NAME¶
proxytunnel - program to tunnel a connection throught an standard HTTPS proxy.
SYNOPSIS¶
proxytunnel [
options]
DESCRIPTION¶
This manual page documents the
proxytunnel command.
proxytunnel is a program that open a tunnel through a HTTPS proxy.
OPTIONS¶
This program follow the usual GNU command line syntax, with long options
starting with two dashes (`-').
- -h, --help
- Print help and exit.
- -V, --version
- Print the version of the program and exit.
- -i, --inetd
- Run from inetd. Default is off.
- -a PORT, --standalone=PORT
- Run as standalone daemon on specified port.
- -p host:port, --proxy=host:port
- The local HTTPS proxy host:port combo to connect to.
- -r host:port, --remproxy=host:port
- The second-level (remote) proxy host:port to connect to
when using two proxies.
- -d host:port, --dest=host:port
- The destination host:port to built the tunnel to.
- -e, --encrypt
- Encrypt the data between the local proxy and the
destination using SSL.
- -E, --encrypt-proxy
- Encrypt the data between the client and the local proxy
using SSL.
- -B, --buggy-encrypt-proxy
- Encrypt the data between the client and the local proxy
using SSL, but stop using SSL immediately after the CONNECT exchange to
workaround server bugs. (Might not work on all setups; see
/usr/share/doc/proxytunnel/README.Debian.gz for more details.)
- -X, --encrypt-remproxy
- Encrypt the data between the local proxy and the
second-level proxy using SSL.
- -F STRING, --passfile=STRING
- The file containing Username & Password to send to
HTTPS proxy for authentification. This file uses the same format as
.wgetrc, and so can use the credentials in common with wget. This option
can be used to at least hide the password from anyone clever enough to use
the `ps' command.
- -P user:pass, --proxyauth=user:pass
- The credentials to use for local HTTP(S) proxy
authentication.
- -R user:pass, --remproxyauth=user:pass
- The credentials to use for remote HTTP(S) proxy
authentication.
- -N, --ntlm
- Use NTLM-based authentication.
- -t DOMAIN, --domain=DOMAIN
- The NTLM domain to use, default is to autodetect.
- -H STRING, --header=STRING
- Additional HTTP headers to send to the proxy.
- -x STRING, --proctitle=STRING
- Use a different process title.
- -v, --verbose
- Turn on verbosity. Default is off.
- -q, --quiet
- Suppress messages. Default is off.
NOTES¶
To use this program with OpenSSH to connect to a host somewhere, create a
$HOME/.ssh/config file with the following content:
Host foobar
ProtocolKeepAlives 30
ProxyCommand /usr/bin/proxytunnel -p proxy.customer.com:8080
-P user:password -d mybox.athome.nl:443
If your proxy doesn't require the username and password for using it, you can
skip these options.
If you want to run proxytunnel from inetd add the '--inetd' option.
Most HTTPS proxies do not allow access to ports other than 443 (HTTPS) and 563
(SNEWS), so some hacking is necessary to start the SSH daemon on the required
port. (On the server side add an extra Port statement in the sshd_config file)
AUTHOR¶
This manual page was written by Loïc Le Guyader
<loic.leguyader@laposte.net> and updated by Julian Gilbey
<jdg@debian.org> for the Debian GNU/Linux system (but may be used by
others).