Newsflash!Proxytunnel 1.9.0 released
Proxytunnel 1.9.0 has been released just after the Fosdem 2008 conference. There are quite a few fixes in this release, and the RELNOTES file contains some important info for upgraders.
Added 2008/03/03 by Maniac
The document below is a brief overview of the command-line options supported in proxytunnel. If you are looking for a more in-depth article about the features of proxytunnel, and what concequences using it brings along, please read Muppet's paper.
Document needs work
This page is/was somewhat out of date, It's currently partially updated to reflect changes in the current version of proxytunnel. Therefor some parts of this document may be incorrect, reflecting proxytunnel how it was back in the 1.1 days. Many of the new features are not (yet) documented here, hopefully this will be fixed soon ;)
Added 2006/02/10 by Maniac
Proxytunnel is very easy to use, when running proxytunnel with the help option it specifies it's commandline options.
# proxytunnel --help Proxytunnel 1.6.0 Copyright 2001-2006 Proxytunnel Project Jos Visser (Muppet)To use this program with OpenSSH to connect to a host somewhere, create a $HOME/.ssh/config file with the following content:
, Mark Janssen (Maniac) Purpose: Build generic tunnels trough HTTPS proxy's, supports HTTP authorization Usage: Proxytunnel [OPTIONS]... -h --help Print help and exit -V --version Print version and exit -i --inetd Run from inetd (default=off) -a INT --standalone=INT Run as standalone daemon on specified port -e --encrypt encrypt the communication using SSL -p STRING --proxy=STRING Proxy host:port combination to connect to -d STRING --dest=STRING Destination host:port to built the tunnel to Parameters for proxy-authentication (not needed for plain proxies): -u STRING --user=STRING Username to send to HTTPS proxy for auth -s STRING --pass=STRING Password to send to HTTPS proxy for auth -U STRING --uservar=STRING Env var with Username for HTTPS proxy auth -S STRING --passvar=STRING Env var with Password for HTTPS proxy auth -N --ntlm Use NTLM Based Authentication -t STRING --domain=STRING NTLM Domain (default: autodetect) -r STRING --remproxy=STRING Use a remote proxy to tunnel over (2 proxies) -H STRING --header=STRING Add STRING to HTTP headers sent to proxy If you don't provide -s or -S you will be prompted for a password. Miscellaneous options: -v --verbose Turn on verbosity (default=off) -q --quiet Suppress messages (default=off) Examples: Proxytunnel [ -h | -V ] Proxytunnel -i [ -u user ] -p proxy:port -d host:port [ -v | -q ] Proxytunnel -i [ -U envvar ] -p proxy:port -d host:port [ -v | -q ] Proxytunnel -a port -p proxy:port -d host:port [ -v | -q ]
Host foobar ProtocolKeepAlives 30 ProxyCommand /path/to/proxytunnel -p proxy.customer.com:8080 -u user -s password -d mybox.athome.nl:443With:
|foobar||The symbolic name of the host you want to connect to|
|proxy.customer.com||The host name of the proxy you want to connect through|
|8080||The port number where the proxy software listens to|
|user||Your proxy userid|
|password||Your proxy password|
|mybox.athome.nl||The hostname of the box you want to connect to (ultimately)|
|443||The port number of the SSH daemon on mybox.athome.nl|
If your proxy doesn't require the username and password for using it, you can skip these options. If you only specify the username, you will be asked for a password at connection-time
The ProtocolKeepAlives line is used to send occasional NULL packets (if your SSH version supports this). This is used to keep the connection up, since HTTPS proxy's will usually drop the connection if it remains idle for some time. Experiment with the time between the NULL packets (in seconds)
Most HTTPS proxies do not allow access to ports other than 443 (HTTPS) and 563 (SNEWS), so some hacking is necessary to start the SSH daemon on the required port. (On the server side add an extra Port statement in the sshd_config file)
When all this is in place, execute an "ssh foobar" and you're in business!
Share and Enjoy!