connect-proxy - Man Page

connect-proxy [-dnhsxt45]  [-R resolve ]  [-p local-port ]  [-w secs ]  [-H [user@]proxy-server[:port]] ]  [-S [user@]socks-server[:port]] ]  [-a socks-auth-method ]  [-T proxy-server[:port] ]  [-c telnet-proxy-command ]  [-X [user@]proxy-server:[port]] ]  [host]  [port]  

connect-proxy opens a connection to a remote host over SOCKS4/5, HTTP or HTTPS proxies.

Please, note that any HTTP-Proxy tunnel won't work with content-inspection firewall (unless using SSL).

--help

Show options.

-H [user@]proxy-server[:port] or --http-proxy-server [user@]proxy-server[:port]

specifies a hostname and port number of the HTTP proxy server to relay.  If the port is omitted, 80 is used. You can specify this value in the environment variable  HTTP_PROXY and pass the -h option to use it.  If the user is omitted, the current userid is used. You can specify this value in the environment variable  HTTP_PROXY_USER.  Simple HTTP Basic-Auth is supported.

-S [user@]proxy-server[:port] or --socks-proxy-server [user@]proxy-server[:port]

specifies the hostname and port number of the SOCKS server to relay. Like -H, the port number can be omitted and the default is 1080.  You can also specify this value pair in the environment  variable SOCKS_SERVER or SOCKS5_SERVER and give the -s option to use it.  If the user is omitted, the current userid is used. You can specify this value in the environment variable  SOCKS_USER or SOCKS5_USER.

-T proxy-server[:port] or --telnet-server proxy-server[:port]

(EXPERIMENTAL) specifies a hostname and port number of the Telnet proxy server to relay.  If the port is omitted, 22 is used. You can specify this value in the environment variable  TELNET_PROXY and pass the -t option to use it.

-X [user@]proxy-server[:port] or --https-proxy-server [user@]proxy-server[:port]

specifies a hostname and port number of the HTTPS proxy server to relay.  If the port is omitted, 443 is used. You can specify this value in the environment variable  HTTPS_PROXY and pass the -x option to use it.  If the user is omitted, the current userid is used. You can specify this value in the environment variable  HTTPS_PROXY_USER.  Simple HTTPS Basic-Auth as well as client-side certificate authentication is supported. If a password is required for remote authentiation, either a simple terminal prompt or the $SSH_ASKPASS program will be used to query the user for the password.

--https-proxy-ca  CA-cert-file.pem

specifies a PEM-formatted file containing the Certificate Authorities (CA´s) to trust when connecting  to an HTTPS proxy server.

--https-proxy-ca-path  CA-dir-path

specifies a directory containing hashed PEM-formatted public certificate files of the Certificate  Authorities (CA´s) to trust when connecting to an HTTPS proxy server.

--https-proxy-certname  name

specifies the name of the HTTPS proxy server certificate (/CN=...) if this name is different from the remote hostname of the HTTPS proxy server itself.

--no-check-certificate

disable the verification of the HTTPS proxy server certificate and hostname.

--https-user-cert certfile.pem

specifies a PEM-formatted file containing the user (client-side) certificate. Use this, together with the ´--http-user-key´ option to perform client-side certificate authentication when connecting to an HTTPS proxy server.

--https-user-key keyfile.pem

specifies a PEM-formatted file containing the user (client-side) private key. Use this, together with the ´--http-user-cert´ option to perform client-side certificate authentication when connecting to an HTTPS proxy server. If the private key is protected using a passphrase, either a simple terminal prompt or the $SSH_ASKPASS program will be used to query the user for the passphrase.

-4

specifies SOCKS relaying and indicates protocol version to use.   It is valid only when used with '-s' or '-S'.   Default is '-5' (protocol version 5).

-a socks5-auth-method

(EXPERIMENTAL) specifies the authentication method when connecting to a SOCKS5 server. The keywords "none", "gssapi", "userpass" and "chap" are acceptable.  You can specify this value in the environment variable SOCKS5_AUTH.

-c telnet-command

(EXPERIMENTAL) specifies the ´telnet´ command to use when connecting to a Telnet proxy server.

-R

specifies the method to resolve the hostname when connecting to a SOCKS server. Three keywords ("local", "remote", "both") or dot-notation IP address are acceptable.  The keyword "both" means, "Try local first, then remote". If a dot-notation IP address is specified, use this host as nameserver. The default is "remote" for SOCKS5 or  "local" for SOCKS4.  On SOCKS4 protocol, remote resolving method ("remote" and "both") requires protocol 4a supported server.  You can specify this value in the environment variable SOCKS_RESOLVE or SOCKS5_RESOLVE.

-p local-port

will forward a local TCP port instead of using the standard input and output.

-P local-port

same to '-p' except keep remote session. The program repeats waiting the port with holding  remote session without disconnecting. To connect the remote session, send EOF to stdin or  kill the program.

-w secs

timeout in seconds for making connection with TARGET host.

-d

used for debug. If you fail to connect, use this and check request to and response from server.

To use proxy, this example is for SOCKS5 connection to connect to  host´ at port 25 via SOCKS5 server on ´firewall´ host.
 connect-proxy -S firewall host 25  
 SOCKS5_SERVER=firewall; export SOCKS5_SERVER;   connect-proxy -s host 25

For a HTTP-PROXY connection:
 connect-proxy -H proxy-server:8080  host 25  
 HTTP_PROXY=proxy-server:8080; export HTTP_PROXY;   connect-proxy -h host 25  

To forward a local port, for example to use ssh:
 connect-proxy -H proxy-server:8080  host 22   ssh -l user -p 5550 localhost

For an HTTPS PROXY connection:
 connect-proxy -X proxy-server:443  host 25  
 HTTPS_PROXY=proxy-server:443; export HTTPS_PROXY;   connect-proxy -x host 25  

For an HTTPS PROXY connection with client-side certificate authentication:
 connect-proxy -X proxy-server:8443 --https-user-cert ~/.config/usercert.pem --https-user-key ~/.config/userkey.pem  host 25  

To use it along ssh transparently:   # file://~/.ssh/config  Host *  ProxyCommand connect-proxy -H proxy-server:8080  %h %p

LOGNAME, USER, SSH_ASKPASS,

SOCKS_PROXY, SOCKS_USER, SOCKS_RESOLVE,

SOCKS5_PROXY, SOCKS5_USER, SOCKS5_RESOLVE, SOCKS5_AUTH,

HTTP_PROXY, HTTP_PROXY_USER, HTTPS_PROXY, HTTPS_PROXY_USER,

HTTPS_PROXY_CERTNAME, HTTPS_PROXY_CA_FILE, HTTPS_PROXY_CA_PATH,

HTTPS_PROXY_USERCERT, HTTPS_PROXY_USERKEY

ssh (1).

https://github.com/jjkeijser/connect-proxy

http://www.taiyo.co.jp/~gotoh/ssh/connect.html

Permission is granted to copy, distribute and/or modify this document under  the terms of the GNU General Public License, Version 2 any   later version published by the Free Software Foundation.

This manual page was adapted by Jan Just Keijser jan.just.keijser@gmail.com  from the Debian manual page, written by Philippe COVAL Philippe.COVAL@laposte.net.

HTTPS support and the ´long´ format options were added by Jan Just Keijser jan.just.keijser@gmail.com.