|
NAMEproxytunnel - program to tunnel a connection through a standard HTTPS proxySYNOPSISproxytunnel [OPTION]...DESCRIPTIONproxytunnel is a program to tunnel any connection through a standard HTTPS proxy, circumventing standard HTTP filtering mechanisms. It’s mostly used as a backend for OpenSSH’s ProxyCommand, and as a proxy backend for Putty. It can also be used for other proxy-traversing purposes like proxy bouncing.OPTIONS-i, --inetdRun from inetd (default: off)
-a, --standalone=port Run as standalone daemon on specified port
-p, --proxy=host:_port_ Use host and port as the local proxy to
connect to, if not specified the HTTP_PROXY environment variable, if
set, will be used instead
-r, --remproxy=host:_port_ Use host and port as the remote (secondary)
proxy to connect to
-d, --dest=host:_port_ Use host and port as the destination for
the tunnel, you can also specify them as the argument to the proxytunnel
command
-e, --encrypt SSL encrypt data between local proxy and
destination
-E, --encrypt-proxy SSL encrypt data between client and local proxy
-X, --encrypt-remproxy SSL encrypt data between local and remote (secondary)
proxy
-W, --wa-bug-29744 If SSL is in use (by -e, -E, -X
options), stop using it immediately after the CONNECT exchange to workaround
apache server bugs. (This might not work on all setups; see
/usr/share/doc/proxytunnel/README.Debian.gz for more details.)
-B, --buggy-encrypt-proxy Equivalent to -E -W. (Provided for backwards
compatibility.)
ADDITIONAL OPTIONS-T, --no-ssl3Prevent the use of SSLv3 in encrypted connections
(default: enabled)
-z, --no-check-certificate Do not verify server SSL certificate when establishing an
SSL connection. By default, the server SSL certificate is verified and the
target host name is checked against the server certificate’s subject
alternative names if any are present, or common name if there are no subject
alternative names.
-C, --cacert=filename/directory Specify a CA certificate file (or directory containing CA
certificate(s)) to trust when verifying a server SSL certificate. If a
directory is provided, it must be prepared with OpenSSL’s c_rehash
tool. (default: /etc/ssl/certs)
-F, --passfile=filename Use filename for reading username and password for
HTTPS proxy authentication, the file uses the same format as .wgetrc and can
be shared with wget. Use this option, or environment variables to hide the
password from other users
-P, --proxyauth=username:_password_ Use username and password as credentials to
authenticate against a local HTTPS proxy, the username and password can also
be specified in the PROXYUSER and PROXYPASS environment
variables to hide them from other users. If the password is omitted and
no PROXYPASS environment variable is set, proxytunnel will prompt for a
password
-R, --remproxyauth=username:_password_ Use username and password as credentials to
authenticate against a remote (secondary) HTTPS proxy, the username and
password can also be specified in the REMPROXYUSER and
REMPROXYPASS environment variables to hide them from other users. If
the password is omitted and no REMPROXYPASS environment variable
is set, proxytunnel will prompt for a password
-N, --ntlm Use NTLM basd authentication
-t, --domain=STRING Specify NTLM domain (default: autodetect)
-H, --header=STRING Add additional HTTP headers to send to proxy
-x, --proctitle=STRING Use a different process title
MISCELLANEOUS OPTIONS-v, --verboseTurn on verbosity
-q, --quiet Suppress messages
-h, --help Print help and exit
-V, --version Print version and exit
ARGUMENTShost:_port_ is the destination hostname and port number combinationNote Specifying the destination as arguments is exactly the same as specifying them using the -d or --dest option. USAGEDepending on your situation you might want to do any of the following things:•Connect through a local proxy to your home
system on port 22
$ proxytunnel -v -p proxy.company.com:8080 -d system.home.nl:22 •Connect through a local proxy (with
authentication) to your home system
$ proxytunnel -v -p proxy.company.com:8080 -P username:password -d system.home.nl:22 •Connect through a local proxy (with
authentication) hiding your password
$ export PROXYPASS=password $ proxytunnel -v -p proxy.company.com:8080 -P username -d system.home.nl:22 •Connect through a local proxy to a remote
proxy and bounce to any system
$ proxytunnel -v -p proxy.company.com:8080 -r proxy.athome.nl:443 -d system.friend.nl:22 •Connect using SSL through a local proxy to
your home system
$ proxytunnel -v -E -p proxy.company.com:8080 -d system.home.nl:22 OPENSSH CONFIGURATIONTo use this program with OpenSSH to connect to a host somewhere, create a ~/.ssh/config file with the following content:Host system.athome.nl ProxyCommand proxytunnel -p proxy.company.com:8080 -d %h:%p ServerAliveInterval 30 Note The ServerAliveInterval directive makes sure that idle connections are not being dropped by intermediate firewalls that remove active sessions aggresively. If you see your connection dropping out, try to lower the value even more. To use the dynamic (SOCKS) portforwarding capability of the SSH client, you can specify the DynamicForward directive in your ssh_config file like: Host system.athome.nl DynamicForward 1080 ProxyCommand proxytunnel -p proxy.company.com:8080 -d %h:%p ServerAliveInterval 30 NOTESImportant Most HTTPS proxies do not allow access to ports other than HTTPS (tcp/443) and SNEWS (tcp/563). In this case you need to make sure the SSH daemon or remote proxy on the destination system is listening on either tcp/443 or tcp/563 to get through. ENVIRONMENTProxytunnel can be influenced by setting one of the following environment variables:HTTP_PROXY If this environment variable is set, proxytunnel will use
it as the local proxy if -p or --proxy is not
provided
PROXYUSER If this environment variable is set, proxytunnel will use
it as the username for proxy authentication, unless specified using the
-P or --proxyauth option
PROXYPASS If this environment variable is set, proxytunnel will use
it as the password for proxy authentication, unless specified using the
-P or --proxyauth option
REMPROXYUSER If this environment variable is set, proxytunnel will use
it as the username for remote (secondary) proxy authentication, unless
specified using the -R or --remproxyauth option
REMPROXYPASS If this environment variable is set, proxytunnel will use
it as the password for remote (secondary) proxy authentication, unless
specified using the -R or --remproxyauth option
SEE ALSOssh(1), ssh_config(8) BUGSThis software is bug-free, at least we’d like to think so. If you do not agree with us, please attach the proof to your friendly email :)AUTHORThis manpage was initially written by Loïc Le Guyader <loic.leguyader@laposte.net[1]> for the Debian GNU/Linux system, revamped in asciidoc by Dag Wieërs <dag@wieers.com[2]> and is now maintained by the Proxytunnel developers.Homepage at http://proxytunnel.sourceforge.net/ AUTHORProxytunnel developersAuthor.
NOTES
mailto:loic.leguyader@laposte.net
mailto:dag@wieers.com
Visit the GSP FreeBSD Man Page Interface. |