Visit Our UNIX and Linux User Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

proxytunnel(1) [debian man page]

PROXYTUNNEL(1)						      General Commands Manual						    PROXYTUNNEL(1)

proxytunnel - program to tunnel a connection throught an standard HTTPS proxy. SYNOPSIS
proxytunnel [options] DESCRIPTION
This manual page documents the proxytunnel command. proxytunnel is a program that open a tunnel through a HTTPS proxy. OPTIONS
This program follow the usual GNU command line syntax, with long options starting with two dashes (`-'). -h, --help Print help and exit. -V, --version Print the version of the program and exit. -i, --inetd Run from inetd. Default is off. -a PORT, --standalone=PORT Run as standalone daemon on specified port. -p host:port, --proxy=host:port The local HTTPS proxy host:port combo to connect to. -r host:port, --remproxy=host:port The second-level (remote) proxy host:port to connect to when using two proxies. -d host:port, --dest=host:port The destination host:port to built the tunnel to. -e, --encrypt Encrypt the data between the local proxy and the destination using SSL. -E, --encrypt-proxy Encrypt the data between the client and the local proxy using SSL. -B, --buggy-encrypt-proxy Encrypt the data between the client and the local proxy using SSL, but stop using SSL immediately after the CONNECT exchange to workaround server bugs. (Might not work on all setups; see /usr/share/doc/proxytunnel/README.Debian.gz for more details.) -X, --encrypt-remproxy Encrypt the data between the local proxy and the second-level proxy using SSL. -F STRING, --passfile=STRING The file containing Username & Password to send to HTTPS proxy for authentification. This file uses the same format as .wgetrc, and so can use the credentials in common with wget. This option can be used to at least hide the password from anyone clever enough to use the `ps' command. -P user:pass, --proxyauth=user:pass The credentials to use for local HTTP(S) proxy authentication. -R user:pass, --remproxyauth=user:pass The credentials to use for remote HTTP(S) proxy authentication. -N, --ntlm Use NTLM-based authentication. -t DOMAIN, --domain=DOMAIN The NTLM domain to use, default is to autodetect. -H STRING, --header=STRING Additional HTTP headers to send to the proxy. -x STRING, --proctitle=STRING Use a different process title. -v, --verbose Turn on verbosity. Default is off. -q, --quiet Suppress messages. Default is off. NOTES
To use this program with OpenSSH to connect to a host somewhere, create a $HOME/.ssh/config file with the following content: Host foobar ProtocolKeepAlives 30 ProxyCommand /usr/bin/proxytunnel -p -P user:password -d If your proxy doesn't require the username and password for using it, you can skip these options. If you want to run proxytunnel from inetd add the '--inetd' option. Most HTTPS proxies do not allow access to ports other than 443 (HTTPS) and 563 (SNEWS), so some hacking is necessary to start the SSH dae- mon on the required port. (On the server side add an extra Port statement in the sshd_config file) AUTHOR
This manual page was written by Loic Le Guyader <> and updated by Julian Gilbey <> for the Debian GNU/Linux system (but may be used by others). August 30, 2009 PROXYTUNNEL(1)

Check Out this Related Man Page

SSLH(1p)						User Contributed Perl Documentation						  SSLH(1p)

sslh - Switch incoming connection between SSH and SSL/HTTPS servers SYNOPSIS
sslh [ -v ] [ -p [host:]port ] [ -t timeout ] [ --ssh [host:]port ] [ --ssl [host:]port ] DESCRIPTION
sslh is a simple script that lets you switch an incoming connection on a single port between distinct SSH and SSL/HTTPS servers. sslh listens for connections on a port and is able to redirect them either to an HTTPS web server or a SSH server. This lets one setup both a HTTPS web server and a SSH server and access them through the same host+port. OPTIONS
The program follows the usual GNU command line syntax, with long options starting with two dashes. -p, --port [host:]port The port the proxy will listen to. If no port is given, 443 is used by default. If no host is given, "localhost" is used by default. -s, --ssh [host:]port The SSH server which the SSH connections must be forwarded to. If omitted, the default is localhost:22. -l, --ssl, --https [host:]port The HTTPS server which the HTTPS connections must be forwarded to. If omitted, the default is localhost:443. -t, --timeout delay Timeout in seconds before a silent incoming connection is considered as a SSH connection. The number can be fractional. The default is 2seconds. -v, --verbose Verbose output. This option can be used several times for more verbose output. EXAMPLE OF USE
Is this tool actually useful? Yes. For example one can use it to access both a SSH server and a secure web server via a corporate proxy that only accepts to relay connections to port 443. Creating a tunnel that passes SSH connection through a CONNECT-enabled web proxy is easy with connect-tunnel (also included in the "Net::Proxy" distribution). The proxy will let both SSH and HTTPS connections out (since they all point to port 443), and the home server will connect those incoming connections to the appropriate server. This only requires to run the HTTPS server on a non standard port (not 443). TECHNICAL NOTE
How can this proxy find out what kind of protocol is using a TCP connection to port 443, without being connected (yet) to the server? We actually rely on a slight difference between the SSL and SSH protocols (found thanks to ethereal): SSH Once the TCP connection is established, the server speaks first, presenting itself by saying something like: SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-1 SSL With SSL, it's always the client that speaks first. This means that sslh can be used with any pair of protocols/services that share this property (the client speaks first for one and the server speaks first for the other). AUTHORS
Original idea and C version Frederic Ple "<>". Perl versions Philippe 'BooK' Bruhat "<>". SCRIPT HISTORY
Version 0.01 of the script was a quick hack designed in 2003 as a proof of concept. Version 0.02 (and higher) are based on "Net::Proxy", and included with the "Net::Proxy" distribution. Version 0.02 didn't work, though. Version 0.03 correctly initialised the "in" connector. Version 0.04 lets the proxy listen on any address (instead of "localhost", which is still the default). Thanks to Dieter Voegtli for spotting this. SEE ALSO
Net::Proxy, Net::Proxy::Connector::dual. COPYRIGHT
Copyright 2003-2006, Philippe Bruhat. All rights reserved. LICENSE
This module is free software; you can redistribute it or modify it under the same terms as Perl itself. perl v5.10.1 2009-10-18 SSLH(1p)

Featured Tech Videos