]>
Commit | Line | Data |
---|---|---|
cef3726d | 1 | <?xml version="1.0" encoding="us-ascii"?>\r |
2 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"\r | |
3 | "http://www.w3.org/TR/xhtml1/DTD/strict.dtd">\r | |
4 | <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">\r | |
5 | <head>\r | |
6 | <title>SSH Proxy Command -- connect.c</title>\r | |
7 | <meta name="generator" content="emacs-wiki.el" />\r | |
8 | <meta http-equiv="Content-Type"\r | |
9 | content="us-ascii" />\r | |
c3adcdf8 | 10 | <link rev="made" href="mailto:gotoh@taiyo.co.jp" />\r |
11 | <link rel="home" href="http://www.taiyo.co.jp/~gotoh/" />\r | |
12 | <link rel="index" href="http://www.taiyo.co.jp/~gotoh/SiteIndex.html" />\r | |
13 | <link rel="stylesheet" type="text/css" href="emacs-wiki.css" />\r | |
cef3726d | 14 | </head>\r |
15 | <body>\r | |
16 | <h1>SSH Proxy Command -- connect.c</h1>\r | |
17 | <!-- Page published by Emacs Wiki begins here -->\r | |
18 | <p>\r | |
19 | <strong>connect.c</strong> is the simple relaying command to make network\r | |
20 | connection via SOCKS and https proxy. It is mainly intended to\r | |
21 | be used as <strong>proxy command</strong> of OpenSSH. You can make SSH session\r | |
22 | beyond the firewall with this command,\r | |
23 | \r | |
24 | </p>\r | |
25 | \r | |
26 | <p>\r | |
27 | Features of <strong>connect.c</strong> are:\r | |
28 | \r | |
29 | </p>\r | |
30 | \r | |
31 | <ul>\r | |
32 | <li>Supports SOCKS (version 4/4a/5) and https CONNECT method.\r | |
33 | </li>\r | |
34 | <li>Supports NO-AUTH and USERPASS authentication of SOCKS\r | |
35 | </li>\r | |
c3adcdf8 | 36 | <li>Partially supports telnet proxy (experimental).\r |
37 | </li>\r | |
cef3726d | 38 | <li>You can input password from tty, ssh-askpass or\r |
39 | environment variable.\r | |
40 | </li>\r | |
41 | <li>Run on UNIX or Windows platform.\r | |
42 | </li>\r | |
43 | <li>You can compile with various C compiler (cc, gcc, Visual C, Borland C. etc.)\r | |
44 | </li>\r | |
45 | <li>Simple and general program independent from OpenSSH.\r | |
46 | </li>\r | |
47 | <li>You can also relay local socket stream instead of standard I/O.\r | |
48 | </li>\r | |
49 | </ul>\r | |
50 | \r | |
51 | <p>\r | |
52 | Download source code from:\r | |
c3adcdf8 | 53 | <a href="http://www.taiyo.co.jp/~gotoh/ssh/connect.c">http://www.taiyo.co.jp/~gotoh/ssh/connect.c</a>\r |
cef3726d | 54 | <br/>\r |
55 | For windows user, pre-compiled binary is also available:\r | |
c3adcdf8 | 56 | <a href="http://www.taiyo.co.jp/~gotoh/ssh/connect.exe">http://www.taiyo.co.jp/~gotoh/ssh/connect.exe</a> (compiled with MSVC)\r |
cef3726d | 57 | \r |
58 | </p>\r | |
59 | \r | |
c3adcdf8 | 60 | <h2>Contents</h2>\r |
cef3726d | 61 | <dl class="contents">\r |
62 | <dt class="contents">\r | |
c3adcdf8 | 63 | <a href="#sec1">News</a>\r |
cef3726d | 64 | </dt>\r |
65 | <dt class="contents">\r | |
c3adcdf8 | 66 | <a href="#sec2">What is 'proxy command'</a>\r |
cef3726d | 67 | </dt>\r |
68 | <dt class="contents">\r | |
c3adcdf8 | 69 | <a href="#sec3">How to Use</a>\r |
cef3726d | 70 | </dt>\r |
71 | <dd>\r | |
72 | <dl class="contents">\r | |
73 | <dt class="contents">\r | |
c3adcdf8 | 74 | <a href="#sec4">Get Source</a>\r |
cef3726d | 75 | </dt>\r |
76 | <dt class="contents">\r | |
c3adcdf8 | 77 | <a href="#sec5">Compile and Install</a>\r |
cef3726d | 78 | </dt>\r |
79 | <dt class="contents">\r | |
c3adcdf8 | 80 | <a href="#sec6">Modify your ~/.ssh/config</a>\r |
cef3726d | 81 | </dt>\r |
82 | <dt class="contents">\r | |
c3adcdf8 | 83 | <a href="#sec7">Use SSH</a>\r |
cef3726d | 84 | </dt>\r |
85 | <dt class="contents">\r | |
c3adcdf8 | 86 | <a href="#sec8">Have trouble?</a>\r |
cef3726d | 87 | </dt>\r |
88 | </dl>\r | |
89 | </dd>\r | |
90 | <dt class="contents">\r | |
c3adcdf8 | 91 | <a href="#sec9">More Detail</a>\r |
92 | </dt>\r | |
93 | <dt class="contents">\r | |
94 | <a href="#sec10">Specifying user name via environment variables</a>\r | |
95 | </dt>\r | |
96 | <dt class="contents">\r | |
97 | <a href="#sec11">Specifying password via environment variables</a>\r | |
cef3726d | 98 | </dt>\r |
99 | <dt class="contents">\r | |
c3adcdf8 | 100 | <a href="#sec12">Limitations</a>\r |
cef3726d | 101 | </dt>\r |
102 | <dd>\r | |
103 | <dl class="contents">\r | |
104 | <dt class="contents">\r | |
c3adcdf8 | 105 | <a href="#sec13">SOCKS5 authentication</a>\r |
106 | </dt>\r | |
107 | <dt class="contents">\r | |
108 | <a href="#sec14">HTTP authentication</a>\r | |
cef3726d | 109 | </dt>\r |
110 | <dt class="contents">\r | |
c3adcdf8 | 111 | <a href="#sec15">Switching proxy server</a>\r |
cef3726d | 112 | </dt>\r |
113 | <dt class="contents">\r | |
c3adcdf8 | 114 | <a href="#sec16">Telnet Proxy</a>\r |
cef3726d | 115 | </dt>\r |
116 | </dl>\r | |
117 | </dd>\r | |
118 | <dt class="contents">\r | |
c3adcdf8 | 119 | <a href="#sec17">Tips</a>\r |
cef3726d | 120 | </dt>\r |
121 | <dd>\r | |
122 | <dl class="contents">\r | |
123 | <dt class="contents">\r | |
c3adcdf8 | 124 | <a href="#sec18">Proxying socket connection</a>\r |
cef3726d | 125 | </dt>\r |
126 | <dt class="contents">\r | |
c3adcdf8 | 127 | <a href="#sec19">Use with ssh-askpass command</a>\r |
cef3726d | 128 | </dt>\r |
129 | <dt class="contents">\r | |
c3adcdf8 | 130 | <a href="#sec20">Use for Network Stream of Emacs</a>\r |
cef3726d | 131 | </dt>\r |
132 | <dt class="contents">\r | |
c3adcdf8 | 133 | <a href="#sec21">Remote resolver</a>\r |
cef3726d | 134 | </dt>\r |
135 | <dt class="contents">\r | |
c3adcdf8 | 136 | <a href="#sec22">Hopping Connection via SSH</a>\r |
cef3726d | 137 | </dt>\r |
138 | </dl>\r | |
139 | </dd>\r | |
140 | <dt class="contents">\r | |
c3adcdf8 | 141 | <a href="#sec23">Break The More Restricted Wall</a>\r |
142 | </dt>\r | |
143 | <dt class="contents">\r | |
144 | <a href="#sec24">F.Y.I.</a>\r | |
cef3726d | 145 | </dt>\r |
146 | <dd>\r | |
147 | <dl class="contents">\r | |
148 | <dt class="contents">\r | |
c3adcdf8 | 149 | <a href="#sec25">Difference between SOCKS versions.</a>\r |
cef3726d | 150 | </dt>\r |
151 | <dt class="contents">\r | |
c3adcdf8 | 152 | <a href="#sec26">Configuration to use HTTPS</a>\r |
cef3726d | 153 | </dt>\r |
154 | <dt class="contents">\r | |
c3adcdf8 | 155 | <a href="#sec27">SOCKS5 Servers</a>\r |
cef3726d | 156 | </dt>\r |
157 | <dt class="contents">\r | |
c3adcdf8 | 158 | <a href="#sec28">Specifications</a>\r |
cef3726d | 159 | </dt>\r |
160 | <dt class="contents">\r | |
c3adcdf8 | 161 | <a href="#sec29">Related Links</a>\r |
cef3726d | 162 | </dt>\r |
163 | <dt class="contents">\r | |
c3adcdf8 | 164 | <a href="#sec30">Similars</a>\r |
cef3726d | 165 | </dt>\r |
166 | </dl>\r | |
167 | </dd>\r | |
c3adcdf8 | 168 | <dt class="contents">\r |
169 | <a href="#sec31">hisotry</a>\r | |
170 | </dt>\r | |
cef3726d | 171 | </dl>\r |
172 | \r | |
cef3726d | 173 | \r |
c3adcdf8 | 174 | <h2><a name="sec1" id="sec1"></a>News</h2>\r |
cef3726d | 175 | <dl>\r |
c3adcdf8 | 176 | <dt>2005-03-04</dt>\r |
cef3726d | 177 | <dd>\r |
c3adcdf8 | 178 | Updated compile option for Mac OS X.\r |
cef3726d | 179 | </dd>\r |
c3adcdf8 | 180 | <dt>2005-02-21</dt>\r |
cef3726d | 181 | <dd>\r |
c3adcdf8 | 182 | Rev.1.92. Removed assertions which has no mean and worse for windows\r |
183 | suggested by OZAWA Takahiro.\r | |
cef3726d | 184 | </dd>\r |
c3adcdf8 | 185 | <dt>2005-01-12</dt>\r |
cef3726d | 186 | <dd>\r |
c3adcdf8 | 187 | Rev.1.90. Fixed not to cause seg-fault on accessing to non HTTP\r |
188 | port. This problem is reported by Jason Armstrong <ja at riverdrums.com>.\r | |
cef3726d | 189 | </dd>\r |
c3adcdf8 | 190 | <dt>2004-10-30</dt>\r |
cef3726d | 191 | <dd>\r |
c3adcdf8 | 192 | Rev.1.89. Partial support for telnet proxy.\r |
193 | Thanks to Gregory Shimansky <gshimansky at mail dot ru>. \r | |
194 | (Note: This is ad-hoc implementation, so it is not enough for\r | |
195 | various type of telnet proxies.\r | |
196 | And password interaction is not supported.)\r | |
cef3726d | 197 | </dd>\r |
198 | </dl>\r | |
199 | \r | |
c3adcdf8 | 200 | <h2><a name="sec2" id="sec2"></a>What is 'proxy command'</h2>\r |
cef3726d | 201 | \r |
202 | <p>\r | |
203 | OpenSSH development team decides to stop supporting SOCKS and any\r | |
204 | other tunneling mechanism. It was aimed to separate complexity to\r | |
205 | support various mechanism of proxying from core code. And they\r | |
c3adcdf8 | 206 | recommends more flexible mechanism: <strong>ProxyCommand</strong> option\r |
cef3726d | 207 | instead.\r |
208 | \r | |
209 | </p>\r | |
210 | \r | |
211 | <p>\r | |
212 | Proxy command mechanism is delegation of network stream\r | |
c3adcdf8 | 213 | communication. If <strong>ProxyCommand</strong> options is specified, SSH\r |
cef3726d | 214 | invoke specified external command and talk with standard I/O of thid\r |
215 | command. Invoked command undertakes network communication with\r | |
216 | relaying to/from standard input/output including iniitial\r | |
217 | communication or negotiation for proxying. Thus, ssh can split out\r | |
218 | proxying code into external command.\r | |
219 | \r | |
220 | </p>\r | |
221 | \r | |
222 | <p>\r | |
c3adcdf8 | 223 | The <strong>connect.c</strong> program was made for this purpose.\r |
cef3726d | 224 | \r |
225 | </p>\r | |
226 | \r | |
c3adcdf8 | 227 | <h2><a name="sec3" id="sec3"></a>How to Use</h2>\r |
cef3726d | 228 | \r |
c3adcdf8 | 229 | <h3><a name="sec4" id="sec4"></a>Get Source</h3>\r |
cef3726d | 230 | \r |
231 | <p>\r | |
c3adcdf8 | 232 | Download source code from <a href="http://www.taiyo.co.jp/~gotoh/ssh/connect.c">here</a>.\r |
cef3726d | 233 | <br/>\r |
234 | If you are MS Windows user, you can get pre-compiled binary from\r | |
c3adcdf8 | 235 | <a href="http://www.taiyo.co.jp/~gotoh/ssh/connect.exe">here</a>.\r |
cef3726d | 236 | \r |
237 | </p>\r | |
238 | \r | |
c3adcdf8 | 239 | <h3><a name="sec5" id="sec5"></a>Compile and Install</h3>\r |
cef3726d | 240 | \r |
241 | <p>\r | |
c3adcdf8 | 242 | In most environment, you can compile <strong>connect.c</strong> simply.\r |
cef3726d | 243 | On UNIX environment, you can use cc or gcc.\r |
244 | On Windows environment, you can use Microsoft Visual C, Borland C or Cygwin gcc.\r | |
245 | \r | |
246 | </p>\r | |
247 | \r | |
248 | <table border="2" cellpadding="5">\r | |
249 | <thead>\r | |
250 | <tr>\r | |
251 | <th>Compiler</th><th>command line to compile</th>\r | |
252 | </tr>\r | |
253 | </thead>\r | |
254 | <tbody>\r | |
255 | <tr>\r | |
256 | <td>UNIX cc</td><td>cc connect.c -o connect</td>\r | |
257 | </tr>\r | |
258 | <tr>\r | |
259 | <td>UNIX gcc</td><td>gcc connect.c -o connect</td>\r | |
260 | </tr>\r | |
261 | <tr>\r | |
262 | <td>Solaris</td><td>gcc connect.c -o connect -lnsl -lsocket -lresolv</td>\r | |
263 | </tr>\r | |
264 | <tr>\r | |
265 | <td>Microsoft Visual C/C++</td><td>cl connect.c wsock32.lib advapi32.lib</td>\r | |
266 | </tr>\r | |
267 | <tr>\r | |
268 | <td>Borland C</td><td>bcc32 connect.c wsock32.lib advapi32.lib</td>\r | |
269 | </tr>\r | |
270 | <tr>\r | |
271 | <td>Cygwin gcc</td><td>gcc connect.c -o connect</td>\r | |
272 | </tr>\r | |
c3adcdf8 | 273 | <tr>\r |
274 | <td>Mac OS X</td><td>gcc connect.c -o connect -lresolv<br/>or<br/>gcc connect.c -o connect -DBIND_8_COMPAT=1</td>\r | |
275 | </tr>\r | |
cef3726d | 276 | </tbody>\r |
277 | </table>\r | |
278 | \r | |
279 | <p>\r | |
c3adcdf8 | 280 | To install <strong>connect</strong> command, simply copy compiled binary to directory\r |
cef3726d | 281 | in your PATH (ex. /usr/local/bin). Like this:\r |
282 | \r | |
283 | </p>\r | |
284 | \r | |
285 | <pre class="example">\r | |
286 | $ cp connect /usr/local/bin\r | |
287 | </pre>\r | |
288 | \r | |
c3adcdf8 | 289 | <h3><a name="sec6" id="sec6"></a>Modify your ~/.ssh/config</h3>\r |
cef3726d | 290 | \r |
291 | <p>\r | |
c3adcdf8 | 292 | Modify your <code>~/.ssh/config</code> file to use <strong>connect</strong> command as\r |
293 | <strong>proxy command</strong>. For the case of SOCKS server is running on\r | |
294 | firewall host <code>socks.local.net</code> with port 1080, you can add\r | |
295 | <strong>ProxyCommand</strong> option in <code>~/.ssh/config</code>, like this:\r | |
cef3726d | 296 | \r |
297 | </p>\r | |
298 | \r | |
299 | <pre class="example">\r | |
300 | Host remote.outside.net\r | |
301 | ProxyCommand connect -S socks.local.net %h %p\r | |
302 | </pre>\r | |
303 | \r | |
304 | <p>\r | |
c3adcdf8 | 305 | <code>%h</code> and <code>%p</code> will be replaced on invoking proxy command with\r |
cef3726d | 306 | target hostname and port specified to SSH command.\r |
307 | \r | |
308 | </p>\r | |
309 | \r | |
310 | <p>\r | |
311 | If you hate writing many entries of remote hosts, following example\r | |
312 | may help you.\r | |
313 | \r | |
314 | </p>\r | |
315 | \r | |
316 | <pre class="example">\r | |
317 | ## Outside of the firewall, use connect command with SOCKS conenction.\r | |
318 | Host *\r | |
319 | ProxyCommand connect -S socks.local.net %h %p\r | |
320 | \r | |
321 | ## Inside of the firewall, use connect command with direct connection.\r | |
322 | Host *.local.net\r | |
323 | ProxyCommand connect %h %p\r | |
324 | </pre>\r | |
325 | \r | |
326 | <p>\r | |
c3adcdf8 | 327 | If you want to use http proxy, use <strong>-H</strong> option instead of <strong>-S</strong>\r |
cef3726d | 328 | option in examle above, like this:\r |
329 | \r | |
330 | </p>\r | |
331 | \r | |
332 | <pre class="example">\r | |
333 | ## Outside of the firewall, with HTTP proxy\r | |
334 | Host *\r | |
335 | ProxyCommand connect -H proxy.local.net:8080 %h %p\r | |
336 | \r | |
337 | ## Inside of the firewall, direct\r | |
338 | Host *.local.net\r | |
339 | ProxyCommand connect %h %p\r | |
340 | </pre>\r | |
341 | \r | |
c3adcdf8 | 342 | <h3><a name="sec7" id="sec7"></a>Use SSH</h3>\r |
cef3726d | 343 | \r |
344 | <p>\r | |
345 | After editing your <code>~/.ssh/config</code> file, you are ready to use ssh.\r | |
346 | You can execute ssh without any special options as if remote host is\r | |
c3adcdf8 | 347 | IP reachable host. Following is an example to execute <code>hostname</code>\r |
348 | command on host <code>remote.outside.net</code>.\r | |
cef3726d | 349 | \r |
350 | </p>\r | |
351 | \r | |
352 | <pre class="example">\r | |
353 | $ ssh remote.outside.net hostname\r | |
354 | remote.outside.net\r | |
355 | $\r | |
356 | </pre>\r | |
357 | \r | |
c3adcdf8 | 358 | <h3><a name="sec8" id="sec8"></a>Have trouble?</h3>\r |
cef3726d | 359 | \r |
360 | <p>\r | |
c3adcdf8 | 361 | If you have trouble, execute <strong>connect</strong> command from command line\r |
362 | with <code>-d</code> option to see what is happened. Some debug message may\r | |
cef3726d | 363 | appear and reports progress. This information may tell you what is\r |
364 | wrong. In this example, error has occurred on authentication stage of\r | |
365 | SOCKS5 protocol.\r | |
366 | \r | |
367 | </p>\r | |
368 | \r | |
369 | <pre class="example">\r | |
370 | $ connect -d -S socks.local.net unknown.remote.outside.net 110\r | |
371 | DEBUG: relay_method = SOCKS (2)\r | |
372 | DEBUG: relay_host=socks.local.net\r | |
373 | DEBUG: relay_port=1080\r | |
374 | DEBUG: relay_user=gotoh\r | |
375 | DEBUG: socks_version=5\r | |
376 | DEBUG: socks_resolve=REMOTE (2)\r | |
377 | DEBUG: local_type=stdio\r | |
378 | DEBUG: dest_host=unknown.remote.outside.net\r | |
379 | DEBUG: dest_port=110\r | |
380 | DEBUG: Program is $Revision$\r | |
381 | DEBUG: connecting to xxx.xxx.xxx.xxx:1080\r | |
382 | DEBUG: begin_socks_relay()\r | |
383 | DEBUG: atomic_out() [4 bytes]\r | |
c3adcdf8 | 384 | DEBUG: >>> 05 02 00 02\r |
cef3726d | 385 | DEBUG: atomic_in() [2 bytes]\r |
c3adcdf8 | 386 | DEBUG: <<< 05 02\r |
cef3726d | 387 | DEBUG: auth method: USERPASS\r |
388 | DEBUG: atomic_out() [some bytes]\r | |
c3adcdf8 | 389 | DEBUG: >>> xx xx xx xx ...\r |
cef3726d | 390 | DEBUG: atomic_in() [2 bytes]\r |
c3adcdf8 | 391 | DEBUG: <<< 01 01\r |
cef3726d | 392 | ERROR: Authentication faield.\r |
393 | FATAL: failed to begin relaying via SOCKS.\r | |
394 | </pre>\r | |
395 | \r | |
c3adcdf8 | 396 | <h2><a name="sec9" id="sec9"></a>More Detail</h2>\r |
cef3726d | 397 | \r |
398 | <p>\r | |
399 | Command line usage is here:\r | |
400 | \r | |
401 | </p>\r | |
402 | \r | |
403 | <pre class="example">\r | |
c3adcdf8 | 404 | usage: connect [-dnhst45] [-R resolve] [-p local-port] [-w sec]\r |
cef3726d | 405 | [-H [user@]proxy-server[:port]]\r |
406 | [-S [user@]socks-server[:port]]\r | |
c3adcdf8 | 407 | [-T socks-server:[port]]\r |
408 | [-c telnet-proxy-command]\r | |
cef3726d | 409 | host port\r |
410 | </pre>\r | |
411 | \r | |
412 | <p>\r | |
c3adcdf8 | 413 | <strong><em>host</em></strong> and <strong><em>port</em></strong> is target hostname and port-number to connect.\r |
cef3726d | 414 | \r |
415 | </p>\r | |
416 | \r | |
417 | <p>\r | |
c3adcdf8 | 418 | <strong>-H</strong> option specify hostname and port number of http proxy server to\r |
cef3726d | 419 | relay. If port is omitted, 80 is used. You can specify this value by\r |
c3adcdf8 | 420 | environment variable <code>HTTP_PROXY</code> and give <strong>-h</strong> option to use it.\r |
421 | \r | |
422 | </p>\r | |
423 | \r | |
424 | <p>\r | |
425 | <strong>-S</strong> option specify hostname and port number of SOCKS server to\r | |
426 | relay. Like <strong>-H</strong> option, port number can be omit and default is 1080. \r | |
427 | You can also specify this value pair by environment variable\r | |
428 | <code>SOCKS5_SERVER</code> and give <strong>-s</strong> option to use it.\r | |
cef3726d | 429 | \r |
430 | </p>\r | |
431 | \r | |
432 | <p>\r | |
c3adcdf8 | 433 | <strong>-T</strong> option specify hostname and port number of telnet proxy to\r |
434 | relay. The port number can be omit and default is 23.\r | |
cef3726d | 435 | You can also specify this value pair by environment variable\r |
c3adcdf8 | 436 | <code>TELNET_PROXY</code> and give <strong>-t</strong> option to use it.\r |
cef3726d | 437 | \r |
438 | </p>\r | |
439 | \r | |
440 | <p>\r | |
c3adcdf8 | 441 | <strong>-4</strong> and <strong>-5</strong> is for specifying SOCKS protocol version. It is\r |
442 | valid only using with <strong>-s</strong> or <strong>-S</strong>. Default is <strong>-5</strong>\r | |
cef3726d | 443 | (protocol version 5)\r |
444 | \r | |
445 | </p>\r | |
446 | \r | |
447 | <p>\r | |
c3adcdf8 | 448 | <strong>-R</strong> is for specifying method to resolve hostname. 3 keywords\r |
449 | (<code>local</code>, <code>remote</code>, <code>both</code>) or dot-notation IP address is\r | |
450 | allowed. Keyword <code>both</code> means; "Try local first, then\r | |
cef3726d | 451 | remote". If dot-notation IP address is specified, use this host as\r |
c3adcdf8 | 452 | nameserver (UNIX only). Default is <code>remote</code> for SOCKS5 or <code>local</code>\r |
453 | for others. On SOCKS4 protocol, remote resolving method (<code>remote</code>\r | |
454 | and <code>both</code>) use protocol version 4a.\r | |
cef3726d | 455 | \r |
456 | </p>\r | |
457 | \r | |
458 | <p>\r | |
c3adcdf8 | 459 | The <strong>-p</strong> option specifys to wait a local TCP port and make relaying\r |
460 | with it instead of standard input and output.\r | |
cef3726d | 461 | \r |
462 | </p>\r | |
463 | \r | |
464 | <p>\r | |
c3adcdf8 | 465 | The <strong>-w</strong> option specifys timeout seconds on making connection with\r |
466 | target host.\r | |
cef3726d | 467 | \r |
468 | </p>\r | |
469 | \r | |
470 | <p>\r | |
c3adcdf8 | 471 | The <strong>-c</strong> option specifys request string against telnet\r |
472 | proxy server. The special word '%h' and '%p' in this string are replaced\r | |
473 | as hostname and port number before sending. \r | |
474 | For telnet proxy by <a class="nonexistent" href="mailto:gotoh@taiyo.co.jp">DeleGate</a>, both "telnet %h %p" and "%h:%p"\r | |
475 | are acceptable.\r | |
476 | Default is "telnet %h %p".\r | |
477 | \r | |
478 | </p>\r | |
479 | \r | |
480 | <p>\r | |
481 | The <strong>-a</strong> option specifiys user intended authentication methods\r | |
482 | separated by comma. Currently <code>userpass</code> and <code>none</code> are\r | |
483 | supported. Default is <code>userpass</code>. You can also specifying this\r | |
cef3726d | 484 | parameter by the environment variable <code>SOCKS5_AUTH</code>.\r |
485 | \r | |
486 | </p>\r | |
487 | \r | |
488 | <p>\r | |
c3adcdf8 | 489 | The <strong>-d</strong> option is used for debug. If you fail to connect, use this\r |
cef3726d | 490 | and check request to and response from server.\r |
491 | \r | |
492 | </p>\r | |
493 | \r | |
494 | <p>\r | |
c3adcdf8 | 495 | You can omit <strong><em>port</em></strong> argument when program name is special format\r |
cef3726d | 496 | containing port number itself. For example, \r |
497 | \r | |
498 | </p>\r | |
499 | \r | |
500 | <pre class="example">\r | |
501 | $ ln -s connect connect-25\r | |
502 | $ ./connect-25 smtphost.outside.net\r | |
503 | 220 smtphost.outside.net ESMTP Sendmail\r | |
504 | QUIT\r | |
505 | 221 2.0.0 smtphost.remote.net closing connection\r | |
506 | $\r | |
507 | </pre>\r | |
508 | \r | |
509 | <p>\r | |
510 | This example means that the command name "<code>connect-25</code>" contains port number\r | |
511 | 25 so you can omit 2nd argument (and used if specified explicitly).\r | |
512 | \r | |
513 | </p>\r | |
514 | \r | |
c3adcdf8 | 515 | <h2><a name="sec10" id="sec10"></a>Specifying user name via environment variables</h2>\r |
516 | \r | |
517 | <p>\r | |
518 | There are 5 environemnt variables to specify\r | |
519 | user name without command line option. This mechanism is usefull\r | |
520 | for the user who using another user name different from system account.\r | |
521 | \r | |
522 | </p>\r | |
523 | \r | |
524 | <dl>\r | |
525 | <dt>SOCKS5_USER</dt>\r | |
526 | <dd>\r | |
527 | Used for SOCKS v5 access.\r | |
528 | </dd>\r | |
529 | <dt>SOCKS4_USER</dt>\r | |
530 | <dd>\r | |
531 | Used for SOCKS v4 access.\r | |
532 | </dd>\r | |
533 | <dt>SOCKS_USER</dt>\r | |
534 | <dd>\r | |
535 | Used for SOCKS v5 or v4 access and varaibles above are not defined.\r | |
536 | </dd>\r | |
537 | <dt>HTTP_PROXY_USER</dt>\r | |
538 | <dd>\r | |
539 | Used for HTTP proxy access.\r | |
540 | </dd>\r | |
541 | <dt>CONNECT_USER</dt>\r | |
542 | <dd>\r | |
543 | Used for all type of access if all above are not defined.\r | |
544 | </dd>\r | |
545 | </dl>\r | |
546 | \r | |
547 | <p>\r | |
548 | Following table describes how user name is determined.\r | |
549 | Left most number is order to check. If variable is not defined,\r | |
550 | check next variable, and so on.\r | |
551 | \r | |
552 | </p>\r | |
553 | \r | |
554 | <table border=1>\r | |
555 | <tr align=center><th></th><th>SOCKS v5</th><th>SOCKS v4</th><th>HTTP proxy</th></tr>\r | |
556 | <tr align=center><td>1</td><td>SOCKS5_USER</td><td>SOCKS4_USER</td><td rowspan=2>HTTP_PROXY_USER</td></tr>\r | |
557 | <tr align=center><td>2</td><td colspan=2>SOCKS_USER</td></tr>\r | |
558 | <tr align=center><td>3</td><td colspan=3>CONNECT_USER</td></tr>\r | |
559 | <tr align=center><td>4</td><td colspan=3><i>(query user name to system)</i></td></tr>\r | |
560 | </table>\r | |
561 | \r | |
562 | <h2><a name="sec11" id="sec11"></a>Specifying password via environment variables</h2>\r | |
563 | \r | |
564 | <p>\r | |
565 | There are 5 environemnt variables to specify\r | |
566 | password. If you use this feature, please note that it is\r | |
567 | not secure way.\r | |
568 | \r | |
569 | </p>\r | |
570 | \r | |
571 | <dl>\r | |
572 | <dt>SOCKS5_PASSWD</dt>\r | |
573 | <dd>\r | |
574 | Used for SOCKS v5 access. This variables is compatible\r | |
575 | with NEC SOCKS implementation.\r | |
576 | </dd>\r | |
577 | <dt>SOCKS5_PASSWORD</dt>\r | |
578 | <dd>\r | |
579 | Used for SOCKS v5 access if SOCKS5_PASSWD is not defined.\r | |
580 | </dd>\r | |
581 | <dt>SOCKS_PASSWORD</dt>\r | |
582 | <dd>\r | |
583 | Used for SOCKS v5 (or v4) access all above is not defined.\r | |
584 | </dd>\r | |
585 | <dt>HTTP_PROXY_PASSWORD</dt>\r | |
586 | <dd>\r | |
587 | Used for HTTP proxy access.\r | |
588 | </dd>\r | |
589 | <dt>CONNECT_PASSWORD</dt>\r | |
590 | <dd>\r | |
591 | Used for all type of access if all above are not defined.\r | |
592 | </dd>\r | |
593 | </dl>\r | |
594 | \r | |
595 | <p>\r | |
596 | Following table describes how password is determined.\r | |
597 | Left most number is order to check. If variable is not defined,\r | |
598 | check next variable, and so on. Finally ask to user interactively\r | |
599 | using external program or tty input.\r | |
600 | \r | |
601 | </p>\r | |
602 | \r | |
603 | <table border=1>\r | |
604 | <tr align=center><th></th><th>SOCKS v5</th><th>HTTP proxy</th></tr>\r | |
605 | <tr align=center><td>1</td><td>SOCKS5_PASSWD</td><td rowspan=2>HTTP_PROXY_PASSWORD</td></tr>\r | |
606 | <tr align=center><td>2</td><td>SOCKS_PASSWORD</td></tr>\r | |
607 | <tr align=center><td>3</td><td colspan=2>CONNECT_PASSWORD</td></tr>\r | |
608 | <tr align=center><td>4</td><td colspan=2><i>(ask to user interactively)</i></td></tr>\r | |
609 | </table>\r | |
610 | \r | |
611 | <h2><a name="sec12" id="sec12"></a>Limitations</h2>\r | |
cef3726d | 612 | \r |
c3adcdf8 | 613 | <h3><a name="sec13" id="sec13"></a>SOCKS5 authentication</h3>\r |
cef3726d | 614 | \r |
615 | <p>\r | |
616 | Only NO-AUTH and USER/PASSWORD authentications are supported.\r | |
617 | GSSAPI authentication (RFC 1961) and other draft authentications (CHAP,\r | |
618 | EAP, MAF, etc.) is not supported.\r | |
619 | \r | |
620 | </p>\r | |
621 | \r | |
c3adcdf8 | 622 | <h3><a name="sec14" id="sec14"></a>HTTP authentication</h3>\r |
cef3726d | 623 | \r |
624 | <p>\r | |
625 | BASIC authentication is supported but DIGEST authentication is not.\r | |
626 | \r | |
627 | </p>\r | |
628 | \r | |
c3adcdf8 | 629 | <h3><a name="sec15" id="sec15"></a>Switching proxy server</h3>\r |
cef3726d | 630 | \r |
631 | <p>\r | |
632 | There is no mechanism to switch proxy server regarding to PC environment.\r | |
633 | This limitation might be bad news for mobile user.\r | |
634 | Since I do not want to make this program complex, I do not want to\r | |
635 | support although this feature is already requested. Please advice me\r | |
636 | if there is good idea of detecting environment to swich and simple way\r | |
637 | to specify conditioned directive of servers.\r | |
638 | \r | |
639 | </p>\r | |
640 | \r | |
641 | <p>\r | |
642 | One tricky workaround exists. It is replacing ~/.ssh/config file\r | |
643 | by script on ppp up/down.\r | |
644 | \r | |
645 | </p>\r | |
646 | \r | |
647 | <p>\r | |
648 | There's another example of wrapper script (contributed by Darren Tucker).\r | |
649 | This script costs executing ifconfig and grep to detect\r | |
650 | current environment, but it works. (NOTE: you should modify addresses\r | |
651 | if you use it.)\r | |
652 | \r | |
653 | </p>\r | |
654 | \r | |
655 | <pre class="example">\r | |
656 | #!/bin/sh\r | |
657 | ## ~/bin/myconnect --- Proxy server switching wrapper\r | |
658 | \r | |
c3adcdf8 | 659 | if ifconfig eth0 |grep "inet addr:192\.168\.1" >/dev/null; then\r |
660 | opts="-S 192.168.1.1:1080" \r | |
661 | elif ifconfig eth0 |grep "inet addr:10\." >/dev/null; then\r | |
662 | opts="-H 10.1.1.1:80"\r | |
cef3726d | 663 | else\r |
c3adcdf8 | 664 | opts="-s"\r |
cef3726d | 665 | fi\r |
666 | exec /usr/local/bin/connect $opts $@\r | |
667 | </pre>\r | |
668 | \r | |
c3adcdf8 | 669 | <h3><a name="sec16" id="sec16"></a>Telnet Proxy</h3>\r |
670 | \r | |
671 | <p>\r | |
672 | At first, note that the telnet proxy support is an partial feature.\r | |
673 | In this implementation, <strong>connect</strong> single requestinting and proxy\r | |
674 | returns some success/error detective in talked back lines including\r | |
675 | greeting, prompt and connected messages.\r | |
cef3726d | 676 | \r |
c3adcdf8 | 677 | </p>\r |
cef3726d | 678 | \r |
679 | <p>\r | |
c3adcdf8 | 680 | The <strong>connect</strong> simply send request after connection to proxy is\r |
681 | established before any response reading, then repeat reading response\r | |
682 | strings from proxy to decide remote connection request is succeeded or\r | |
683 | not by checking pre-defined phrase in each lines. There are\r | |
684 | pre-defined phrases which are good-phrase and bad-phrases. First\r | |
685 | good-phrase is checked and change state as relaying if exist.\r | |
686 | <strong>connect</strong> treat this line as final response from proxy before\r | |
687 | starting acutal communication with remote host. Or if good-phrase is\r | |
688 | not matched, bad-phrases will be checked. If one of bad-phrase\r | |
689 | matched, it cause connection error immediately.\r | |
690 | \r | |
691 | </p>\r | |
692 | \r | |
693 | <p>\r | |
694 | The pre-defined phrases are currently fixed string so you cannot\r | |
695 | change without modifying and compiling. The good-phrase is:\r | |
696 | "connected to". The bad-phrases are: " failed", " refused", "\r | |
697 | rejected", " closed".\r | |
698 | \r | |
699 | </p>\r | |
700 | \r | |
701 | <h2><a name="sec17" id="sec17"></a>Tips</h2>\r | |
702 | \r | |
703 | <h3><a name="sec18" id="sec18"></a>Proxying socket connection</h3>\r | |
704 | \r | |
705 | <p>\r | |
706 | In usual, <strong>connect.c</strong> relays network connection to/from standard\r | |
707 | input/output. By specifying <strong>-p</strong> option, however, <strong>connect.c</strong>\r | |
cef3726d | 708 | relays local network stream instead of standard input/output.\r |
c3adcdf8 | 709 | With this option, <strong>connect</strong> command waits connection\r |
cef3726d | 710 | from other program, then start relaying between both network stream.\r |
711 | \r | |
712 | </p>\r | |
713 | \r | |
714 | <p>\r | |
715 | This feature may be useful for the program which is hard to SOCKSify.\r | |
716 | \r | |
717 | </p>\r | |
718 | \r | |
c3adcdf8 | 719 | <h3><a name="sec19" id="sec19"></a>Use with ssh-askpass command</h3>\r |
cef3726d | 720 | \r |
721 | <p>\r | |
c3adcdf8 | 722 | <strong>connect.c</strong> ask you password when authentication is required. If\r |
cef3726d | 723 | you are using on tty/pty terminal, connect can input from terminal\r |
c3adcdf8 | 724 | with prompt. But you can also use <code>ssh-askpass</code> program to input\r |
cef3726d | 725 | password. If you are graphical environment like X Window or MS\r |
726 | Windows, and program does not have tty/pty, and environment variable\r | |
c3adcdf8 | 727 | SSH_ASKPASS is specified, then <strong>connect.c</strong> invoke command\r |
728 | specified by environment variable <code>SSH_ASKPASS</code> to input password.\r | |
cef3726d | 729 | <code>ssh-askpass</code> program might be installed if you are using OpenSSH on\r |
730 | UNIX environment. On Windows environment, pre-compiled binary is\r | |
731 | available from\r | |
c3adcdf8 | 732 | <a href="http://www.taiyo.co.jp/~gotoh/ssh/ssh-askpass.exe">here</a>.\r |
cef3726d | 733 | \r |
734 | </p>\r | |
735 | \r | |
736 | <p>\r | |
737 | This feature is limited on window system environment.\r | |
738 | \r | |
739 | </p>\r | |
740 | \r | |
741 | <p>\r | |
742 | And also useful on Emacs on MS Windows (NT Emacs or Meadow). It is\r | |
c3adcdf8 | 743 | hard to send passphrase to <strong>connect</strong> command (and also ssh)\r |
cef3726d | 744 | because external command is invoked on hidden terminal and do I/O with\r |
745 | this terminal. Using ssh-askpass avoids this problem.\r | |
746 | \r | |
747 | </p>\r | |
748 | \r | |
c3adcdf8 | 749 | <h3><a name="sec20" id="sec20"></a>Use for Network Stream of Emacs</h3>\r |
cef3726d | 750 | \r |
751 | <p>\r | |
c3adcdf8 | 752 | Although <strong>connect.c</strong> is made for OpenSSH, it is generic and\r |
cef3726d | 753 | independent from OpenSSH. So we can use this for other purpose. For\r |
754 | example, you can use this command in Emacs to open network connection\r | |
755 | with remote host over the firewall via SOCKS or HTTP proxy without\r | |
756 | SOCKSifying Emacs itself.\r | |
757 | \r | |
758 | </p>\r | |
759 | \r | |
760 | <p>\r | |
761 | There is sample code: \r | |
c3adcdf8 | 762 | <a href="http://www.taiyo.co.jp/~gotoh/lisp/relay.el">http://www.taiyo.co.jp/~gotoh/lisp/relay.el</a>\r |
cef3726d | 763 | \r |
764 | </p>\r | |
765 | \r | |
766 | <p>\r | |
767 | With this code, you can use <code>relay-open-network-stream</code> function\r | |
768 | instead of <code>open-network-stream</code> to make network connection. See top\r | |
769 | comments of source for more detail.\r | |
770 | \r | |
771 | </p>\r | |
772 | \r | |
c3adcdf8 | 773 | <h3><a name="sec21" id="sec21"></a>Remote resolver</h3>\r |
cef3726d | 774 | \r |
775 | <p>\r | |
776 | If you are SOCKS4 user on UNIX environment, you might want specify\r | |
777 | nameserver to resolve remote hostname. You can do it specifying\r | |
c3adcdf8 | 778 | <strong>-R</strong> option followed by IP address of resolver.\r |
cef3726d | 779 | \r |
780 | </p>\r | |
781 | \r | |
c3adcdf8 | 782 | <h3><a name="sec22" id="sec22"></a>Hopping Connection via SSH</h3>\r |
cef3726d | 783 | \r |
784 | <p>\r | |
c3adcdf8 | 785 | Conbination of ssh and <strong>connect</strong> command have more interesting usage.\r |
cef3726d | 786 | Following command makes indirect connection to host2:port from your\r |
787 | current host via host1.\r | |
788 | \r | |
789 | </p>\r | |
790 | \r | |
791 | <pre class="example">\r | |
792 | ssh host1 connect host2 port\r | |
793 | </pre>\r | |
794 | \r | |
795 | <p>\r | |
796 | This method is useful for the situations like:\r | |
797 | \r | |
798 | </p>\r | |
799 | \r | |
800 | <ul>\r | |
801 | <li>You are outside of organizasion now, but you want to access an\r | |
802 | internal host barriered by firewall.\r | |
803 | </li>\r | |
804 | <li>You want to use some service which is allowed only from some\r | |
805 | limited hosts.\r | |
806 | </li>\r | |
807 | </ul>\r | |
808 | \r | |
809 | <p>\r | |
810 | For example, I want to use local NetNews service in my office\r | |
811 | from home. I cannot make NNTP session directly because NNTP host is\r | |
812 | barriered by firewall. Fortunately, I have ssh account on internal\r | |
813 | host and allowed using SOCKS5 on firewall from outside. So I use\r | |
814 | following command to connect to NNTP service.\r | |
815 | \r | |
816 | </p>\r | |
817 | \r | |
818 | <pre class="example">\r | |
819 | $ ssh host1 connect news 119\r | |
820 | 200 news.my-office.com InterNetNews NNRP server INN 2.3.2 ready (posting ok).\r | |
821 | quit\r | |
822 | 205 .\r | |
823 | $\r | |
824 | </pre>\r | |
825 | \r | |
826 | <p>\r | |
827 | By combinating hopping connection and relay.el, I can read NetNews\r | |
828 | using <a href="http://www.gohome.org/wl/">Wanderlust</a> on Emacs at home.\r | |
829 | \r | |
830 | </p>\r | |
831 | \r | |
832 | <pre class="example">\r | |
833 | |\r | |
834 | External (internet) | Internal (office)\r | |
835 | |\r | |
836 | +------+ +----------+ +-------+ +-----------+\r | |
837 | | HOME | | firewall | | host1 | | NNTP host |\r | |
838 | +------+ +----------+ +-------+ +-----------+\r | |
c3adcdf8 | 839 | emacs <-------------- ssh ---------------> sshd <-- connect --> nntpd\r |
840 | <-- connect --> socksd <-- SOCKS -->\r | |
cef3726d | 841 | </pre>\r |
842 | \r | |
c3adcdf8 | 843 | <p>\r |
844 | As an advanced example, you can use SSH hopping as fetchmail's plug-in\r | |
845 | program to access via secure tunnel. This method requires that\r | |
846 | <strong>connect</strong> program is insatalled on remote host. There's example\r | |
847 | of .fetchmailrc bellow. When fetchmail access to mail-server, you will\r | |
848 | login to remote host using SSH then execute <strong>connect</strong> program on\r | |
849 | remote host to relay conversation with pop server. Thus fetchmail can\r | |
850 | retrieve mails in secure.\r | |
851 | \r | |
852 | </p>\r | |
853 | \r | |
854 | <blockquote>\r | |
855 | <p>\r | |
856 | poll mail-server\r | |
857 | protocol pop3\r | |
858 | plugin "ssh %h connect localhost %p"\r | |
859 | username "username"\r | |
860 | password "password"\r | |
861 | \r | |
862 | </p>\r | |
863 | </blockquote>\r | |
cef3726d | 864 | \r |
c3adcdf8 | 865 | <h2><a name="sec23" id="sec23"></a>Break The More Restricted Wall</h2>\r |
866 | \r | |
867 | <p>\r | |
868 | If firewall does not provide SOCKS nor HTTPS other than port 443, you\r | |
869 | cannot break the wall in usual way. But if you have you own host\r | |
870 | which is accessible from internet, you can make ssh connection to your\r | |
871 | own host by configuring sshd as waiting at port 443 instead of\r | |
872 | standard 22. By this, you can login to your own host via port 443.\r | |
873 | Once you have logged-in to extenal home machine, you can execute\r | |
874 | <strong>connect</strong> as second hop to make connection from your own host to\r | |
875 | final target host, like this:\r | |
876 | \r | |
877 | </p>\r | |
878 | \r | |
879 | <pre class="example">\r | |
880 | $ cat ~/.ssh/config\r | |
881 | Host home\r | |
882 | ProxyCommand connect -H firewall:8080 %h 443\r | |
883 | \r | |
884 | Host server\r | |
885 | ProxyCommand ssh home connect %h %p\r | |
886 | ...\r | |
887 | internal$ ssh home\r | |
888 | You are logged in to home!\r | |
889 | home# exit\r | |
890 | internal$ ssh server\r | |
891 | You are logged in to server!\r | |
892 | server# exit\r | |
893 | internal$\r | |
894 | </pre>\r | |
895 | \r | |
896 | <p>\r | |
897 | This way is similar to "Hopping connection via SSH" except configuring\r | |
898 | outer sshd as waiting at port 443 (https). This means that you have a\r | |
899 | capability to break the strongly restricted wall if you have own host\r | |
900 | out side of the wall.\r | |
901 | \r | |
902 | </p>\r | |
903 | \r | |
904 | <pre class="example">\r | |
905 | |\r | |
906 | Internal (office) | External (internet)\r | |
907 | |\r | |
908 | +--------+ +----------+ +------+ +--------+\r | |
909 | | office | | firewall | | home | | server |\r | |
910 | +--------+ +----------+ +------+ +--------+\r | |
911 | <------------------ ssh --------------------->sshd:443\r | |
912 | <-- connect --> http-proxy <-- https:443 --> any\r | |
913 | connect <-- tcp --> port\r | |
914 | </pre>\r | |
915 | \r | |
916 | <p>\r | |
917 | NOTE: If you wanna use this, you should give up hosting https service\r | |
918 | at port 443 on you external host 'home'.\r | |
919 | \r | |
920 | </p>\r | |
921 | \r | |
922 | <h2><a name="sec24" id="sec24"></a>F.Y.I.</h2>\r | |
923 | \r | |
924 | <h3><a name="sec25" id="sec25"></a>Difference between SOCKS versions.</h3>\r | |
cef3726d | 925 | \r |
926 | <p>\r | |
927 | SOCKS version 4 is first popular implementation which is documented\r | |
928 | <a href="http://www.socks.nec.com/protocol/socks4.protocol">here</a>. Since\r | |
929 | this protocol provide IP address based requesting, client program\r | |
930 | should resolve name of outer host by itself. Version 4a (documented\r | |
931 | <a href="http://www.socks.nec.com/protocol/socks4a.protocol">here</a>) is\r | |
932 | enhanced to allow request by hostname instead of IP address.\r | |
933 | \r | |
934 | </p>\r | |
935 | \r | |
936 | <p>\r | |
937 | SOCKS version 5 is re-designed protocol stands on experience of\r | |
938 | version 4 and 4a. There is no compativility with previous\r | |
939 | versions. Instead, there's some improvement: IPv6 support, request by\r | |
940 | hostname, UDP proxying, etc.\r | |
941 | \r | |
942 | </p>\r | |
943 | \r | |
c3adcdf8 | 944 | <h3><a name="sec26" id="sec26"></a>Configuration to use HTTPS</h3>\r |
cef3726d | 945 | \r |
946 | <p>\r | |
947 | Many http proxy servers implementation supports https <code>CONNECT</code> method\r | |
948 | (SLL). You might add configuration to allow using https. For the\r | |
949 | example of <a href="http://www.delegate.org/delegate/">DeleGate</a> (\r | |
950 | DeleGate is a multi-purpose application level gateway, or a proxy\r | |
c3adcdf8 | 951 | server) , you should add <code>https</code> to <code>REMITTABLE</code> parameter to\r |
cef3726d | 952 | allow HTTP-Proxy like this:\r |
953 | \r | |
954 | </p>\r | |
955 | \r | |
956 | <pre class="example">\r | |
957 | delegated -Pxxxx ...... REMITTABLE='+,https' ...\r | |
958 | </pre>\r | |
959 | \r | |
960 | <p>\r | |
961 | For the case of Squid, you should allow target ports via https by ACL,\r | |
962 | and so on.\r | |
963 | \r | |
964 | </p>\r | |
965 | \r | |
c3adcdf8 | 966 | <h3><a name="sec27" id="sec27"></a>SOCKS5 Servers</h3>\r |
cef3726d | 967 | \r |
968 | <dl>\r | |
969 | <dt><a href="http://www.socks.nec.com/refsoftware.html">NEC SOCKS Reference Implementation</a></dt>\r | |
970 | <dd>\r | |
971 | Reference implementation of SOKCS server and library.\r | |
972 | </dd>\r | |
973 | <dt><a href="http://www.inet.no/dante/index.html">Dante</a></dt>\r | |
974 | <dd>\r | |
975 | Dante is free implementation of SOKCS server and library.\r | |
976 | Many enhancements and modulalized.\r | |
977 | </dd>\r | |
978 | <dt><a href="http://www.delegate.org/delegate/">DeleGate</a></dt>\r | |
979 | <dd>\r | |
980 | DeleGate is multi function proxy service provider.\r | |
981 | DeleGate 5.x.x or earlier can be SOCKS4 server,\r | |
982 | and 6.x.x can be SOCKS5 and SOCKS4 server.\r | |
983 | and 7.7.0 or later can be SOCKS5 and SOCKS4a server.\r | |
984 | </dd>\r | |
985 | </dl>\r | |
986 | \r | |
c3adcdf8 | 987 | <h3><a name="sec28" id="sec28"></a>Specifications</h3>\r |
cef3726d | 988 | \r |
989 | <dl>\r | |
990 | <dt><a href="http://www.socks.nec.com/protocol/socks4.protocol">socks4.protocol.txt</a></dt>\r | |
991 | <dd>\r | |
992 | SOCKS: A protocol for TCP proxy across firewalls\r | |
993 | </dd>\r | |
994 | <dt><a href="http://www.socks.nec.com/protocol/socks4a.protocol">socks4a.protocol.txt</a></dt>\r | |
995 | <dd>\r | |
996 | SOCKS 4A: A Simple Extension to SOCKS 4 Protocol\r | |
997 | </dd>\r | |
998 | <dt><a href="http://www.socks.nec.com/rfc/rfc1928.txt">RFC 1928</a></dt>\r | |
999 | <dd>\r | |
1000 | SOCKS Protocol Version 5\r | |
1001 | </dd>\r | |
1002 | <dt><a href="http://www.socks.nec.com/rfc/rfc1929.txt">RFC 1929</a></dt>\r | |
1003 | <dd>\r | |
1004 | Username/Password Authentication for SOCKS V5\r | |
1005 | </dd>\r | |
1006 | <dt><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a></dt>\r | |
1007 | <dd>\r | |
1008 | Hypertext Transfer Protocol -- HTTP/1.1\r | |
1009 | </dd>\r | |
1010 | <dt><a href="http://www.ietf.org/rfc/rfc2617.txt">RFC 2617</a></dt>\r | |
1011 | <dd>\r | |
1012 | HTTP Authentication: Basic and Digest Access Authentication\r | |
1013 | </dd>\r | |
1014 | </dl>\r | |
1015 | \r | |
c3adcdf8 | 1016 | <h3><a name="sec29" id="sec29"></a>Related Links</h3>\r |
cef3726d | 1017 | \r |
1018 | <ul>\r | |
1019 | <li><a href="http://www.openssh.org">OpenSSH Home</a>\r | |
1020 | </li>\r | |
1021 | <li><a href="http://www.ssh.com/">Proprietary SSH</a>\r | |
1022 | </li>\r | |
c3adcdf8 | 1023 | <li><a href="http://www.taiyo.co.jp/~gotoh/ssh/openssh-socks.html">Using OpenSSH through a SOCKS compatible PROXY on your LAN</a> (J. Grant)\r |
cef3726d | 1024 | </li>\r |
1025 | </ul>\r | |
1026 | \r | |
c3adcdf8 | 1027 | <h3><a name="sec30" id="sec30"></a>Similars</h3>\r |
cef3726d | 1028 | \r |
1029 | <ul>\r | |
1030 | <li><a href="http://proxytunnel.sourceforge.net/">Proxy Tunnel</a> -- Proxying command using https CONNECT.\r | |
1031 | </li>\r | |
1032 | <li><a href="http://www.snurgle.org/~griffon/ssh-https-tunnel">stunnel</a> -- Proxy through an https tunnel (Perl script)\r | |
1033 | </li>\r | |
1034 | </ul>\r | |
c3adcdf8 | 1035 | \r |
1036 | <h2><a name="sec31" id="sec31"></a>hisotry</h2>\r | |
1037 | \r | |
1038 | <dl>\r | |
1039 | <dt>2004-07-21</dt>\r | |
1040 | <dd>\r | |
1041 | Rev.1.84. Fixed some typo.\r | |
1042 | </dd>\r | |
1043 | <dt>2004-05-18</dt>\r | |
1044 | <dd>\r | |
1045 | Rev.1.83. Fixed problem not work on Solaris.\r | |
1046 | </dd>\r | |
1047 | <dt>2004-04-27</dt>\r | |
1048 | <dd>\r | |
1049 | Rev.1.82. Bug fix of memory clear on http proxying.\r | |
1050 | </dd>\r | |
1051 | <dt>2004-04-22</dt>\r | |
1052 | <dd>\r | |
1053 | Rev. 1.81. Fixed memory violation and memory leak bug. New environment\r | |
1054 | variable SOCKS5_PASSWD for sharing value with NEC SOCKS implementation.\r | |
1055 | And document (this page) is updated.\r | |
1056 | </dd>\r | |
1057 | <dt>2004-03-30</dt>\r | |
1058 | <dd>\r | |
1059 | Rev. 1.76. Fixed to accept multiple 'Proxy-Authorization' response.\r | |
1060 | </dd>\r | |
1061 | <dt>2003-01-07</dt>\r | |
1062 | <dd>\r | |
1063 | Rev. 1.68. Fixed a trouble around timeout support.\r | |
1064 | </dd>\r | |
1065 | <dt>2002-11-21</dt>\r | |
1066 | <dd>\r | |
1067 | Rev. 1.64 supports reading parameters from file /etc/connectrc or\r | |
1068 | ~/.connectrc instead of specifying via environment variables. For\r | |
1069 | examle, you can use this feature to switch setting by replacing file\r | |
1070 | when network environment is changed. And added SOCKS_DIRECT,\r | |
1071 | SOCKS5_DIRECT, SOCKS4_DIRECT, HTTP_DIRECT, SOCKS5_AUTH, environment\r | |
1072 | parameters. (Thanks Masatoshi TSUCHIYA)\r | |
1073 | </dd>\r | |
1074 | <dt>2002-11-20</dt>\r | |
1075 | <dd>\r | |
1076 | Rev. 1.63 supports some old proxies which make response 401 with\r | |
1077 | WWW-Authenticate: header. And fixed to use username specified in\r | |
1078 | proxy host by -H option correctly. (contributed from Des Herriott, thanks)\r | |
1079 | </dd>\r | |
1080 | <dt>2002-10-14</dt>\r | |
1081 | <dd>\r | |
1082 | Rev. 1.61 with New option -w for specifying connection timeout.\r | |
1083 | Currently, it works on UNIX only. (contributed from Darren Tucker, thanks)\r | |
1084 | </dd>\r | |
1085 | <dt>2002-09-29</dt>\r | |
1086 | <dd>\r | |
1087 | Add sample script for switching proxy server\r | |
1088 | advised from Darren Tucker, thanks.\r | |
1089 | </dd>\r | |
1090 | <dt>2002-08-27</dt>\r | |
1091 | <dd>\r | |
1092 | connect.c is updataed to rev. 1.60.\r | |
1093 | </dd>\r | |
1094 | <dt>2002-04-08</dt>\r | |
1095 | <dd>\r | |
1096 | Updated <a href="http://www.taiyo.co.jp/~gotoh/ssh/openssh-socks.html">"Using OpenSSH through a SOCKS compatible PROXY on your LAN"</a> written by J. Grant. (version 0.8)\r | |
1097 | </dd>\r | |
1098 | <dt>2002-02-20</dt>\r | |
1099 | <dd>\r | |
1100 | Add link of new document "Using OpenSSH through a SOCKS compatible PROXY on your LAN"\r | |
1101 | written by J. Grant.\r | |
1102 | </dd>\r | |
1103 | <dt>2002-01-31</dt>\r | |
1104 | <dd>\r | |
1105 | Rev. 1.53 -- On Win32 and with MSVC, handle password\r | |
1106 | input from console correctly.\r | |
1107 | </dd>\r | |
1108 | <dt>2002-01-30</dt>\r | |
1109 | <dd>\r | |
1110 | Rev. 1.50 -- [Security Fix] Do not print secure info in debug mode.\r | |
1111 | </dd>\r | |
1112 | <dt>2002-01-09</dt>\r | |
1113 | <dd>\r | |
1114 | Web page was made.\r | |
1115 | connect.c is rev. 1.48.\r | |
1116 | </dd>\r | |
1117 | </dl>\r | |
cef3726d | 1118 | <br>\r |
1119 | \r | |
1120 | <!-- Page published by Emacs Wiki ends here -->\r | |
1121 | <div class="navfoot">\r | |
1122 | <hr/>\r | |
1123 | <table width="100%" border="0" summary="Footer navigation">\r | |
1124 | <tbody><tr>\r | |
1125 | <td width="50%" align="left">\r | |
c3adcdf8 | 1126 | <span class="footdate">Last Updated: 2005-03-07</span><br/>\r |
cef3726d | 1127 | </td>\r |
1128 | <td width="50%" align="right">\r | |
1129 | This page is authored by <a href="mailto:gotoh@taiyo.co.jp">Shun-ichi GOTO</a>\r | |
1130 | using <a href="http://repose.cx/emacs/wiki">emacs-wiki.el</a><br/>\r | |
1131 | </td>\r | |
1132 | </tr></tbody>\r | |
1133 | </table>\r | |
1134 | </div>\r | |
1135 | </body>\r | |
1136 | </html>\r |