'\" t .\" Title: proxytunnel .\" Author: Proxytunnel developers .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: Augustus 2008 .\" Manual: \ \& .\" Source: \ \& 1.9.0 .\" Language: English .\" .TH "PROXYTUNNEL" "1" "Augustus 2008" "\ \& 1\&.9\&.0" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" proxytunnel \- program to tunnel a connection through a standard HTTPS proxy .SH "SYNOPSIS" .sp \fBproxytunnel\fR \fI[OPTION]\fR\&... .SH "DESCRIPTION" .sp \fBproxytunnel\fR is a program to tunnel any connection through a standard HTTPS proxy, circumventing standard HTTP filtering mechanisms\&. It\(cqs mostly used as a backend for OpenSSH\(cqs ProxyCommand, and as a proxy backend for Putty\&. It can also be used for other proxy\-traversing purposes like proxy bouncing\&. .SH "OPTIONS" .PP \fB\-i\fR, \fB\-\-inetd\fR .RS 4 Run from inetd (default: off) .RE .PP \fB\-a\fR, \fB\-\-standalone\fR=\fIport\fR .RS 4 Run as standalone daemon on specified \fIport\fR .RE .PP \fB\-p\fR, \fB\-\-proxy\fR=\fIhost\fR:_port_ .RS 4 Use \fIhost\fR and \fIport\fR as the local proxy to connect to, if not specified the \fBHTTP_PROXY\fR environment variable, if set, will be used instead .RE .PP \fB\-r\fR, \fB\-\-remproxy\fR=\fIhost\fR:_port_ .RS 4 Use \fIhost\fR and \fIport\fR as the remote (secondary) proxy to connect to .RE .PP \fB\-d\fR, \fB\-\-dest\fR=\fIhost\fR:_port_ .RS 4 Use \fIhost\fR and \fIport\fR as the destination for the tunnel, you can also specify them as the argument to the proxytunnel command .RE .PP \fB\-e\fR, \fB\-\-encrypt\fR .RS 4 SSL encrypt data between local proxy and destination .RE .PP \fB\-E\fR, \fB\-\-encrypt\-proxy\fR .RS 4 SSL encrypt data between client and local proxy .RE .PP \fB\-X\fR, \fB\-\-encrypt\-remproxy\fR .RS 4 SSL encrypt data between local and remote (secondary) proxy .RE .PP \fB\-W\fR, \fB\-\-wa\-bug\-29744\fR .RS 4 If SSL is in use (by \fB\-e\fR, \fB\-E\fR, \fB\-X\fR options), stop using it immediately after the CONNECT exchange to workaround apache server bugs\&. (This might not work on all setups; see /usr/share/doc/proxytunnel/README\&.Debian\&.gz for more details\&.) .RE .PP \fB\-B\fR, \fB\-\-buggy\-encrypt\-proxy\fR .RS 4 Equivalent to \fB\-E \-W\fR\&. (Provided for backwards compatibility\&.) .RE .SH "ADDITIONAL OPTIONS" .PP \fB\-F\fR, \fB\-\-passfile\fR=\fIfilename\fR .RS 4 Use \fIfilename\fR for reading username and password for HTTPS proxy authentication, the file uses the same format as \&.wgetrc and can be shared with wget\&. Use this option, or environment variables to hide the password from other users .RE .PP \fB\-P\fR, \fB\-\-proxyauth\fR=\fIusername\fR:_password_ .RS 4 Use \fIusername\fR and \fIpassword\fR as credentials to authenticate against a local HTTPS proxy, the username and password can also be specified in the \fBPROXYUSER\fR and \fBPROXYPASS\fR environment variables to hide them from other users\&. If the \fIpassword\fR is ommited and no \fBPROXYPASS\fR environment variable is set, proxytunnel will prompt for a password .RE .PP \fB\-R\fR, \fB\-\-remproxyauth\fR=\fIusername\fR:_password_ .RS 4 Use \fIusername\fR and \fIpassword\fR as credentials to authenticate against a remote (secondary) HTTPS proxy, the username and password can also be specified in the \fBREMPROXYUSER\fR and \fBREMPROXYPASS\fR environment variables to hide them from other users\&. If the \fIpassword\fR is ommited and no \fBREMPROXYPASS\fR environment variable is set, proxytunnel will prompt for a password .RE .PP \fB\-N\fR, \fB\-\-ntlm\fR .RS 4 Use NTLM basd authentication .RE .PP \fB\-t\fR, \fB\-\-domain\fR=\fISTRING\fR .RS 4 Specify NTLM domain (default: autodetect) .RE .PP \fB\-H\fR, \fB\-\-header\fR=\fISTRING\fR .RS 4 Add additional HTTP headers to send to proxy .RE .PP \fB\-x\fR, \fB\-\-proctitle\fR=\fISTRING\fR .RS 4 Use a different process title .RE .SH "MISCELLANEOUS OPTIONS" .PP \fB\-v\fR, \fB\-\-verbose\fR .RS 4 Turn on verbosity .RE .PP \fB\-q\fR, \fB\-\-quiet\fR .RS 4 Suppress messages .RE .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Print help and exit .RE .PP \fB\-V\fR, \fB\-\-version\fR .RS 4 Print version and exit .RE .SH "ARGUMENTS" .sp \fIhost\fR:_port_ is the destination hostname and port number combination .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .sp Specifying the destination as arguments is exactly the same as specifying them using the \fB\-d\fR or \fB\-\-dest\fR option\&. .sp .5v .RE .SH "USAGE" .sp Depending on your situation you might want to do any of the following things: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBConnect through a local proxy to your home system on port 22\fR .sp .if n \{\ .RS 4 .\} .nf $ proxytunnel \-v \-p proxy\&.company\&.com:8080 \-d system\&.home\&.nl:22 .fi .if n \{\ .RE .\} .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBConnect through a local proxy (with authentication) to your home system\fR .sp .if n \{\ .RS 4 .\} .nf $ proxytunnel \-v \-p proxy\&.company\&.com:8080 \-P username:password \-d system\&.home\&.nl:22 .fi .if n \{\ .RE .\} .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBConnect through a local proxy (with authentication) hiding your password\fR .sp .if n \{\ .RS 4 .\} .nf $ export PROXYPASS=password $ proxytunnel \-v \-p proxy\&.company\&.com:8080 \-P username \-d system\&.home\&.nl:22 .fi .if n \{\ .RE .\} .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBConnect through a local proxy to a remote proxy and bounce to any system\fR .sp .if n \{\ .RS 4 .\} .nf $ proxytunnel \-v \-p proxy\&.company\&.com:8080 \-r proxy\&.athome\&.nl:443 \-d system\&.friend\&.nl:22 .fi .if n \{\ .RE .\} .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBConnect using SSL through a local proxy to your home system\fR .sp .if n \{\ .RS 4 .\} .nf $ proxytunnel \-v \-E \-p proxy\&.company\&.com:8080 \-d system\&.home\&.nl:22 .fi .if n \{\ .RE .\} .RE .SH "OPENSSH CONFIGURATION" .sp To use this program with OpenSSH to connect to a host somewhere, create a \fI~/\&.ssh/config\fR file with the following content: .sp .if n \{\ .RS 4 .\} .nf Host system\&.athome\&.nl ProxyCommand proxytunnel \-p proxy\&.company\&.com:8080 \-d %h:%p ServerAliveInterval 30 .fi .if n \{\ .RE .\} .sp .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .sp The ServerAliveInterval directive makes sure that idle connections are not being dropped by intermediate firewalls that remove active sessions aggresively\&. If you see your connection dropping out, try to lower the value even more\&. .sp .5v .RE .sp To use the dynamic (SOCKS) portforwarding capability of the SSH client, you can specify the DynamicForward directive in your ssh_config file like: .sp .if n \{\ .RS 4 .\} .nf Host system\&.athome\&.nl DynamicForward 1080 ProxyCommand proxytunnel \-p proxy\&.company\&.com:8080 \-d %h:%p ServerAliveInterval 30 .fi .if n \{\ .RE .\} .SH "NOTES" .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBImportant\fR .ps -1 .br .sp Most HTTPS proxies do not allow access to ports other than HTTPS (tcp/443) and SNEWS (tcp/563)\&. In this case you need to make sure the SSH daemon or remote proxy on the destination system is listening on either tcp/443 or tcp/563 to get through\&. .sp .5v .RE .SH "ENVIRONMENT" .sp Proxytunnel can be influenced by setting one of the following environment variables: .PP \fBHTTP_PROXY\fR .RS 4 If this environment variable is set, proxytunnel will use it as the \fIlocal proxy\fR if \fB\-p\fR or \fB\-\-proxy\fR is not provided .RE .PP \fBPROXYUSER\fR .RS 4 If this environment variable is set, proxytunnel will use it as the \fIusername\fR for proxy authentication, unless specified using the \fB\-P\fR or \fB\-\-proxyauth\fR option .RE .PP \fBPROXYPASS\fR .RS 4 If this environment variable is set, proxytunnel will use it as the \fIpassword\fR for proxy authentication, unless specified using the \fB\-P\fR or \fB\-\-proxyauth\fR option .RE .PP \fBREMPROXYUSER\fR .RS 4 If this environment variable is set, proxytunnel will use it as the \fIusername\fR for remote (secondary) proxy authentication, unless specified using the \fB\-R\fR or \fB\-\-remproxyauth\fR option .RE .PP \fBREMPROXYPASS\fR .RS 4 If this environment variable is set, proxytunnel will use it as the \fIpassword\fR for remote (secondary) proxy authentication, unless specified using the \fB\-R\fR or \fB\-\-remproxyauth\fR option .RE .SH "SEE ALSO" .sp .if n \{\ .RS 4 .\} .nf ssh(1), ssh_config(8) .fi .if n \{\ .RE .\} .SH "BUGS" .sp This software is bug\-free, at least we\(cqd like to think so\&. If you do not agree with us, please attach the proof to your friendly email :) .SH "AUTHOR" .sp This manpage was initially written by Lo\(:ic Le Guyader <\m[blue]\fBloic\&.leguyader@laposte\&.net\fR\m[]\&\s-2\u[1]\d\s+2> for the Debian GNU/Linux system, revamped in asciidoc by Dag Wie\(:ers <\m[blue]\fBdag@wieers\&.com\fR\m[]\&\s-2\u[2]\d\s+2> and is now maintained by the Proxytunnel developers\&. .sp Homepage at \m[blue]\fBhttp://proxytunnel\&.sourceforge\&.net/\fR\m[] .SH "AUTHOR" .PP \fBProxytunnel developers\fR .RS 4 Author. .RE .SH "NOTES" .IP " 1." 4 loic.leguyader@laposte.net .RS 4 \%mailto:loic.leguyader@laposte.net .RE .IP " 2." 4 dag@wieers.com .RS 4 \%mailto:dag@wieers.com .RE