hconnect can establish a TCP connection to a host behind a proxy. It is
similar to corkscrew or nc -Xconnect -x..., but can
authenticate against a proxy using the basic or negotiate
via Kerberos (using the GSS-API Linux and macOS or
SSPI on Windows) authorization method
Below are different usage examples of hconnect. Replace %h with the host
behind the proxy and %p with the port.
The following command will establish a TCP connection with the host behind the
proxy proxy.exmaple.com listening on port 8080.
hconnect --proxy proxy.example.com:8080 %h:%pProxies which require authentication, will response with: 407 Proxy
Authentication Required. In this case we can either use Basic authentication by
consulting the ~/.netrc file with the following command:
hconnect --netrc --proxy proxy.example.com:8080 %h:%pIn the command above, the .netrc file from the defualt locatoin in your
$HOME directory will be used. A custom path for the .netrc file can be
specified by using the --netrc-file NETRC_PATH argument. The .netrc file
will need an entry like this:
machine proxy.example.com
login USERNAME
password PASSWORD
The value for machine must match with the proxy host (in this example
proxy.example.com). The USERNAME and PASSWORD must be adjusted
accordingly.
The best option for authentication is via --negotiate since in this way no
additional configuration is requied and no password needs to be stored or
transmitted (neither in plain text nor encrypted).
hconnect --negotiate --proxy proxy.example.com:8080 %h:%pPlace the following fragment in your ~/.ssh/config file:
ProxyCommand hconnect --proxy proxy.example.com:8080 %h:%p
Add either --netrc or --negotiate if authentication is required. The ssh
command will automatically replace %h and %p with the SSH target host and
port.
This source code is under the MIT license with the exceptions mentioned in "Third party source code in this repository".