views:

458

answers:

2

Hoi,

I try to hg pull
from my private repo on Bitbucket.org
into my local repo on my Windows machine
from behind the company proxy that requires Windows authentication.

  • I found the proxy server and port (Internet options of IE)
  • I found the settings Mercurial.ini file in my %USERPROFILE%
  • I added this section to it (info):

    [http_proxy]
    host = TheProxyServer : TheProxyServerPort
    user = MyWindowsLogin
    passwd = MyWindowsPassword

  • This works:

C:\path\to\repo> hg pull
http authorization required
realm: Bitbucket.org HTTP
user:

after I enter the credentials of Bitbucket, I get:

searching for changes
no changes found

But writing down the password in Mercurial.ini is obviously a mayor security issue (besides having to update this file each month because of our password policies).

Is it somehow possible to let Mercurial ask for the proxy credentials?
Or store these credentials in a more secure way?

Edit:

I tried with the same settings and SSH, but I got this:

C:\path\to\repo> hg clone ssh://[email protected]/ME/repo/
running ""C:\Program Files\TortoiseHg\TortoisePlink.exe" -ssh -2 [email protected] "hg -R ME/repo/ serve --stdio"

abort: no suitable response from remote hg!

And a dialog : "PuTTY Fatal Error - Network error: Connection timed out"

Edit2:

This question came up because Subversion handles this situation correctly:

In the Subversion servers file I specify the proxy host and port too, and Subversion automagically sends my windows authentication to it. I don't have to enter nor write down my credentials anywhere when checking out source from the web via the proxy using e.g.

C:\workingdir> svn checkout http://okarito.googlecode.com/svn/trunk/ okarito-read-only
... Checked out revision 5.

Thanks in advance!
Jan

+1  A: 

You can use the --config option to hg as this allows you override configuration settings from the command line. The syntax is --config <section>.<name>=<value>, so try this:

hg --config http_proxy.passwd=YourWindowsPassword pull

This will leave your password in your command history but this is probably better than in the Mercurial.ini file.

Dave Webb
+2  A: 

Another alternative is to run a local http proxy which then authenticates with your companies http proxy. You can run cntlm under Cygwin and safely store an NTLMv2 hash in the cntlm conf file. You then set you http proxy to be localhost:3128, and don't specify a username or password.

My other suggestion is to use TortoiseHg. This will store your proxy information, but I'm not sure if it's stored securely.

brianegge
Tortoise HG uses a password edit control in the properties dialog, nice!, but the password ends up in the same unencypted place: mercurial.ini
jan
Installing a local proxy just for hg seems a bit overkill, but a good suggestion nonetheless. Thanks!
jan