Coat Unified Agent.

推荐答案

我怀疑基于某种计算机的IP地址，实际上已通过某种安全机制阻止了https连接.

I suspect that the https connection is actually blocked, based on the IP address of the machine, by some security mechanism.

之所以这样，是因为如果我更改机器的ip并生成一个新的个人访问令牌，它似乎只能工作一次，只有一次，因此，我猜想它是一个安全防火墙网络上的主机正在默默地阻止连接.他们还告诉我，通过查看McAfee日志，问题不存在.我已经通过在同一台计算机上克隆一个bitbucket私有存储库进行了测试，但是授权失败，所以github看起来也没有错误...

I've derived this because if I change the ip of the machine and I produce a new personal access token, it seems to work for just a single time, one shot, hence I'd guess that it is a security firewall on the network is silently blocking the connection. They also told me that, by looking at McAfee logs, the issue is not there. I've done a test by cloning a bitbucket private repo on the same machine but the authorization fails, so github looks not at fault either...

所以最后我要说的是此答案中所述的Blue Coat统一代理.

So finally I'd say it could be Blue Coat Unified Agent as described in this answer.

是的，这已经确认，我暂时断开了Blue Coat Unified Agent的连接，并且git clone现在也可以通过https正常运行. 为了确定要解决的问题，他们从git verbose中注意到了错误401，并且可能还委托了github证书.

Yes, this is confirmed, I have momentarily disconnected the Blue Coat Unified Agent and git clone is now working as expected also via https. To definitely fix it they noticed from git verbose the error 401 and maybe entrusted github certificate.

就原始问题的描述而言，另请参见以下步骤，在重现此github问题的步骤中报告了有关"

As far as the description of the original problem is concerned, see also the following sentence reported in the steps to reproduce this github issue about the context of "Multiple issues related to SSL Interception (environs with proxy, enterprise MITM, etc)"

建议设置实验室并配置企业级 执行MITM的安全产品(例如BlueCoat或类似产品)，然后 使用内部证书进行回传.

Recommend setting up a lab and configuring an Enterprise grade security product such as BlueCoat or similar that does MITM, then using internal certificates for the pass-back.

这篇关于使用git bash通过HTTPS在特定计算机上进行身份验证失败-后续问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！