I have built a docker container, based on jenkins/jenkins:lts, where I configured appropriate ProxyCommand for our convoluted intranet setup in /etc/ssh/ssh_config, and preinstalled the blueocean plugin using the /usr/local/bin/install-plugins.sh script.

With this setup, I can create a project referring to our internal git repository as the Git client plugin uses the git binary (as is by default), which uses ssh, which reads the configuration and correctly tunnels through the proxy. However when I switch to BlueOcean, and try to create the pipeline from there, it fails to connect. The log says:

SEVERE: Error running git remote-ls: org.eclipse.jgit.api.errors.TransportException: ssh://git@internal.git.server.com:4567/dep/Project.git: Failed to connect
hudson.plugins.git.GitException: org.eclipse.jgit.api.errors.TransportException: ssh://git@internal.git.server.com:4567/dep/Project.git: Failed to connect
Caused by: org.eclipse.jgit.api.errors.TransportException: ssh://git@internal.git.server.com:4567/dep/Project.git: Failed to connect
Caused by: org.eclipse.jgit.errors.TransportException: ssh://git@internal.git.server.com:4567/dep/Project.git: Failed to connect
Caused by: java.io.IOException: There was a problem while connecting to internal.git.server.com:4567
Caused by: java.net.UnknownHostException: internal.git.server.com: Name or service not known

(anonymised the server and project name, otherwise exact log except the backtraces; full log including the backtraces attached)

The server name is not known, because only the proxy server can resolve it. The configuration in /etc/ssh/ssh_config is like:

Host internal.git.server.com
ProxyCommand socat - proxy:10.20.30.40:%h:%p,proxyport=8080,proxyauth=user:password 

The %h, which gets expanded to internal.git.server.com, is resolved by the proxy, so it does not matter than the Jenkins host does not have the DNS for the land behind the proxy. However, the blueocean connection manages to do a request that goes through the JGit and the Java ssh2 library (com.trilead.ssh2), even when they are not configured in the git-client-plugin options, and this does not honor that configuration and fails.

Workaround

I haven't tested it yet, but I realised a workaround would be to:

1. Add internal.git.server.com to /etc/hosts, pointing to localhost and
2. Get socat tcp-listen:4567,reuseaddr,fork proxy:1020.30.40:internal.git.server.com:4567,proxyport=8080,proxyauth=user:password running in the background—that is, create kind of transparent proxy of it.

Then no ssh configuration is needed.

I still believe that either the access should consistently honour the settings.