1PROXYTUNNEL(1)                                                  PROXYTUNNEL(1)
2
3
4

NAME

6       proxytunnel - program to tunnel a connection through a standard HTTPS
7       proxy
8

SYNOPSIS

10       proxytunnel [OPTION]...
11

DESCRIPTION

13       proxytunnel is a program to tunnel any connection through a standard
14       HTTPS proxy, circumventing standard HTTP filtering mechanisms. It’s
15       mostly used as a backend for OpenSSH’s ProxyCommand, and as a proxy
16       backend for Putty. It can also be used for other proxy-traversing
17       purposes like proxy bouncing.
18

OPTIONS

20       -i, --inetd
21           Run from inetd (default: off)
22
23       -a, --standalone=port
24           Run as standalone daemon on specified port
25
26       -p, --proxy=host:_port_
27           Use host and port as the local proxy to connect to, if not
28           specified the HTTP_PROXY environment variable, if set, will be used
29           instead
30
31       -r, --remproxy=host:_port_
32           Use host and port as the remote (secondary) proxy to connect to
33
34       -d, --dest=host:_port_
35           Use host and port as the destination for the tunnel, you can also
36           specify them as the argument to the proxytunnel command
37
38       -e, --encrypt
39           SSL encrypt data between local proxy and destination
40
41       -E, --encrypt-proxy
42           SSL encrypt data between client and local proxy
43
44       -X, --encrypt-remproxy
45           SSL encrypt data between local and remote (secondary) proxy
46
47       -W, --wa-bug-29744
48           If SSL is in use (by -e, -E, -X options), stop using it immediately
49           after the CONNECT exchange to workaround apache server bugs. (This
50           might not work on all setups; see
51           /usr/share/doc/proxytunnel/README.Debian.gz for more details.)
52
53       -B, --buggy-encrypt-proxy
54           Equivalent to -E -W. (Provided for backwards compatibility.)
55

ADDITIONAL OPTIONS

57       -T, --no-ssl3
58           Prevent the use of SSLv3 in encrypted connections (default:
59           enabled)
60
61       -z, --no-check-certificate
62           Do not verify server SSL certificate when establishing an SSL
63           connection. By default, the server SSL certificate is verified and
64           the target host name is checked against the server certificate’s
65           subject alternative names if any are present, or common name if
66           there are no subject alternative names.
67
68       -C, --cacert=filename/directory
69           Specify a CA certificate file (or directory containing CA
70           certificate(s)) to trust when verifying a server SSL certificate.
71           If a directory is provided, it must be prepared with OpenSSL’s
72           c_rehash tool. (default: /etc/ssl/certs)
73
74       -F, --passfile=filename
75           Use filename for reading username and password for HTTPS proxy
76           authentication, the file uses the same format as .wgetrc and can be
77           shared with wget. Use this option, or environment variables to hide
78           the password from other users
79
80       -P, --proxyauth=username:_password_
81           Use username and password as credentials to authenticate against a
82           local HTTPS proxy, the username and password can also be specified
83           in the PROXYUSER and PROXYPASS environment variables to hide them
84           from other users. If the password is omitted and no PROXYPASS
85           environment variable is set, proxytunnel will prompt for a password
86
87       -R, --remproxyauth=username:_password_
88           Use username and password as credentials to authenticate against a
89           remote (secondary) HTTPS proxy, the username and password can also
90           be specified in the REMPROXYUSER and REMPROXYPASS environment
91           variables to hide them from other users. If the password is omitted
92           and no REMPROXYPASS environment variable is set, proxytunnel will
93           prompt for a password
94
95       -N, --ntlm
96           Use NTLM basd authentication
97
98       -t, --domain=STRING
99           Specify NTLM domain (default: autodetect)
100
101       -H, --header=STRING
102           Add additional HTTP headers to send to proxy
103
104       -x, --proctitle=STRING
105           Use a different process title
106

MISCELLANEOUS OPTIONS

108       -v, --verbose
109           Turn on verbosity
110
111       -q, --quiet
112           Suppress messages
113
114       -h, --help
115           Print help and exit
116
117       -V, --version
118           Print version and exit
119

ARGUMENTS

121       host:_port_ is the destination hostname and port number combination
122
123           Note
124           Specifying the destination as arguments is exactly the same as
125           specifying them using the -d or --dest option.
126

USAGE

128       Depending on your situation you might want to do any of the following
129       things:
130
131Connect through a local proxy to your home system on port 22
132
133               $ proxytunnel -v -p proxy.company.com:8080 -d system.home.nl:22
134
135Connect through a local proxy (with authentication) to your home
136           system
137
138               $ proxytunnel -v -p proxy.company.com:8080 -P username:password -d system.home.nl:22
139
140Connect through a local proxy (with authentication) hiding your
141           password
142
143               $ export PROXYPASS=password
144               $ proxytunnel -v -p proxy.company.com:8080 -P username -d system.home.nl:22
145
146Connect through a local proxy to a remote proxy and bounce to any
147           system
148
149               $ proxytunnel -v -p proxy.company.com:8080 -r proxy.athome.nl:443 -d system.friend.nl:22
150
151Connect using SSL through a local proxy to your home system
152
153               $ proxytunnel -v -E -p proxy.company.com:8080 -d system.home.nl:22
154

OPENSSH CONFIGURATION

156       To use this program with OpenSSH to connect to a host somewhere, create
157       a ~/.ssh/config file with the following content:
158
159           Host system.athome.nl
160               ProxyCommand proxytunnel -p proxy.company.com:8080 -d %h:%p
161               ServerAliveInterval 30
162
163
164           Note
165           The ServerAliveInterval directive makes sure that idle connections
166           are not being dropped by intermediate firewalls that remove active
167           sessions aggresively. If you see your connection dropping out, try
168           to lower the value even more.
169
170       To use the dynamic (SOCKS) portforwarding capability of the SSH client,
171       you can specify the DynamicForward directive in your ssh_config file
172       like:
173
174           Host system.athome.nl
175               DynamicForward 1080
176               ProxyCommand proxytunnel -p proxy.company.com:8080 -d %h:%p
177               ServerAliveInterval 30
178

NOTES

180           Important
181           Most HTTPS proxies do not allow access to ports other than HTTPS
182           (tcp/443) and SNEWS (tcp/563). In this case you need to make sure
183           the SSH daemon or remote proxy on the destination system is
184           listening on either tcp/443 or tcp/563 to get through.
185

ENVIRONMENT

187       Proxytunnel can be influenced by setting one of the following
188       environment variables:
189
190       HTTP_PROXY
191           If this environment variable is set, proxytunnel will use it as the
192           local proxy if -p or --proxy is not provided
193
194       PROXYUSER
195           If this environment variable is set, proxytunnel will use it as the
196           username for proxy authentication, unless specified using the -P or
197           --proxyauth option
198
199       PROXYPASS
200           If this environment variable is set, proxytunnel will use it as the
201           password for proxy authentication, unless specified using the -P or
202           --proxyauth option
203
204       REMPROXYUSER
205           If this environment variable is set, proxytunnel will use it as the
206           username for remote (secondary) proxy authentication, unless
207           specified using the -R or --remproxyauth option
208
209       REMPROXYPASS
210           If this environment variable is set, proxytunnel will use it as the
211           password for remote (secondary) proxy authentication, unless
212           specified using the -R or --remproxyauth option
213

SEE ALSO

215           ssh(1), ssh_config(8)
216

BUGS

218       This software is bug-free, at least we’d like to think so. If you do
219       not agree with us, please attach the proof to your friendly email :)
220

AUTHOR

222       This manpage was initially written by Loïc Le Guyader
223       <loic.leguyader@laposte.net[1]> for the Debian GNU/Linux system,
224       revamped in asciidoc by Dag Wieërs <dag@wieers.com[2]> and is now
225       maintained by the Proxytunnel developers.
226
227       Homepage at http://proxytunnel.sourceforge.net/
228

AUTHOR

230       Proxytunnel developers
231           Author.
232

NOTES

234        1. loic.leguyader@laposte.net
235           mailto:loic.leguyader@laposte.net
236
237        2. dag@wieers.com
238           mailto:dag@wieers.com
239
240
241
242  1.9.0                          Augustus 2008                  PROXYTUNNEL(1)
Impressum