Accessing the web from behind a firewall (without exposing your password)

If you are behind a web-proxy then you either need to configure the proxy settings or set the environment variable  http_proxy  first.

# http_proxy="http://<username>:<password>@<webproxy>:<port>"
# export http_proxy
# apt-get update
Get:1 jessie/updates InRelease [63.1 kB]
Fetched 483 kB in 2s (172 kB/s)
Reading package lists… Done

The  username  and  password  are optional and only required if your proxy server requires authentication, the  webproxy  is the URL or IP address of your proxy server and  port  is also optional.

The only problem is that if the proxy server does requires authentication then your user name and password are exposed in clear text on the command line making it easy for anyone nearby to see your credentials.

To get round this problem (and to save me having to remember the syntax of the commands above) I wrote the following script which makes the process a bit easier and prevents your password from being displayed on the console. It also has the advantage that once the script exits  http_proxy  is no longer defined.

I have tested it on both Debian and CentOS and it should work on most modern Linux distributions including Ubuntu, RedHat and Raspbian.

To use the it you just call the script and pass it the command you would like to execute. If you haven’t modified the script to include your username and password then it will then prompt you for your credentials allowing you to enter your password without it being shown on the screen. If you don’t need to specify a username and password just enter a blank username.

# sh-html-proxy <command>
# Prompts for proxy server credentials (which may be defind in this  script)
# and then excutes what ever cammand the user specified.
# Demonstrates  how to prompt the user for a password and output an  asterix
# each time they press a key.
# This  program  is free software: you can redistribute it and/or modify  it
# under the terms of the GNU General Public License as published by the Free
# Software  Foundation, either version 3 of the License, or (at your option)
# any later version.
# This  program  is  distributed  in the hope that it will  be  useful,  but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public  License
# for more details.
# You  should  have received a copy of the GNU General Public License  along
# with this program. If not, see <>
# 03 Mar 17   0.1   - Initial version - MEJT
# 08 Mar 17   0.2   - Reads  the password character by character and  echoes
#                     an asterix - MEJT
# 12 Sep 18   0.3   - Changed  to execute use /bin/bash rather than  /bin/sh
#                     (avoids subsitution errors) - MEJT
#                   - Sets 'https_proxy' - MEJT
# To Do:            -
if [[ -z "${_proxy_server// }" ]]; then # Check for empty string (ignoring spaces)
  # while [[ -z "${_proxy_server// }" ]]; do # Loop if no server name given (optional).
    echo -ne "Proxy Server : "
    read _proxy_server
  # done
if [[ -n "${_proxy_server// }" ]]; then
  if [[ -z "${_proxy_username// }" ]]; then
    # while [[ -z "${_proxy_username// }" ]]; do
      echo -ne "Username : "
      read _proxy_username
    # done
  if [[ -z "${_proxy_password// }" ]] && [[ -n "${_proxy_username// }" ]]; then
  #  while [[ -z "${_proxy_password// }" ]]; do
      echo -ne "Password : "
      read -s -n1 _char
      while [ -n "$_char" ]; do
        # if [[ $_char == $'\x7f' ]]; then # backspace was pressed
        if [[ $_char == $'\x7f' ]]; then # backspace was pressed
          if [[ -n $_proxy_password ]]; then
            echo -ne '\b \b'
            _proxy_password=${_proxy_password%?} # Remove last char from output variable.
          echo -ne "*"
        read -s -n1 _char
  #  done
  if [[ -n "${_proxy_password// }" ]] && [[ -n "${_proxy_username// }" ]]; then
  if [[ -n "${_proxy_username// }" ]]; then
  export http_proxy
  export https_proxy
exit $?

The following example shows the script being used to configure the proxy before running a command to install  nano  on CentOS 6.5

# ./ yum install nano
Username : username
Password : *********
Loaded plugins: fastestmirror
Setting up Install Process
Determining fastest mirrors
 * base:
 * extras:
 * updates:
base                                                     | 3.7 kB     00:00
base/primary_db                                          | 4.7 MB     00:00
extras                                                   | 3.4 kB     00:00
extras/primary_db                                        |  37 kB     00:00
updates                                                  | 3.4 kB     00:00
updates/primary_db                                       | 5.4 MB     00:00
Resolving Dependencies
--> Running transaction check
--> Package nano.x86_64 0:2.0.9-7.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
 Package          Arch       Version         Repository                Size
 nano             x86_64     2.0.9-7.el6     base                     436 k
Transaction Summary
Install       1 Package(s)
Total download size: 436 k
Installed size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
nano-2.0.9-7.el6.x86_64.rpm                              | 436 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : nano-2.0.9-7.el6.x86_64                                  1/1
  Verifying  : nano-2.0.9-7.el6.x86_64                                  1/1
  nano.x86_64 0:2.0.9-7.el6

It also works equally well with  wget  or  curl  as shown by the following example which retrieves the current weather information for London from the Open Weather Map API.

$ ./ curl /
Username : username
Password : *********
{"coord":{"lon":-0.13,"lat":51.51},"weather":[{"id":802,"main":"Clouds","description":"scattered clouds","icon":"03d"}],"base":"stat


This entry was posted in CentOS, Debian, Linux, Programming, Raspbian, RedHat, Ubuntu and tagged , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.