]>
Commit | Line | Data |
---|---|---|
a9f441b5 JB |
1 | <?xml version="1.0" encoding="us-ascii"?>\r |
2 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"\r | |
3 | "http://www.w3.org/TR/xhtml1/DTD/strict.dtd">\r | |
4 | <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">\r | |
5 | <head>\r | |
6 | <title>SSH Proxy Command -- connect.c</title>\r | |
7 | <meta name="generator" content="emacs-wiki.el" />\r | |
8 | <meta http-equiv="Content-Type"\r | |
9 | content="us-ascii" />\r | |
10 | <link rev="made" href="mailto:gotoh@taiyo.co.jp" />\r | |
11 | <link rel="home" href="http://www.taiyo.co.jp/~gotoh/" />\r | |
12 | <link rel="index" href="http://www.taiyo.co.jp/~gotoh/SiteIndex.html" />\r | |
13 | <link rel="stylesheet" type="text/css" href="emacs-wiki.css" />\r | |
14 | </head>\r | |
15 | <body>\r | |
16 | <h1>SSH Proxy Command -- connect.c</h1>\r | |
17 | <!-- Page published by Emacs Wiki begins here -->\r | |
18 | <p>\r | |
19 | <strong>connect.c</strong> is the simple relaying command to make network\r | |
20 | connection via SOCKS and https proxy. It is mainly intended to\r | |
21 | be used as <strong>proxy command</strong> of OpenSSH. You can make SSH session\r | |
22 | beyond the firewall with this command,\r | |
23 | \r | |
24 | </p>\r | |
25 | \r | |
26 | <p>\r | |
27 | Features of <strong>connect.c</strong> are:\r | |
28 | \r | |
29 | </p>\r | |
30 | \r | |
31 | <ul>\r | |
32 | <li>Supports SOCKS (version 4/4a/5) and https CONNECT method.\r | |
33 | </li>\r | |
34 | <li>Supports NO-AUTH and USERPASS authentication of SOCKS\r | |
35 | </li>\r | |
36 | <li>Partially supports telnet proxy (experimental).\r | |
37 | </li>\r | |
38 | <li>You can input password from tty, ssh-askpass or\r | |
39 | environment variable.\r | |
40 | </li>\r | |
41 | <li>Run on UNIX or Windows platform.\r | |
42 | </li>\r | |
43 | <li>You can compile with various C compiler (cc, gcc, Visual C, Borland C. etc.)\r | |
44 | </li>\r | |
45 | <li>Simple and general program independent from OpenSSH.\r | |
46 | </li>\r | |
47 | <li>You can also relay local socket stream instead of standard I/O.\r | |
48 | </li>\r | |
49 | </ul>\r | |
50 | \r | |
51 | <p>\r | |
52 | Download source code from:\r | |
53 | <a href="http://www.taiyo.co.jp/~gotoh/ssh/connect.c">http://www.taiyo.co.jp/~gotoh/ssh/connect.c</a>\r | |
54 | <br/>\r | |
55 | For windows user, pre-compiled binary is also available:\r | |
56 | <a href="http://www.taiyo.co.jp/~gotoh/ssh/connect.exe">http://www.taiyo.co.jp/~gotoh/ssh/connect.exe</a> (compiled with MSVC)\r | |
57 | \r | |
58 | </p>\r | |
59 | \r | |
60 | <h2>Contents</h2>\r | |
61 | <dl class="contents">\r | |
62 | <dt class="contents">\r | |
63 | <a href="#sec1">News</a>\r | |
64 | </dt>\r | |
65 | <dt class="contents">\r | |
66 | <a href="#sec2">What is 'proxy command'</a>\r | |
67 | </dt>\r | |
68 | <dt class="contents">\r | |
69 | <a href="#sec3">How to Use</a>\r | |
70 | </dt>\r | |
71 | <dd>\r | |
72 | <dl class="contents">\r | |
73 | <dt class="contents">\r | |
74 | <a href="#sec4">Get Source</a>\r | |
75 | </dt>\r | |
76 | <dt class="contents">\r | |
77 | <a href="#sec5">Compile and Install</a>\r | |
78 | </dt>\r | |
79 | <dt class="contents">\r | |
80 | <a href="#sec6">Modify your ~/.ssh/config</a>\r | |
81 | </dt>\r | |
82 | <dt class="contents">\r | |
83 | <a href="#sec7">Use SSH</a>\r | |
84 | </dt>\r | |
85 | <dt class="contents">\r | |
86 | <a href="#sec8">Have trouble?</a>\r | |
87 | </dt>\r | |
88 | </dl>\r | |
89 | </dd>\r | |
90 | <dt class="contents">\r | |
91 | <a href="#sec9">More Detail</a>\r | |
92 | </dt>\r | |
93 | <dt class="contents">\r | |
94 | <a href="#sec10">Specifying user name via environment variables</a>\r | |
95 | </dt>\r | |
96 | <dt class="contents">\r | |
97 | <a href="#sec11">Specifying password via environment variables</a>\r | |
98 | </dt>\r | |
99 | <dt class="contents">\r | |
100 | <a href="#sec12">Limitations</a>\r | |
101 | </dt>\r | |
102 | <dd>\r | |
103 | <dl class="contents">\r | |
104 | <dt class="contents">\r | |
105 | <a href="#sec13">SOCKS5 authentication</a>\r | |
106 | </dt>\r | |
107 | <dt class="contents">\r | |
108 | <a href="#sec14">HTTP authentication</a>\r | |
109 | </dt>\r | |
110 | <dt class="contents">\r | |
111 | <a href="#sec15">Switching proxy server</a>\r | |
112 | </dt>\r | |
113 | <dt class="contents">\r | |
114 | <a href="#sec16">Telnet Proxy</a>\r | |
115 | </dt>\r | |
116 | </dl>\r | |
117 | </dd>\r | |
118 | <dt class="contents">\r | |
119 | <a href="#sec17">Tips</a>\r | |
120 | </dt>\r | |
121 | <dd>\r | |
122 | <dl class="contents">\r | |
123 | <dt class="contents">\r | |
124 | <a href="#sec18">Proxying socket connection</a>\r | |
125 | </dt>\r | |
126 | <dt class="contents">\r | |
127 | <a href="#sec19">Use with ssh-askpass command</a>\r | |
128 | </dt>\r | |
129 | <dt class="contents">\r | |
130 | <a href="#sec20">Use for Network Stream of Emacs</a>\r | |
131 | </dt>\r | |
132 | <dt class="contents">\r | |
133 | <a href="#sec21">Remote resolver</a>\r | |
134 | </dt>\r | |
135 | <dt class="contents">\r | |
136 | <a href="#sec22">Hopping Connection via SSH</a>\r | |
137 | </dt>\r | |
138 | </dl>\r | |
139 | </dd>\r | |
140 | <dt class="contents">\r | |
141 | <a href="#sec23">Break The More Restricted Wall</a>\r | |
142 | </dt>\r | |
143 | <dt class="contents">\r | |
144 | <a href="#sec24">F.Y.I.</a>\r | |
145 | </dt>\r | |
146 | <dd>\r | |
147 | <dl class="contents">\r | |
148 | <dt class="contents">\r | |
149 | <a href="#sec25">Difference between SOCKS versions.</a>\r | |
150 | </dt>\r | |
151 | <dt class="contents">\r | |
152 | <a href="#sec26">Configuration to use HTTPS</a>\r | |
153 | </dt>\r | |
154 | <dt class="contents">\r | |
155 | <a href="#sec27">SOCKS5 Servers</a>\r | |
156 | </dt>\r | |
157 | <dt class="contents">\r | |
158 | <a href="#sec28">Specifications</a>\r | |
159 | </dt>\r | |
160 | <dt class="contents">\r | |
161 | <a href="#sec29">Related Links</a>\r | |
162 | </dt>\r | |
163 | <dt class="contents">\r | |
164 | <a href="#sec30">Similars</a>\r | |
165 | </dt>\r | |
166 | </dl>\r | |
167 | </dd>\r | |
168 | <dt class="contents">\r | |
169 | <a href="#sec31">hisotry</a>\r | |
170 | </dt>\r | |
171 | </dl>\r | |
172 | \r | |
173 | \r | |
174 | <h2><a name="sec1" id="sec1"></a>News</h2>\r | |
175 | <dl>\r | |
176 | <dt>2005-07-08</dt>\r | |
177 | <dd>\r | |
178 | Rev. 1.95. Buf fix for previous change. The bug causes the fail of\r | |
179 | basic authentication. And also fixed bug of parameter file handling.\r | |
180 | Thanks reporting, Johannes Schindelin <Johannes.Schindelin at gmx.de>.\r | |
181 | </dd>\r | |
182 | <dt>2005-07-07</dt>\r | |
183 | <dd>\r | |
184 | Rev. 1.94. Changed to use snprintf()/vsnprintf() for security issue\r | |
185 | that gcc complained them on OpenBSD 3.7/x86. The features are not\r | |
186 | changed.\r | |
187 | </dd>\r | |
188 | <dt>2005-03-04</dt>\r | |
189 | <dd>\r | |
190 | Updated compile option for Mac OS X.\r | |
191 | </dd>\r | |
192 | <dt>2005-02-21</dt>\r | |
193 | <dd>\r | |
194 | Rev.1.92. Removed assertions which has no mean and worse for windows\r | |
195 | suggested by OZAWA Takahiro.\r | |
196 | </dd>\r | |
197 | <dt>2005-01-12</dt>\r | |
198 | <dd>\r | |
199 | Rev.1.90. Fixed not to cause seg-fault on accessing to non HTTP\r | |
200 | port. This problem is reported by Jason Armstrong <ja at riverdrums.com>.\r | |
201 | </dd>\r | |
202 | <dt>2004-10-30</dt>\r | |
203 | <dd>\r | |
204 | Rev.1.89. Partial support for telnet proxy.\r | |
205 | Thanks to Gregory Shimansky <gshimansky at mail dot ru>. \r | |
206 | (Note: This is ad-hoc implementation, so it is not enough for\r | |
207 | various type of telnet proxies.\r | |
208 | And password interaction is not supported.)\r | |
209 | </dd>\r | |
210 | </dl>\r | |
211 | \r | |
212 | <h2><a name="sec2" id="sec2"></a>What is 'proxy command'</h2>\r | |
213 | \r | |
214 | <p>\r | |
215 | OpenSSH development team decides to stop supporting SOCKS and any\r | |
216 | other tunneling mechanism. It was aimed to separate complexity to\r | |
217 | support various mechanism of proxying from core code. And they\r | |
218 | recommends more flexible mechanism: <strong>ProxyCommand</strong> option\r | |
219 | instead.\r | |
220 | \r | |
221 | </p>\r | |
222 | \r | |
223 | <p>\r | |
224 | Proxy command mechanism is delegation of network stream\r | |
225 | communication. If <strong>ProxyCommand</strong> options is specified, SSH\r | |
226 | invoke specified external command and talk with standard I/O of thid\r | |
227 | command. Invoked command undertakes network communication with\r | |
228 | relaying to/from standard input/output including iniitial\r | |
229 | communication or negotiation for proxying. Thus, ssh can split out\r | |
230 | proxying code into external command.\r | |
231 | \r | |
232 | </p>\r | |
233 | \r | |
234 | <p>\r | |
235 | The <strong>connect.c</strong> program was made for this purpose.\r | |
236 | \r | |
237 | </p>\r | |
238 | \r | |
239 | <h2><a name="sec3" id="sec3"></a>How to Use</h2>\r | |
240 | \r | |
241 | <h3><a name="sec4" id="sec4"></a>Get Source</h3>\r | |
242 | \r | |
243 | <p>\r | |
244 | Download source code from <a href="http://www.taiyo.co.jp/~gotoh/ssh/connect.c">here</a>.\r | |
245 | <br/>\r | |
246 | If you are MS Windows user, you can get pre-compiled binary from\r | |
247 | <a href="http://www.taiyo.co.jp/~gotoh/ssh/connect.exe">here</a>.\r | |
248 | \r | |
249 | </p>\r | |
250 | \r | |
251 | <h3><a name="sec5" id="sec5"></a>Compile and Install</h3>\r | |
252 | \r | |
253 | <p>\r | |
254 | In most environment, you can compile <strong>connect.c</strong> simply.\r | |
255 | On UNIX environment, you can use cc or gcc.\r | |
256 | On Windows environment, you can use Microsoft Visual C, Borland C or Cygwin gcc.\r | |
257 | \r | |
258 | </p>\r | |
259 | \r | |
260 | <table border="2" cellpadding="5">\r | |
261 | <thead>\r | |
262 | <tr>\r | |
263 | <th>Compiler</th><th>command line to compile</th>\r | |
264 | </tr>\r | |
265 | </thead>\r | |
266 | <tbody>\r | |
267 | <tr>\r | |
268 | <td>UNIX cc</td><td>cc connect.c -o connect</td>\r | |
269 | </tr>\r | |
270 | <tr>\r | |
271 | <td>UNIX gcc</td><td>gcc connect.c -o connect</td>\r | |
272 | </tr>\r | |
273 | <tr>\r | |
274 | <td>Solaris</td><td>gcc connect.c -o connect -lnsl -lsocket -lresolv</td>\r | |
275 | </tr>\r | |
276 | <tr>\r | |
277 | <td>Microsoft Visual C/C++</td><td>cl connect.c wsock32.lib advapi32.lib</td>\r | |
278 | </tr>\r | |
279 | <tr>\r | |
280 | <td>Borland C</td><td>bcc32 connect.c wsock32.lib advapi32.lib</td>\r | |
281 | </tr>\r | |
282 | <tr>\r | |
283 | <td>Cygwin gcc</td><td>gcc connect.c -o connect</td>\r | |
284 | </tr>\r | |
285 | <tr>\r | |
286 | <td>Mac OS X</td><td>gcc connect.c -o connect -lresolv<br/>or<br/>gcc connect.c -o connect -DBIND_8_COMPAT=1</td>\r | |
287 | </tr>\r | |
288 | </tbody>\r | |
289 | </table>\r | |
290 | \r | |
291 | <p>\r | |
292 | To install <strong>connect</strong> command, simply copy compiled binary to directory\r | |
293 | in your PATH (ex. /usr/local/bin). Like this:\r | |
294 | \r | |
295 | </p>\r | |
296 | \r | |
297 | <pre class="example">\r | |
298 | $ cp connect /usr/local/bin\r | |
299 | </pre>\r | |
300 | \r | |
301 | <h3><a name="sec6" id="sec6"></a>Modify your ~/.ssh/config</h3>\r | |
302 | \r | |
303 | <p>\r | |
304 | Modify your <code>~/.ssh/config</code> file to use <strong>connect</strong> command as\r | |
305 | <strong>proxy command</strong>. For the case of SOCKS server is running on\r | |
306 | firewall host <code>socks.local.net</code> with port 1080, you can add\r | |
307 | <strong>ProxyCommand</strong> option in <code>~/.ssh/config</code>, like this:\r | |
308 | \r | |
309 | </p>\r | |
310 | \r | |
311 | <pre class="example">\r | |
312 | Host remote.outside.net\r | |
313 | ProxyCommand connect -S socks.local.net %h %p\r | |
314 | </pre>\r | |
315 | \r | |
316 | <p>\r | |
317 | <code>%h</code> and <code>%p</code> will be replaced on invoking proxy command with\r | |
318 | target hostname and port specified to SSH command.\r | |
319 | \r | |
320 | </p>\r | |
321 | \r | |
322 | <p>\r | |
323 | If you hate writing many entries of remote hosts, following example\r | |
324 | may help you.\r | |
325 | \r | |
326 | </p>\r | |
327 | \r | |
328 | <pre class="example">\r | |
329 | ## Inside of the firewall, use connect command with direct connection.\r | |
330 | Host *.local.net\r | |
331 | ProxyCommand connect %h %p\r | |
332 | \r | |
333 | ## Outside of the firewall, use connect command with SOCKS conenction.\r | |
334 | Host *\r | |
335 | ProxyCommand connect -S socks.local.net %h %p\r | |
336 | </pre>\r | |
337 | \r | |
338 | <p>\r | |
339 | If you want to use http proxy, use <strong>-H</strong> option instead of <strong>-S</strong>\r | |
340 | option in examle above, like this:\r | |
341 | \r | |
342 | </p>\r | |
343 | \r | |
344 | <pre class="example">\r | |
345 | ## Inside of the firewall, direct\r | |
346 | Host *.local.net\r | |
347 | ProxyCommand connect %h %p\r | |
348 | \r | |
349 | ## Outside of the firewall, with HTTP proxy\r | |
350 | Host *\r | |
351 | ProxyCommand connect -H proxy.local.net:8080 %h %p\r | |
352 | </pre>\r | |
353 | \r | |
354 | <h3><a name="sec7" id="sec7"></a>Use SSH</h3>\r | |
355 | \r | |
356 | <p>\r | |
357 | After editing your <code>~/.ssh/config</code> file, you are ready to use ssh.\r | |
358 | You can execute ssh without any special options as if remote host is\r | |
359 | IP reachable host. Following is an example to execute <code>hostname</code>\r | |
360 | command on host <code>remote.outside.net</code>.\r | |
361 | \r | |
362 | </p>\r | |
363 | \r | |
364 | <pre class="example">\r | |
365 | $ ssh remote.outside.net hostname\r | |
366 | remote.outside.net\r | |
367 | $\r | |
368 | </pre>\r | |
369 | \r | |
370 | <h3><a name="sec8" id="sec8"></a>Have trouble?</h3>\r | |
371 | \r | |
372 | <p>\r | |
373 | If you have trouble, execute <strong>connect</strong> command from command line\r | |
374 | with <code>-d</code> option to see what is happened. Some debug message may\r | |
375 | appear and reports progress. This information may tell you what is\r | |
376 | wrong. In this example, error has occurred on authentication stage of\r | |
377 | SOCKS5 protocol.\r | |
378 | \r | |
379 | </p>\r | |
380 | \r | |
381 | <pre class="example">\r | |
382 | $ connect -d -S socks.local.net unknown.remote.outside.net 110\r | |
383 | DEBUG: relay_method = SOCKS (2)\r | |
384 | DEBUG: relay_host=socks.local.net\r | |
385 | DEBUG: relay_port=1080\r | |
386 | DEBUG: relay_user=gotoh\r | |
387 | DEBUG: socks_version=5\r | |
388 | DEBUG: socks_resolve=REMOTE (2)\r | |
389 | DEBUG: local_type=stdio\r | |
390 | DEBUG: dest_host=unknown.remote.outside.net\r | |
391 | DEBUG: dest_port=110\r | |
392 | DEBUG: Program is $Revision$\r | |
393 | DEBUG: connecting to xxx.xxx.xxx.xxx:1080\r | |
394 | DEBUG: begin_socks_relay()\r | |
395 | DEBUG: atomic_out() [4 bytes]\r | |
396 | DEBUG: >>> 05 02 00 02\r | |
397 | DEBUG: atomic_in() [2 bytes]\r | |
398 | DEBUG: <<< 05 02\r | |
399 | DEBUG: auth method: USERPASS\r | |
400 | DEBUG: atomic_out() [some bytes]\r | |
401 | DEBUG: >>> xx xx xx xx ...\r | |
402 | DEBUG: atomic_in() [2 bytes]\r | |
403 | DEBUG: <<< 01 01\r | |
404 | ERROR: Authentication faield.\r | |
405 | FATAL: failed to begin relaying via SOCKS.\r | |
406 | </pre>\r | |
407 | \r | |
408 | <h2><a name="sec9" id="sec9"></a>More Detail</h2>\r | |
409 | \r | |
410 | <p>\r | |
411 | Command line usage is here:\r | |
412 | \r | |
413 | </p>\r | |
414 | \r | |
415 | <pre class="example">\r | |
416 | usage: connect [-dnhst45] [-R resolve] [-p local-port] [-w sec]\r | |
417 | [-H [user@]proxy-server[:port]]\r | |
418 | [-S [user@]socks-server[:port]]\r | |
419 | [-T socks-server:[port]]\r | |
420 | [-c telnet-proxy-command]\r | |
421 | host port\r | |
422 | </pre>\r | |
423 | \r | |
424 | <p>\r | |
425 | <strong><em>host</em></strong> and <strong><em>port</em></strong> is target hostname and port-number to connect.\r | |
426 | \r | |
427 | </p>\r | |
428 | \r | |
429 | <p>\r | |
430 | <strong>-H</strong> option specify hostname and port number of http proxy server to\r | |
431 | relay. If port is omitted, 80 is used. You can specify this value by\r | |
432 | environment variable <code>HTTP_PROXY</code> and give <strong>-h</strong> option to use it.\r | |
433 | \r | |
434 | </p>\r | |
435 | \r | |
436 | <p>\r | |
437 | <strong>-S</strong> option specify hostname and port number of SOCKS server to\r | |
438 | relay. Like <strong>-H</strong> option, port number can be omit and default is 1080. \r | |
439 | You can also specify this value pair by environment variable\r | |
440 | <code>SOCKS5_SERVER</code> and give <strong>-s</strong> option to use it.\r | |
441 | \r | |
442 | </p>\r | |
443 | \r | |
444 | <p>\r | |
445 | <strong>-T</strong> option specify hostname and port number of telnet proxy to\r | |
446 | relay. The port number can be omit and default is 23.\r | |
447 | You can also specify this value pair by environment variable\r | |
448 | <code>TELNET_PROXY</code> and give <strong>-t</strong> option to use it.\r | |
449 | \r | |
450 | </p>\r | |
451 | \r | |
452 | <p>\r | |
453 | <strong>-4</strong> and <strong>-5</strong> is for specifying SOCKS protocol version. It is\r | |
454 | valid only using with <strong>-s</strong> or <strong>-S</strong>. Default is <strong>-5</strong>\r | |
455 | (protocol version 5)\r | |
456 | \r | |
457 | </p>\r | |
458 | \r | |
459 | <p>\r | |
460 | <strong>-R</strong> is for specifying method to resolve hostname. 3 keywords\r | |
461 | (<code>local</code>, <code>remote</code>, <code>both</code>) or dot-notation IP address is\r | |
462 | allowed. Keyword <code>both</code> means; "Try local first, then\r | |
463 | remote". If dot-notation IP address is specified, use this host as\r | |
464 | nameserver (UNIX only). Default is <code>remote</code> for SOCKS5 or <code>local</code>\r | |
465 | for others. On SOCKS4 protocol, remote resolving method (<code>remote</code>\r | |
466 | and <code>both</code>) use protocol version 4a.\r | |
467 | \r | |
468 | </p>\r | |
469 | \r | |
470 | <p>\r | |
471 | The <strong>-p</strong> option specifys to wait a local TCP port and make relaying\r | |
472 | with it instead of standard input and output.\r | |
473 | \r | |
474 | </p>\r | |
475 | \r | |
476 | <p>\r | |
477 | The <strong>-w</strong> option specifys timeout seconds on making connection with\r | |
478 | target host.\r | |
479 | \r | |
480 | </p>\r | |
481 | \r | |
482 | <p>\r | |
483 | The <strong>-c</strong> option specifys request string against telnet\r | |
484 | proxy server. The special word '%h' and '%p' in this string are replaced\r | |
485 | as hostname and port number before sending. \r | |
486 | For telnet proxy by <a class="nonexistent" href="mailto:gotoh@taiyo.co.jp">DeleGate</a>, both "telnet %h %p" and "%h:%p"\r | |
487 | are acceptable.\r | |
488 | Default is "telnet %h %p".\r | |
489 | \r | |
490 | </p>\r | |
491 | \r | |
492 | <p>\r | |
493 | The <strong>-a</strong> option specifiys user intended authentication methods\r | |
494 | separated by comma. Currently <code>userpass</code> and <code>none</code> are\r | |
495 | supported. Default is <code>userpass</code>. You can also specifying this\r | |
496 | parameter by the environment variable <code>SOCKS5_AUTH</code>.\r | |
497 | \r | |
498 | </p>\r | |
499 | \r | |
500 | <p>\r | |
501 | The <strong>-d</strong> option is used for debug. If you fail to connect, use this\r | |
502 | and check request to and response from server.\r | |
503 | \r | |
504 | </p>\r | |
505 | \r | |
506 | <p>\r | |
507 | You can omit <strong><em>port</em></strong> argument when program name is special format\r | |
508 | containing port number itself. For example, \r | |
509 | \r | |
510 | </p>\r | |
511 | \r | |
512 | <pre class="example">\r | |
513 | $ ln -s connect connect-25\r | |
514 | $ ./connect-25 smtphost.outside.net\r | |
515 | 220 smtphost.outside.net ESMTP Sendmail\r | |
516 | QUIT\r | |
517 | 221 2.0.0 smtphost.remote.net closing connection\r | |
518 | $\r | |
519 | </pre>\r | |
520 | \r | |
521 | <p>\r | |
522 | This example means that the command name "<code>connect-25</code>" contains port number\r | |
523 | 25 so you can omit 2nd argument (and used if specified explicitly).\r | |
524 | \r | |
525 | </p>\r | |
526 | \r | |
527 | <h2><a name="sec10" id="sec10"></a>Specifying user name via environment variables</h2>\r | |
528 | \r | |
529 | <p>\r | |
530 | There are 5 environemnt variables to specify\r | |
531 | user name without command line option. This mechanism is usefull\r | |
532 | for the user who using another user name different from system account.\r | |
533 | \r | |
534 | </p>\r | |
535 | \r | |
536 | <dl>\r | |
537 | <dt>SOCKS5_USER</dt>\r | |
538 | <dd>\r | |
539 | Used for SOCKS v5 access.\r | |
540 | </dd>\r | |
541 | <dt>SOCKS4_USER</dt>\r | |
542 | <dd>\r | |
543 | Used for SOCKS v4 access.\r | |
544 | </dd>\r | |
545 | <dt>SOCKS_USER</dt>\r | |
546 | <dd>\r | |
547 | Used for SOCKS v5 or v4 access and varaibles above are not defined.\r | |
548 | </dd>\r | |
549 | <dt>HTTP_PROXY_USER</dt>\r | |
550 | <dd>\r | |
551 | Used for HTTP proxy access.\r | |
552 | </dd>\r | |
553 | <dt>CONNECT_USER</dt>\r | |
554 | <dd>\r | |
555 | Used for all type of access if all above are not defined.\r | |
556 | </dd>\r | |
557 | </dl>\r | |
558 | \r | |
559 | <p>\r | |
560 | Following table describes how user name is determined.\r | |
561 | Left most number is order to check. If variable is not defined,\r | |
562 | check next variable, and so on.\r | |
563 | \r | |
564 | </p>\r | |
565 | \r | |
566 | <table border=1>\r | |
567 | <tr align=center><th></th><th>SOCKS v5</th><th>SOCKS v4</th><th>HTTP proxy</th></tr>\r | |
568 | <tr align=center><td>1</td><td>SOCKS5_USER</td><td>SOCKS4_USER</td><td rowspan=2>HTTP_PROXY_USER</td></tr>\r | |
569 | <tr align=center><td>2</td><td colspan=2>SOCKS_USER</td></tr>\r | |
570 | <tr align=center><td>3</td><td colspan=3>CONNECT_USER</td></tr>\r | |
571 | <tr align=center><td>4</td><td colspan=3><i>(query user name to system)</i></td></tr>\r | |
572 | </table>\r | |
573 | \r | |
574 | <h2><a name="sec11" id="sec11"></a>Specifying password via environment variables</h2>\r | |
575 | \r | |
576 | <p>\r | |
577 | There are 5 environemnt variables to specify\r | |
578 | password. If you use this feature, please note that it is\r | |
579 | not secure way.\r | |
580 | \r | |
581 | </p>\r | |
582 | \r | |
583 | <dl>\r | |
584 | <dt>SOCKS5_PASSWD</dt>\r | |
585 | <dd>\r | |
586 | Used for SOCKS v5 access. This variables is compatible\r | |
587 | with NEC SOCKS implementation.\r | |
588 | </dd>\r | |
589 | <dt>SOCKS5_PASSWORD</dt>\r | |
590 | <dd>\r | |
591 | Used for SOCKS v5 access if SOCKS5_PASSWD is not defined.\r | |
592 | </dd>\r | |
593 | <dt>SOCKS_PASSWORD</dt>\r | |
594 | <dd>\r | |
595 | Used for SOCKS v5 (or v4) access all above is not defined.\r | |
596 | </dd>\r | |
597 | <dt>HTTP_PROXY_PASSWORD</dt>\r | |
598 | <dd>\r | |
599 | Used for HTTP proxy access.\r | |
600 | </dd>\r | |
601 | <dt>CONNECT_PASSWORD</dt>\r | |
602 | <dd>\r | |
603 | Used for all type of access if all above are not defined.\r | |
604 | </dd>\r | |
605 | </dl>\r | |
606 | \r | |
607 | <p>\r | |
608 | Following table describes how password is determined.\r | |
609 | Left most number is order to check. If variable is not defined,\r | |
610 | check next variable, and so on. Finally ask to user interactively\r | |
611 | using external program or tty input.\r | |
612 | \r | |
613 | </p>\r | |
614 | \r | |
615 | <table border=1>\r | |
616 | <tr align=center><th></th><th>SOCKS v5</th><th>HTTP proxy</th></tr>\r | |
617 | <tr align=center><td>1</td><td>SOCKS5_PASSWD</td><td rowspan=2>HTTP_PROXY_PASSWORD</td></tr>\r | |
618 | <tr align=center><td>2</td><td>SOCKS_PASSWORD</td></tr>\r | |
619 | <tr align=center><td>3</td><td colspan=2>CONNECT_PASSWORD</td></tr>\r | |
620 | <tr align=center><td>4</td><td colspan=2><i>(ask to user interactively)</i></td></tr>\r | |
621 | </table>\r | |
622 | \r | |
623 | <h2><a name="sec12" id="sec12"></a>Limitations</h2>\r | |
624 | \r | |
625 | <h3><a name="sec13" id="sec13"></a>SOCKS5 authentication</h3>\r | |
626 | \r | |
627 | <p>\r | |
628 | Only NO-AUTH and USER/PASSWORD authentications are supported.\r | |
629 | GSSAPI authentication (RFC 1961) and other draft authentications (CHAP,\r | |
630 | EAP, MAF, etc.) is not supported.\r | |
631 | \r | |
632 | </p>\r | |
633 | \r | |
634 | <h3><a name="sec14" id="sec14"></a>HTTP authentication</h3>\r | |
635 | \r | |
636 | <p>\r | |
637 | BASIC authentication is supported but DIGEST authentication is not.\r | |
638 | \r | |
639 | </p>\r | |
640 | \r | |
641 | <h3><a name="sec15" id="sec15"></a>Switching proxy server</h3>\r | |
642 | \r | |
643 | <p>\r | |
644 | There is no mechanism to switch proxy server regarding to PC environment.\r | |
645 | This limitation might be bad news for mobile user.\r | |
646 | Since I do not want to make this program complex, I do not want to\r | |
647 | support although this feature is already requested. Please advice me\r | |
648 | if there is good idea of detecting environment to swich and simple way\r | |
649 | to specify conditioned directive of servers.\r | |
650 | \r | |
651 | </p>\r | |
652 | \r | |
653 | <p>\r | |
654 | One tricky workaround exists. It is replacing ~/.ssh/config file\r | |
655 | by script on ppp up/down.\r | |
656 | \r | |
657 | </p>\r | |
658 | \r | |
659 | <p>\r | |
660 | There's another example of wrapper script (contributed by Darren Tucker).\r | |
661 | This script costs executing ifconfig and grep to detect\r | |
662 | current environment, but it works. (NOTE: you should modify addresses\r | |
663 | if you use it.)\r | |
664 | \r | |
665 | </p>\r | |
666 | \r | |
667 | <pre class="example">\r | |
668 | #!/bin/sh\r | |
669 | ## ~/bin/myconnect --- Proxy server switching wrapper\r | |
670 | \r | |
671 | if ifconfig eth0 |grep "inet addr:192\.168\.1" >/dev/null; then\r | |
672 | opts="-S 192.168.1.1:1080" \r | |
673 | elif ifconfig eth0 |grep "inet addr:10\." >/dev/null; then\r | |
674 | opts="-H 10.1.1.1:80"\r | |
675 | else\r | |
676 | opts="-s"\r | |
677 | fi\r | |
678 | exec /usr/local/bin/connect $opts $@\r | |
679 | </pre>\r | |
680 | \r | |
681 | <h3><a name="sec16" id="sec16"></a>Telnet Proxy</h3>\r | |
682 | \r | |
683 | <p>\r | |
684 | At first, note that the telnet proxy support is an partial feature.\r | |
685 | In this implementation, <strong>connect</strong> single requestinting and proxy\r | |
686 | returns some success/error detective in talked back lines including\r | |
687 | greeting, prompt and connected messages.\r | |
688 | \r | |
689 | </p>\r | |
690 | \r | |
691 | <p>\r | |
692 | The <strong>connect</strong> simply send request after connection to proxy is\r | |
693 | established before any response reading, then repeat reading response\r | |
694 | strings from proxy to decide remote connection request is succeeded or\r | |
695 | not by checking pre-defined phrase in each lines. There are\r | |
696 | pre-defined phrases which are good-phrase and bad-phrases. First\r | |
697 | good-phrase is checked and change state as relaying if exist.\r | |
698 | <strong>connect</strong> treat this line as final response from proxy before\r | |
699 | starting acutal communication with remote host. Or if good-phrase is\r | |
700 | not matched, bad-phrases will be checked. If one of bad-phrase\r | |
701 | matched, it cause connection error immediately.\r | |
702 | \r | |
703 | </p>\r | |
704 | \r | |
705 | <p>\r | |
706 | The pre-defined phrases are currently fixed string so you cannot\r | |
707 | change without modifying and compiling. The good-phrase is:\r | |
708 | "connected to". The bad-phrases are: " failed", " refused", "\r | |
709 | rejected", " closed".\r | |
710 | \r | |
711 | </p>\r | |
712 | \r | |
713 | <h2><a name="sec17" id="sec17"></a>Tips</h2>\r | |
714 | \r | |
715 | <h3><a name="sec18" id="sec18"></a>Proxying socket connection</h3>\r | |
716 | \r | |
717 | <p>\r | |
718 | In usual, <strong>connect.c</strong> relays network connection to/from standard\r | |
719 | input/output. By specifying <strong>-p</strong> option, however, <strong>connect.c</strong>\r | |
720 | relays local network stream instead of standard input/output.\r | |
721 | With this option, <strong>connect</strong> command waits connection\r | |
722 | from other program, then start relaying between both network stream.\r | |
723 | \r | |
724 | </p>\r | |
725 | \r | |
726 | <p>\r | |
727 | This feature may be useful for the program which is hard to SOCKSify.\r | |
728 | \r | |
729 | </p>\r | |
730 | \r | |
731 | <h3><a name="sec19" id="sec19"></a>Use with ssh-askpass command</h3>\r | |
732 | \r | |
733 | <p>\r | |
734 | <strong>connect.c</strong> ask you password when authentication is required. If\r | |
735 | you are using on tty/pty terminal, connect can input from terminal\r | |
736 | with prompt. But you can also use <code>ssh-askpass</code> program to input\r | |
737 | password. If you are graphical environment like X Window or MS\r | |
738 | Windows, and program does not have tty/pty, and environment variable\r | |
739 | SSH_ASKPASS is specified, then <strong>connect.c</strong> invoke command\r | |
740 | specified by environment variable <code>SSH_ASKPASS</code> to input password.\r | |
741 | <code>ssh-askpass</code> program might be installed if you are using OpenSSH on\r | |
742 | UNIX environment. On Windows environment, pre-compiled binary is\r | |
743 | available from\r | |
744 | <a href="http://www.taiyo.co.jp/~gotoh/ssh/ssh-askpass.exe">here</a>.\r | |
745 | \r | |
746 | </p>\r | |
747 | \r | |
748 | <p>\r | |
749 | This feature is limited on window system environment.\r | |
750 | \r | |
751 | </p>\r | |
752 | \r | |
753 | <p>\r | |
754 | And also useful on Emacs on MS Windows (NT Emacs or Meadow). It is\r | |
755 | hard to send passphrase to <strong>connect</strong> command (and also ssh)\r | |
756 | because external command is invoked on hidden terminal and do I/O with\r | |
757 | this terminal. Using ssh-askpass avoids this problem.\r | |
758 | \r | |
759 | </p>\r | |
760 | \r | |
761 | <h3><a name="sec20" id="sec20"></a>Use for Network Stream of Emacs</h3>\r | |
762 | \r | |
763 | <p>\r | |
764 | Although <strong>connect.c</strong> is made for OpenSSH, it is generic and\r | |
765 | independent from OpenSSH. So we can use this for other purpose. For\r | |
766 | example, you can use this command in Emacs to open network connection\r | |
767 | with remote host over the firewall via SOCKS or HTTP proxy without\r | |
768 | SOCKSifying Emacs itself.\r | |
769 | \r | |
770 | </p>\r | |
771 | \r | |
772 | <p>\r | |
773 | There is sample code: \r | |
774 | <a href="http://www.taiyo.co.jp/~gotoh/lisp/relay.el">http://www.taiyo.co.jp/~gotoh/lisp/relay.el</a>\r | |
775 | \r | |
776 | </p>\r | |
777 | \r | |
778 | <p>\r | |
779 | With this code, you can use <code>relay-open-network-stream</code> function\r | |
780 | instead of <code>open-network-stream</code> to make network connection. See top\r | |
781 | comments of source for more detail.\r | |
782 | \r | |
783 | </p>\r | |
784 | \r | |
785 | <h3><a name="sec21" id="sec21"></a>Remote resolver</h3>\r | |
786 | \r | |
787 | <p>\r | |
788 | If you are SOCKS4 user on UNIX environment, you might want specify\r | |
789 | nameserver to resolve remote hostname. You can do it specifying\r | |
790 | <strong>-R</strong> option followed by IP address of resolver.\r | |
791 | \r | |
792 | </p>\r | |
793 | \r | |
794 | <h3><a name="sec22" id="sec22"></a>Hopping Connection via SSH</h3>\r | |
795 | \r | |
796 | <p>\r | |
797 | Conbination of ssh and <strong>connect</strong> command have more interesting usage.\r | |
798 | Following command makes indirect connection to host2:port from your\r | |
799 | current host via host1.\r | |
800 | \r | |
801 | </p>\r | |
802 | \r | |
803 | <pre class="example">\r | |
804 | ssh host1 connect host2 port\r | |
805 | </pre>\r | |
806 | \r | |
807 | <p>\r | |
808 | This method is useful for the situations like:\r | |
809 | \r | |
810 | </p>\r | |
811 | \r | |
812 | <ul>\r | |
813 | <li>You are outside of organizasion now, but you want to access an\r | |
814 | internal host barriered by firewall.\r | |
815 | </li>\r | |
816 | <li>You want to use some service which is allowed only from some\r | |
817 | limited hosts.\r | |
818 | </li>\r | |
819 | </ul>\r | |
820 | \r | |
821 | <p>\r | |
822 | For example, I want to use local NetNews service in my office\r | |
823 | from home. I cannot make NNTP session directly because NNTP host is\r | |
824 | barriered by firewall. Fortunately, I have ssh account on internal\r | |
825 | host and allowed using SOCKS5 on firewall from outside. So I use\r | |
826 | following command to connect to NNTP service.\r | |
827 | \r | |
828 | </p>\r | |
829 | \r | |
830 | <pre class="example">\r | |
831 | $ ssh host1 connect news 119\r | |
832 | 200 news.my-office.com InterNetNews NNRP server INN 2.3.2 ready (posting ok).\r | |
833 | quit\r | |
834 | 205 .\r | |
835 | $\r | |
836 | </pre>\r | |
837 | \r | |
838 | <p>\r | |
839 | By combinating hopping connection and relay.el, I can read NetNews\r | |
840 | using <a href="http://www.gohome.org/wl/">Wanderlust</a> on Emacs at home.\r | |
841 | \r | |
842 | </p>\r | |
843 | \r | |
844 | <pre class="example">\r | |
845 | |\r | |
846 | External (internet) | Internal (office)\r | |
847 | |\r | |
848 | +------+ +----------+ +-------+ +-----------+\r | |
849 | | HOME | | firewall | | host1 | | NNTP host |\r | |
850 | +------+ +----------+ +-------+ +-----------+\r | |
851 | emacs <-------------- ssh ---------------> sshd <-- connect --> nntpd\r | |
852 | <-- connect --> socksd <-- SOCKS -->\r | |
853 | </pre>\r | |
854 | \r | |
855 | <p>\r | |
856 | As an advanced example, you can use SSH hopping as fetchmail's plug-in\r | |
857 | program to access via secure tunnel. This method requires that\r | |
858 | <strong>connect</strong> program is insatalled on remote host. There's example\r | |
859 | of .fetchmailrc bellow. When fetchmail access to mail-server, you will\r | |
860 | login to remote host using SSH then execute <strong>connect</strong> program on\r | |
861 | remote host to relay conversation with pop server. Thus fetchmail can\r | |
862 | retrieve mails in secure.\r | |
863 | \r | |
864 | </p>\r | |
865 | \r | |
866 | <pre class="example">\r | |
867 | poll mail-server\r | |
868 | protocol pop3\r | |
869 | plugin "ssh %h connect localhost %p"\r | |
870 | username "username"\r | |
871 | password "password"\r | |
872 | </exmaple>\r | |
873 | \r | |
874 | * <a name="sec23" id="sec23"></a>Break The More Restricted Wall\r | |
875 | \r | |
876 | If firewall does not provide SOCKS nor HTTPS other than port 443, you\r | |
877 | cannot break the wall in usual way. But if you have you own host\r | |
878 | which is accessible from internet, you can make ssh connection to your\r | |
879 | own host by configuring sshd as waiting at port 443 instead of\r | |
880 | standard 22. By this, you can login to your own host via port 443.\r | |
881 | Once you have logged-in to extenal home machine, you can execute\r | |
882 | **connect** as second hop to make connection from your own host to\r | |
883 | final target host, like this:\r | |
884 | \r | |
885 | <example>\r | |
886 | $ cat ~/.ssh/config\r | |
887 | Host home\r | |
888 | ProxyCommand connect -H firewall:8080 %h 443\r | |
889 | \r | |
890 | Host server\r | |
891 | ProxyCommand ssh home connect %h %p\r | |
892 | ...\r | |
893 | internal$ ssh home\r | |
894 | You are logged in to home!\r | |
895 | home# exit\r | |
896 | internal$ ssh server\r | |
897 | You are logged in to server!\r | |
898 | server# exit\r | |
899 | internal$\r | |
900 | </pre>\r | |
901 | \r | |
902 | <p>\r | |
903 | This way is similar to "Hopping connection via SSH" except configuring\r | |
904 | outer sshd as waiting at port 443 (https). This means that you have a\r | |
905 | capability to break the strongly restricted wall if you have own host\r | |
906 | out side of the wall.\r | |
907 | \r | |
908 | </p>\r | |
909 | \r | |
910 | <pre class="example">\r | |
911 | |\r | |
912 | Internal (office) | External (internet)\r | |
913 | |\r | |
914 | +--------+ +----------+ +------+ +--------+\r | |
915 | | office | | firewall | | home | | server |\r | |
916 | +--------+ +----------+ +------+ +--------+\r | |
917 | <------------------ ssh --------------------->sshd:443\r | |
918 | <-- connect --> http-proxy <-- https:443 --> any\r | |
919 | connect <-- tcp --> port\r | |
920 | </pre>\r | |
921 | \r | |
922 | <p>\r | |
923 | NOTE: If you wanna use this, you should give up hosting https service\r | |
924 | at port 443 on you external host 'home'.\r | |
925 | \r | |
926 | </p>\r | |
927 | \r | |
928 | <h2><a name="sec24" id="sec24"></a>F.Y.I.</h2>\r | |
929 | \r | |
930 | <h3><a name="sec25" id="sec25"></a>Difference between SOCKS versions.</h3>\r | |
931 | \r | |
932 | <p>\r | |
933 | SOCKS version 4 is first popular implementation which is documented\r | |
934 | <a href="http://www.socks.nec.com/protocol/socks4.protocol">here</a>. Since\r | |
935 | this protocol provide IP address based requesting, client program\r | |
936 | should resolve name of outer host by itself. Version 4a (documented\r | |
937 | <a href="http://www.socks.nec.com/protocol/socks4a.protocol">here</a>) is\r | |
938 | enhanced to allow request by hostname instead of IP address.\r | |
939 | \r | |
940 | </p>\r | |
941 | \r | |
942 | <p>\r | |
943 | SOCKS version 5 is re-designed protocol stands on experience of\r | |
944 | version 4 and 4a. There is no compativility with previous\r | |
945 | versions. Instead, there's some improvement: IPv6 support, request by\r | |
946 | hostname, UDP proxying, etc.\r | |
947 | \r | |
948 | </p>\r | |
949 | \r | |
950 | <h3><a name="sec26" id="sec26"></a>Configuration to use HTTPS</h3>\r | |
951 | \r | |
952 | <p>\r | |
953 | Many http proxy servers implementation supports https <code>CONNECT</code> method\r | |
954 | (SLL). You might add configuration to allow using https. For the\r | |
955 | example of <a href="http://www.delegate.org/delegate/">DeleGate</a> (\r | |
956 | DeleGate is a multi-purpose application level gateway, or a proxy\r | |
957 | server) , you should add <code>https</code> to <code>REMITTABLE</code> parameter to\r | |
958 | allow HTTP-Proxy like this:\r | |
959 | \r | |
960 | </p>\r | |
961 | \r | |
962 | <pre class="example">\r | |
963 | delegated -Pxxxx ...... REMITTABLE='+,https' ...\r | |
964 | </pre>\r | |
965 | \r | |
966 | <p>\r | |
967 | For the case of Squid, you should allow target ports via https by ACL,\r | |
968 | and so on.\r | |
969 | \r | |
970 | </p>\r | |
971 | \r | |
972 | <h3><a name="sec27" id="sec27"></a>SOCKS5 Servers</h3>\r | |
973 | \r | |
974 | <dl>\r | |
975 | <dt><a href="http://www.socks.nec.com/refsoftware.html">NEC SOCKS Reference Implementation</a></dt>\r | |
976 | <dd>\r | |
977 | Reference implementation of SOKCS server and library.\r | |
978 | </dd>\r | |
979 | <dt><a href="http://www.inet.no/dante/index.html">Dante</a></dt>\r | |
980 | <dd>\r | |
981 | Dante is free implementation of SOKCS server and library.\r | |
982 | Many enhancements and modulalized.\r | |
983 | </dd>\r | |
984 | <dt><a href="http://www.delegate.org/delegate/">DeleGate</a></dt>\r | |
985 | <dd>\r | |
986 | DeleGate is multi function proxy service provider.\r | |
987 | DeleGate 5.x.x or earlier can be SOCKS4 server,\r | |
988 | and 6.x.x can be SOCKS5 and SOCKS4 server.\r | |
989 | and 7.7.0 or later can be SOCKS5 and SOCKS4a server.\r | |
990 | </dd>\r | |
991 | </dl>\r | |
992 | \r | |
993 | <h3><a name="sec28" id="sec28"></a>Specifications</h3>\r | |
994 | \r | |
995 | <dl>\r | |
996 | <dt><a href="http://www.socks.nec.com/protocol/socks4.protocol">socks4.protocol.txt</a></dt>\r | |
997 | <dd>\r | |
998 | SOCKS: A protocol for TCP proxy across firewalls\r | |
999 | </dd>\r | |
1000 | <dt><a href="http://www.socks.nec.com/protocol/socks4a.protocol">socks4a.protocol.txt</a></dt>\r | |
1001 | <dd>\r | |
1002 | SOCKS 4A: A Simple Extension to SOCKS 4 Protocol\r | |
1003 | </dd>\r | |
1004 | <dt><a href="http://www.socks.nec.com/rfc/rfc1928.txt">RFC 1928</a></dt>\r | |
1005 | <dd>\r | |
1006 | SOCKS Protocol Version 5\r | |
1007 | </dd>\r | |
1008 | <dt><a href="http://www.socks.nec.com/rfc/rfc1929.txt">RFC 1929</a></dt>\r | |
1009 | <dd>\r | |
1010 | Username/Password Authentication for SOCKS V5\r | |
1011 | </dd>\r | |
1012 | <dt><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a></dt>\r | |
1013 | <dd>\r | |
1014 | Hypertext Transfer Protocol -- HTTP/1.1\r | |
1015 | </dd>\r | |
1016 | <dt><a href="http://www.ietf.org/rfc/rfc2617.txt">RFC 2617</a></dt>\r | |
1017 | <dd>\r | |
1018 | HTTP Authentication: Basic and Digest Access Authentication\r | |
1019 | </dd>\r | |
1020 | </dl>\r | |
1021 | \r | |
1022 | <h3><a name="sec29" id="sec29"></a>Related Links</h3>\r | |
1023 | \r | |
1024 | <ul>\r | |
1025 | <li><a href="http://www.openssh.org">OpenSSH Home</a>\r | |
1026 | </li>\r | |
1027 | <li><a href="http://www.ssh.com/">Proprietary SSH</a>\r | |
1028 | </li>\r | |
1029 | <li><a href="http://www.taiyo.co.jp/~gotoh/ssh/openssh-socks.html">Using OpenSSH through a SOCKS compatible PROXY on your LAN</a> (J. Grant)\r | |
1030 | </li>\r | |
1031 | </ul>\r | |
1032 | \r | |
1033 | <h3><a name="sec30" id="sec30"></a>Similars</h3>\r | |
1034 | \r | |
1035 | <ul>\r | |
1036 | <li><a href="http://proxytunnel.sourceforge.net/">Proxy Tunnel</a> -- Proxying command using https CONNECT.\r | |
1037 | </li>\r | |
1038 | <li><a href="http://www.snurgle.org/~griffon/ssh-https-tunnel">stunnel</a> -- Proxy through an https tunnel (Perl script)\r | |
1039 | </li>\r | |
1040 | </ul>\r | |
1041 | \r | |
1042 | <h2><a name="sec31" id="sec31"></a>hisotry</h2>\r | |
1043 | \r | |
1044 | <dl>\r | |
1045 | <dt>2004-07-21</dt>\r | |
1046 | <dd>\r | |
1047 | Rev.1.84. Fixed some typo.\r | |
1048 | </dd>\r | |
1049 | <dt>2004-05-18</dt>\r | |
1050 | <dd>\r | |
1051 | Rev.1.83. Fixed problem not work on Solaris.\r | |
1052 | </dd>\r | |
1053 | <dt>2004-04-27</dt>\r | |
1054 | <dd>\r | |
1055 | Rev.1.82. Bug fix of memory clear on http proxying.\r | |
1056 | </dd>\r | |
1057 | <dt>2004-04-22</dt>\r | |
1058 | <dd>\r | |
1059 | Rev. 1.81. Fixed memory violation and memory leak bug. New environment\r | |
1060 | variable SOCKS5_PASSWD for sharing value with NEC SOCKS implementation.\r | |
1061 | And document (this page) is updated.\r | |
1062 | </dd>\r | |
1063 | <dt>2004-03-30</dt>\r | |
1064 | <dd>\r | |
1065 | Rev. 1.76. Fixed to accept multiple 'Proxy-Authorization' response.\r | |
1066 | </dd>\r | |
1067 | <dt>2003-01-07</dt>\r | |
1068 | <dd>\r | |
1069 | Rev. 1.68. Fixed a trouble around timeout support.\r | |
1070 | </dd>\r | |
1071 | <dt>2002-11-21</dt>\r | |
1072 | <dd>\r | |
1073 | Rev. 1.64 supports reading parameters from file /etc/connectrc or\r | |
1074 | ~/.connectrc instead of specifying via environment variables. For\r | |
1075 | examle, you can use this feature to switch setting by replacing file\r | |
1076 | when network environment is changed. And added SOCKS_DIRECT,\r | |
1077 | SOCKS5_DIRECT, SOCKS4_DIRECT, HTTP_DIRECT, SOCKS5_AUTH, environment\r | |
1078 | parameters. (Thanks Masatoshi TSUCHIYA)\r | |
1079 | </dd>\r | |
1080 | <dt>2002-11-20</dt>\r | |
1081 | <dd>\r | |
1082 | Rev. 1.63 supports some old proxies which make response 401 with\r | |
1083 | WWW-Authenticate: header. And fixed to use username specified in\r | |
1084 | proxy host by -H option correctly. (contributed from Des Herriott, thanks)\r | |
1085 | </dd>\r | |
1086 | <dt>2002-10-14</dt>\r | |
1087 | <dd>\r | |
1088 | Rev. 1.61 with New option -w for specifying connection timeout.\r | |
1089 | Currently, it works on UNIX only. (contributed from Darren Tucker, thanks)\r | |
1090 | </dd>\r | |
1091 | <dt>2002-09-29</dt>\r | |
1092 | <dd>\r | |
1093 | Add sample script for switching proxy server\r | |
1094 | advised from Darren Tucker, thanks.\r | |
1095 | </dd>\r | |
1096 | <dt>2002-08-27</dt>\r | |
1097 | <dd>\r | |
1098 | connect.c is updataed to rev. 1.60.\r | |
1099 | </dd>\r | |
1100 | <dt>2002-04-08</dt>\r | |
1101 | <dd>\r | |
1102 | Updated <a href="http://www.taiyo.co.jp/~gotoh/ssh/openssh-socks.html">"Using OpenSSH through a SOCKS compatible PROXY on your LAN"</a> written by J. Grant. (version 0.8)\r | |
1103 | </dd>\r | |
1104 | <dt>2002-02-20</dt>\r | |
1105 | <dd>\r | |
1106 | Add link of new document "Using OpenSSH through a SOCKS compatible PROXY on your LAN"\r | |
1107 | written by J. Grant.\r | |
1108 | </dd>\r | |
1109 | <dt>2002-01-31</dt>\r | |
1110 | <dd>\r | |
1111 | Rev. 1.53 -- On Win32 and with MSVC, handle password\r | |
1112 | input from console correctly.\r | |
1113 | </dd>\r | |
1114 | <dt>2002-01-30</dt>\r | |
1115 | <dd>\r | |
1116 | Rev. 1.50 -- [Security Fix] Do not print secure info in debug mode.\r | |
1117 | </dd>\r | |
1118 | <dt>2002-01-09</dt>\r | |
1119 | <dd>\r | |
1120 | Web page was made.\r | |
1121 | connect.c is rev. 1.48.\r | |
1122 | </dd>\r | |
1123 | </dl>\r | |
1124 | <br>\r | |
1125 | \r | |
1126 | <!-- Page published by Emacs Wiki ends here -->\r | |
1127 | <div class="navfoot">\r | |
1128 | <hr/>\r | |
1129 | <table width="100%" border="0" summary="Footer navigation">\r | |
1130 | <tbody><tr>\r | |
1131 | <td width="50%" align="left">\r | |
1132 | <span class="footdate">Last Updated: 2005-07-18</span><br/>\r | |
1133 | </td>\r | |
1134 | <td width="50%" align="right">\r | |
1135 | This page is authored by <a href="mailto:gotoh@taiyo.co.jp">Shun-ichi GOTO</a>\r | |
1136 | using <a href="http://repose.cx/emacs/wiki">emacs-wiki.el</a><br/>\r | |
1137 | </td>\r | |
1138 | </tr></tbody>\r | |
1139 | </table>\r | |
1140 | </div>\r | |
1141 | </body>\r | |
1142 | </html>\r |