I don't think there is anything that needs changing with the git daemon
... or at least I was able to successfully clone over an SSH port forward.

I did get the same error as you originally, but this was due to SSH
failing to setup the tunnel connection (checking the logs showed that I
had got the hostname in the forward wrong).

We do it all the time. We have an internal server for git hosting, and
to use git+ssh you have to be inside the firewall. If you are outside,
you have to run through several SSH hops to get through the firewall.
We automate this using ssh-agent and keys forwarding.

To get ssh to work for you transparently, what you need to do is to
setup a special Host entry for your git server. For example, I have a

Host gitproxied.yourdomain
ProxyCommand ssh firewallhost "perl -MSocket -e
'\$h=shift;socket(X,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));connect(X,sockaddr_in(22,inet_aton(\$h)));\$x=fileno(X);vec(\$r,\$x,1)=1;vec(\$r,0,1)=1;\$|=1;\$0=\"connect
to \$h\";while(1){1 until
select(\$ro=\$r,undef,\$eo=\$r,undef);if(vec(\$ro,\$x,1)){recv(X,\$buf,2000,0);print
\$buf;}elsif(vec(\$ro,0,1)){sysread(STDIN,\$buf,2000)or
last;send(X,\$buf,0);}elsif(vec(\$eo,0,1)||vec(\$eo,\$x,1)){last}}'
git.yourdomain"

as I have several hops to go through, "firewallhost" has another Host
entry, describing how to get to it.

With this, when I'm outside the lan I can ssh into the "git" host by
invoking "ssh gitproxied.yourdomain", sftp and scp work too. So I
often have an "extra" remote called originproxied or similar.

cheers,


martin