Installing updates from behind a firewall

If you are behind a web-proxy then installing packages or updating your system requires that the environment variable http_proxy is defined first – this then tells the system to use a web-proxy.

# http_proxy="http://<username>:<password>@<webproxy>:<port>"
# export http_proxy
# apt-get update
Get:1 jessie/updates InRelease [63.1 kB]
Fetched 483 kB in 2s (172 kB/s)
Reading package lists… Done

The username and password are optional and only required if your proxy server requires authentication, the webproxy is the URL or IP address of your proxy server and port is also optional.

This works just fine but the only problem is that if the proxy server requires authentication you need to include your user name and password in clear on the command line making it easy for anyone nearby to see your credentials.

To get round this problem (and to save me having to remember the syntax of the commands above) I wrote the following script which makes the process a bit easier and prevents your password from being displayed on the console. I have tested it on both Debian and CentOS and it should work on most modern linux distributions including Ubuntu, RedHat and Raspbian.

To use the it you just call the script and pass it the command you would like to execute. The script will then prompt you for your credentials allowing you to enter your password without it being shown on the screen and then test that the proxy settings work by attempting to connect to the target URL using ‘curl’. If you don’t need to specify a username and password just enter a blank username.

To save time you can define a default proxy server name, username and even password in the script.

# sh-html-proxy <command>
# Prompts for proxy server credentials (which may be defined in this script)
# and then executes what ever command the user specified.
# Demonstrates  how to prompt the user for a password and output an asterisk
# each time they press a key.
# This  program  is free software: you can redistribute it and/or modify  it
# under the terms of the GNU General Public License as published by the Free
# Software  Foundation, either version 3 of the License, or (at your option)
# any later version.
# This  program  is  distributed  in the hope that it will  be  useful,  but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public  License
# for more details.
# You  should  have received a copy of the GNU General Public License  along
# with this program. If not, see <>
# 03 Mar 17   0.1   - Initial version - MEJT
# 08 Mar 17   0.2   - Reads  the password character by character and  echoes
#                     an asterisk - MEJT
# 12 Apr 17   0.3   - Modified fallback to 'ping' the proxy server if 'wget'
#                     or 'curl' are not available - MEJT
#                   - Only  checks connectivity to the internet if a  target
#                     URL is defined - MEJT
# Define a target URL to check connectivity through the proxy
#_url="" # Debian (lenny)
#_url="" # Debian (current)
#_url="" # Centos 6
#_url="" # Kent mirror service
# Define default proxy server, username and password (optional)
if [[ -z "${_proxy_server// }" ]]; then # Check for empty string 
  # while [[ -z "${_proxy_server// }" ]]; do # Loop if no server name
    echo -ne "Proxy Server : "
    read _proxy_server
  # done
if [[ -n "${_proxy_server// }" ]]; then
  if [[ -z "${_proxy_username// }" ]]; then
    # while [[ -z "${_proxy_username// }" ]]; do
      echo -ne "Username : "
      read _proxy_username
    # done
  if [[ -z "${_proxy_password// }" ]] && [[ -n "${_proxy_username// }" ]]; then
  #  while [[ -z "${_proxy_password// }" ]]; do
      echo -ne "Password : "
      read -s -n1 _char
      while [ -n "$_char" ]; do
        # if [[ $_char == $'\x7f' ]]; then # backspace was pressed
        if [[ $_char == $'\x7f' ]]; then # backspace was pressed
          if [[ -n $_proxy_password ]]; then
            echo -ne '\b \b'
            _proxy_password=${_proxy_password%?} # Remove last char.
          echo -ne "*"
        read -s -n1 _char
  #  done
  if [[ -n "${_proxy_password// }" ]] && [[ -n "${_proxy_username// }" ]]; then
  if [[ -n "${_proxy_username// }" ]]; then
  export http_proxy
if [ -n "$_url" ]; then
  if (type wget >/dev/null 2>&1); then
    wget wget -T $_timeout -q -O - "$_url" &> /dev/null &
  elif  (type curl >/dev/null 2>&1); then
    curl "$_url" --max-time $_timeout --ipv4 &>/dev/null &
if [ "$_PID" -gt 0 ]; then # Couldn't find 'wget' or 'curl'
  # Wait for until timeout interval has passed of command completes
  while (ps -p "$_PID" >/dev/null 2>&1); do
    sleep 1
    _timeout=$((_timeout - 1)) # Decrement timeout.
    _count=$((_count + 1)) # Decrement counter.
    echo -ne "Connecting ($_count""s) $_string \r"
  wait $_PID # Get status code from curl command.
  _proxy_server=$(echo $_proxy_server |cut -f 1 -d':')
  ping -w $(($_timeout*1000)) -c 1 $_proxy_server >/dev/nul 2>&1
if [ $? -eq 0 ]; then # Check to see if it was successful.
  echo "$(basename $0): ($_proxy_server) is unreachable."

The following example shows the script being used to configure the proxy before running a command to install nano on CentOS 6.5

# ./ yum install nano
Username : proxyuser
Password : *********
Waiting to connect (1s) ...
Loaded plugins: fastestmirror
Setting up Install Process
Determining fastest mirrors
 * base:
 * extras:
 * updates:
base                                                     | 3.7 kB     00:00
base/primary_db                                          | 4.7 MB     00:00
extras                                                   | 3.4 kB     00:00
extras/primary_db                                        |  37 kB     00:00
updates                                                  | 3.4 kB     00:00
updates/primary_db                                       | 5.4 MB     00:00
Resolving Dependencies
--> Running transaction check
--> Package nano.x86_64 0:2.0.9-7.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

 Package          Arch       Version         Repository                Size
 nano             x86_64     2.0.9-7.el6     base                     436 k

Transaction Summary
Install       1 Package(s)

Total download size: 436 k
Installed size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
nano-2.0.9-7.el6.x86_64.rpm                              | 436 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : nano-2.0.9-7.el6.x86_64                                  1/1
  Verifying  : nano-2.0.9-7.el6.x86_64                                  1/1

  nano.x86_64 0:2.0.9-7.el6



This entry was posted in CentOS, Debian, Linux, Programming, Raspbian, RedHat, Ubuntu and tagged , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s