How to Execute Git Commands Without Being on the GitHub IP Allow List

Prem ChoudharyPrem Choudhary
2 min read

The issue in the above practices is that, in organization they cannot afford that anyone can git clone there repository so the organization uses GitHub IP allow list.

What is IP allow list?
It is a list of allowed IPs who can only Execute Git Commands
But whenever EC2 instances are restarted or new instances are created by the auto scaling group, it will allocated different public IPs every time so we cannot do like every time we update the IP allow list of GitHub. Instead, we can use Bastion server/jump host as a proxy between instances and the GitHub.

We will use SSH Tunnel, between EC2 → Bastion server → Github.com

Steps to execute this approach: -
1. Create a EC2 instance (Bastion server).
2. Generate a ssh key in Bastion server. By running: ssh-keygen
3. Run and copy the key: cat ~/.ssh/<name_of_key>.pub
4. Go to GitHub → setting → ssh and GPG keys → Click new ssh key → Paste the key
5. Go to EC2 where you have to git pull.
6. Create a key there and copy that public key
7. Go to Bastion server.
8. Paste the key in the ~/.ssh/authorised_keys file
9. Edit your EC2 User data and add these command to it.

ssh -i "bastion_server_pemkey.pem" -f -N -g -L 9999:github.com:22 ubuntu@<Bastion-server-ip> -v

git clone github-tunnel:<github-user>/<github-repo>.git 

echo -e "Host github-tunnel \
    HostName localhost \
    Port 9999 \
    User git \
    IdentityFile ~/.ssh/private_key" > ~/.ssh/.config

This will connect EC2’s 9999 port to the 22 port of Bastion server.

Hari OM Tat Sat🕉️❤️.

10
Subscribe to my newsletter

Read articles from Prem Choudhary directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Prem Choudhary
Prem Choudhary

DEVOPS ENGINEER | AWS | Java | Linux | Python | Git | Github | Docker | Spring Boot | Ansible | Jenkins | Algorithmic Trader | Pine Editior