Accessing the web from behind a firewall (without exposing your password)

If you are behind a web-proxy then you either need to configure the proxy settings or set the environment variable  http_proxy  first.

# http_proxy="http://<username>:<password>@<webproxy>:<port>"
# export http_proxy
# apt-get update
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
  :
  :
  :
Fetched 483 kB in 2s (172 kB/s)
Reading package lists… Done
#

The  username  and  password  are optional and only required if your proxy server requires authentication, the  webproxy  is the URL or IP address of your proxy server and  port  is also optional.

The only problem is that if the proxy server does requires authentication then your user name and password are exposed in clear text on the command line making it easy for anyone nearby to see your credentials.

To get round this problem (and to save me having to remember the syntax of the commands above) I wrote the following script which makes the process a bit easier and prevents your password from being displayed on the console. It also has the advantage that once the script exits  http_proxy  is no longer defined.

I have tested it on both Debian and CentOS and it should work on most modern Linux distributions including Ubuntu, RedHat and Raspbian.

To use the it you just call the script and pass it the command you would like to execute. If you haven’t modified the script to include your username and password then it will then prompt you for your credentials allowing you to enter your password without it being shown on the screen. If you don’t need to specify a username and password just enter a blank username.

#!/bin/bash
#
# sh-html-proxy <command>
#
# Prompts for proxy server credentials (which may be defind in this  script)
# and then excutes what ever cammand the user specified.
#
# Demonstrates  how to prompt the user for a password and output an  asterix
# each time they press a key.
#
# This  program  is free software: you can redistribute it and/or modify  it
# under the terms of the GNU General Public License as published by the Free
# Software  Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# This  program  is  distributed  in the hope that it will  be  useful,  but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public  License
# for more details.
#
# You  should  have received a copy of the GNU General Public License  along
# with this program. If not, see <http://www.gnu.org/licenses/>
##
# 03 Mar 17   0.1   - Initial version - MEJT
# 08 Mar 17   0.2   - Reads  the password character by character and  echoes
#                     an asterix - MEJT
# 12 Sep 18   0.3   - Changed  to execute use /bin/bash rather than  /bin/sh
#                     (avoids subsitution errors) - MEJT
#                   - Sets 'https_proxy' - MEJT
#
# To Do:            -
#
 
_proxy_server="proxy.local.net:8080"
_proxy_username="user"
_proxy_password="password"
 
if [[ -z "${_proxy_server// }" ]]; then # Check for empty string (ignoring spaces)
  # while [[ -z "${_proxy_server// }" ]]; do # Loop if no server name given (optional).
    echo -ne "Proxy Server : "
    read _proxy_server
  # done
fi
 
if [[ -n "${_proxy_server// }" ]]; then
  if [[ -z "${_proxy_username// }" ]]; then
    # while [[ -z "${_proxy_username// }" ]]; do
      echo -ne "Username : "
      read _proxy_username
    # done
  fi
 
  if [[ -z "${_proxy_password// }" ]] && [[ -n "${_proxy_username// }" ]]; then
  #  while [[ -z "${_proxy_password// }" ]]; do
      echo -ne "Password : "
      read -s -n1 _char
      while [ -n "$_char" ]; do
        # if [[ $_char == $'\x7f' ]]; then # backspace was pressed
        if [[ $_char == $'\x7f' ]]; then # backspace was pressed
          if [[ -n $_proxy_password ]]; then
            echo -ne '\b \b'
            _proxy_password=${_proxy_password%?} # Remove last char from output variable.
          fi
        else
          echo -ne "*"
          _proxy_password=$_proxy_password$_char
        fi
        read -s -n1 _char
       done
     echo
  #  done
  fi
 
  if [[ -n "${_proxy_password// }" ]] && [[ -n "${_proxy_username// }" ]]; then
    _proxy_username="$_proxy_username:$_proxy_password"
  fi
 
  if [[ -n "${_proxy_username// }" ]]; then
    _proxy_username="$_proxy_username@"
  fi
 
  http_proxy="http://$_proxy_username$_proxy_server"
  https_proxy=$http_proxy
  export http_proxy
  export https_proxy
fi
 
"$@"
 
exit $?

The following example shows the script being used to configure the proxy before running a command to install  nano  on CentOS 6.5

# ./sh-http-proxy.sh yum install nano
Username : username
Password : *********
Loaded plugins: fastestmirror
Setting up Install Process
Determining fastest mirrors
 * base: centos.bio.lmu.de
 * extras: centos.copahost.com
 * updates: centos.mirror.net-d-sign.de
base                                                     | 3.7 kB     00:00
base/primary_db                                          | 4.7 MB     00:00
extras                                                   | 3.4 kB     00:00
extras/primary_db                                        |  37 kB     00:00
updates                                                  | 3.4 kB     00:00
updates/primary_db                                       | 5.4 MB     00:00
Resolving Dependencies
--> Running transaction check
--> Package nano.x86_64 0:2.0.9-7.el6 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
===========================================================================
 Package          Arch       Version         Repository                Size
===========================================================================
Installing:
 nano             x86_64     2.0.9-7.el6     base                     436 k
 
Transaction Summary
===========================================================================
Install       1 Package(s)
 
Total download size: 436 k
Installed size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
nano-2.0.9-7.el6.x86_64.rpm                              | 436 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : nano-2.0.9-7.el6.x86_64                                  1/1
  Verifying  : nano-2.0.9-7.el6.x86_64                                  1/1
 
Installed:
  nano.x86_64 0:2.0.9-7.el6
 
Complete!
#

It also works equally well with  wget  or  curl  as shown by the following example which retrieves the current weather information for London from the Open Weather Map API.

$ ./sh-http-proxy.sh curl /
"https://api.openweathermap.org/data/2.5/weather?units=metric&appid=1ef567a7386ab344dc4ac56546d61024&q=London,GB"
Username : username
Password : *********
{"coord":{"lon":-0.13,"lat":51.51},"weather":[{"id":802,"main":"Clouds","description":"scattered clouds","icon":"03d"}],"base":"stat
ions","main":{"temp":16,"pressure":1021,"humidity":59,"temp_min":15,"temp_max":17},"visibility":10000,"wind":{"speed":6.2,"deg":250}
,"clouds":{"all":40},"dt":1536924000,"sys":{"type":1,"id":5092,"message":0.0046,"country":"GB","sunrise":1536903471,"sunset":1536949
178},"id":2646654,"name":"London","cod":200}
$

References

Advertisements
This entry was posted in CentOS, Debian, Linux, Programming, Raspbian, RedHat, Ubuntu and tagged , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.