Git, SSH and ProxyCommand

I have a git server that is behind a firewall. I can access the firewall from my home, but not the git server. However, I can access the git server from the firewall (that is, I can SSH to the firewall and then SSH from the firewall to the git server). I am looking to push and pull to the git repos from my home machine, and I thought the SSH ProxyCommand would do it. So I added the following to my SSH config file:

Host git_server
 HostName git_server.dom
 User user_git_server
 IdentityFile ~/.ssh/id_rsa
 ProxyCommand ssh firewall exec nc %h %p

Host firewall
 HostName firewall.dom
 User user_firewall
 IdentityFile ~/.ssh/id_rsa

With this setup, I can directly SSH to the git server by doing ssh git_server. However, git commands that need to talk to the server do not work. git remote show origin fails with the message:

  • getting npm modules in node_modules under git control
  • How to create a git commit with date in the past?
  • GIT checkout shows files in a wrong encoding
  • Merging branches With Git
  • Error not found Git - trying Aurelia.js
  • How do I update my prompt to show current git branch on linux?
  • ssh: connect to host git_server.dom port 22: Operation timed out
    fatal: Could not read from remote repository.
    Please make sure you have the correct access rights and the repository exists.

    The url of the origin repo is


    I think I have most of the things in place, but am missing a small crucial piece. Any pointers to what I could be doing wrong?

  • Xcode 5: The repository could not be reached
  • Stashing while merging
  • How to clone a git repository with all branches?
  • Git change author name/email in a long ago commit in team repo
  • What is the best strategy to store in repository only changed files?
  • How to get a Maven release to work with git?
  • 2 Solutions collect form web for “Git, SSH and ProxyCommand”


    You are using the wrong URL for your repository. Since your ssh config file has a host entry for git_server you need to use that host name in your repository URL as well, otherwise SSH will not use a ProxyCommand.

    The correct URL should be either


    or simply


    It is possible, as mentioned in “Git clone from remote ssh repository – change the machine on the remote network before executing the clone command”, that you don’t have the command netcat on the proxy server.

    You have also another solution with socat, which will negotiate with the HTTP(S) proxy server using the CONNECT method to get you a clean pipe to the server on the far side. See socat.

    host gh
        user git
        port 22
        proxycommand socat - PROXY:your.proxy.ip:%h:%p,proxyport=3128,proxyauth=user:pwd

    Now you can just say (for example):

    git clone gh:sitaramc/git-notes.git
    Git Baby is a git and github fan, let's start git clone.