Bitvise SSH Client 6.47 - stnlc, a command line SSH tunnel clientCopyright (C)

1. Bitvise SSH Client 6.47 - stnlc, a command line SSH tunnel client
2. Copyright (C) 2000-2016 by Bitvise Limited.
3.  
4. USAGE:
5. stnlc [username@]host[:port] OR -profile=file [-host=host] [-port=port] [-obfs=y|n] [-obfsKw=keyword] [-spn=SPN] [-sspi=y|n] [-sspiDlg=y|n]
6. [-user=username] [-gka] [-gma [-krb OR -ntlm] [-gmaDlg]] [-pk=location [-pp=passphrase]] [-pw=password] [-kbdi [-sub=submethods]]
7. [-unat=y|n] [-trustLsp=y|n]
8. [-encr=list] [-mac=list] [-cmpr=list] [-kex=list] [-hkey=list] [-ka=y|n] [-kre=y|n]
9. [-noRegistry OR -baseRegistry=registry-key]
10. [-proxy=y|n [-proxyType=type] -proxyServer=server [-proxyPort=port] [-proxyUsername=username [-proxyPassword=password]] [-proxyResolveLocally=y|n]]
11. [-hostKeyFp=fingerprints] [-hostKeyFile=file]
12. [-keypairFile=file [-keypairPassphrase=passphrase]]
13. [-traceLog] [-flowDebugFile=file]
14. [-title=title]
15. [-ftpBridge=y|n] [-ftpListIntf=interface] [-ftpListPort=port] [-ftpPassword=password] [-ftpPasvPortStart=port] [-ftpPasvPortEnd=port] [-sftpNewline=auto|crlf|lf|cr] [-sftpStartDir=sftp-path] [-sftpPipelineSize=kbytes]
16. [-proxyFwding=y|n] [-proxyListIntf=interface] [-proxyListPort=port] [-proxyBindIp4Intf=ip4-interface] [-proxyBindIp6Intf=ip6-interface] [-proxyPublicIp4=ip4-address] [-proxyPublicIp6=ip6-address]
17. [-c2s=rules OR -c2sFile=file-path] [-c2sAccept=y|n]
18. [-s2c=rules OR -s2cFile=file-path] [-s2cAccept=y|n]
19.  
20. PARAMETERS:
21. -profile=file
22. Load session parameters from the specified Bitvise SSH Client profile. If a command line parameter is additionally provided for any of the profile settings, the command line parameter overrides the profile.
23. -host=host
24. The server host to connect to, overriding any already set host.
25. -port=port
26. The port on server host to connect to, overriding any already set port.
27. -obfs=y|n
28. If the SSH server to which you are conecting uses SSH protocol obfuscation, you can use this parameter to enable it. Obfuscation is supported by some SSH servers, and makes it more difficult for an outside observer to detect that the protocol being used is SSH.
29. -obfsKw=keyword
30. If the SSH server to which you are connecting uses an obfuscation keyword, you can use this parameter to provide it.
31. -spn=SPN
32. If specified, Bitvise SSH Client will use the value of this parameter as the service principal name during Kerberos authentication. If not specified, Bitvise SSH Client will use a default, but possibly incorrect, SPN based on the SSH server's host name.
33. -sspi=y|n
34. SSPI/Kerberos 5 host authentication - disabled by default, but can also be disabled explicitly to override profile setting.
35. -sspiDlg=y|n
36. Permit access delegation - disabled by default, but can also be disabled explicitly to override profile setting. For use only with SSPI/Kerberos 5 host authentication.
37. -user=username
38. The username to login with overriding the already set username.
39. -gka
40. Log in using the gssapi-keyex method. Available only when SSPI/Kerberos 5 host authentication has been performed. Can also be combined with other authentication methods, in which case gssapi-keyex is attempted first.
41. -gma
42. Log in using the gssapi-with-mic method. Can also be combined with other authentication methods, in which case gssapi-with-mic is attempted after gssapi-keyex.
43. -krb
44. Use gssapi-with-mic with the Kerberos 5 mechanism only.
45. -ntlm
46. Use gssapi-with-mic with the NTLM mechanism only.
47. -gmaDlg
48. Permit access delegation - disabled by default. For use only with gssapi-with-mic user authentication.
49. -pk=location
50. Log in using the 'publickey' method, with the client key stored on the specified location. Can also be combined with other authentication methods, in which case 'publickey' is attempted after gssapi-with-mic. For keypairs stored globally in Windows registry for the currently logged on account, identify the key as <nr> or g<nr>. For keypairs stored in a profile provided using the -profile parameter, identify the key as p<nr>. For keypairs accessible via PuTTY or OpenSSH authentication agents, use t<nr> for PuTTY, or o<nr> for OpenSSH. Examples: -pk=3 for the third keypair configured globally for the current user; -pk=p1 for the first keypair stored in the provided profile.
51. -pp=passphrase
52. A passphrase for the keypair specified with -pk.
53. -pw=password
54. Log in with the specified password. Can also be combined with other authentication methods, in which case the password is attempted after the publickey method.
55. -kbdi
56. Log in with the keyboard-interactive method. Can also be combined with other authentication methods, in which case the keyboard-interactive method is attempted last.
57. -sub=submethods
58. Optional submethods for keyboard-interactive.
59. -unat=y|n
60. Use unattended mode to prevent any user interaction by the SSH session - in particular, host key verification and user authentication. Disabled by default.
61. -trustLsp=y|n
62. If enabled, only a narrow selection of trusted Windows Sockets LSP providers will be used, promoting stability, but at a possible expense of connectivity. If disabled, any LSP that is installed will be used, promoting connectivity, but at a possible expense of stability. By default, only trusted LSPs are used.
63. -encr=list
64. Comma-separated priority list of session encryption algorithms. If not specified, the following algorithm list is assumed: aes256-ctr,aes192-ctr,aes128-ctr,3des-ctr.
65. -mac=list
66. Comma-separated priority list of session MAC algorithms. If not specified, the following algorithm list is assumed: hmac-sha2-256,hmac-sha1.
67. -cmpr=list
68. Comma-separated priority list of session compression algorithms. If not specified, the following algorithm list is assumed: none,zlib.
69. -kex=list
70. Comma-separated priority list of ECDH and DH key exchange algorithms. If not specified, the following algorithm list is assumed: ecdh-sha2/secp256k1,ecdh-sha2/nistp521,ecdh-sha2/nistp384,ecdh-sha2/nistp256,diffie-hellman-group14-sha1, plus any GSSAPI key exchange methods if -sspi is specified. When connecting to OpenSSH servers, the diffie-hellman-group-exchange-sha256 and diffie-hellman-group-exchange-sha1 algorithms will automatically be moved to the back of the list for compatibility reasons.
71. -hkey=list
72. Comma-separated priority list of host key algorithms. If not specified, the following algorithm list is assumed: ECDSA/secp256k1,ECDSA/nistp521,ECDSA/nistp384,ECDSA/nistp256,RSA,DSA.
73. -ka
74. Keep-alive / broken session detection - enabled by default, but can also be enabled explicitly to override profile.
75. -kre
76. Key re-exchange - enabled by default, but can also be enabled explicitly to override profile.
77. -noRegistry
78. Do not load settings from or store them to Windows registry. Use of global client proxy settings, host key database, and user keypair database is prevented.
79. -baseRegistry=registry-key
80. A base Windows registry key to replace the default 'HKEY_CURRENT_USER\Software\Bitvise' key.
81. -proxy=y|n
82. Use a proxy server, overrides global client proxy settings.
83. -proxyType=type
84. The type of proxy server to use. 'SOCKS4', 'SOCK5', and 'HTTP' proxy types are supported. 'SOCKS4' is set by default.
85. -proxyServer=server
86. The IP address or DNS name of the proxy server.
87. -proxyPort=port
88. The proxy server port, 1080 by default.
89. -proxyUsername=username
90. The proxy server username (SOCKS5 and HTTP only).
91. -proxyPassword=password
92. The proxy server password (SOCKS5 and HTTP only).
93. -proxyResolveLocally=y|n
94. Resolve a DNS name locally before passing it to the proxy when this flag is used.
95. -hostKeyFp=fingerprints
96. A CSV list of SHA-256, Bubble-Babble, or MD5 fingerprints of host keys to accept, used additionally to global and per-profile host keys
97. -hostKeyFile=file
98. A file containing host keys to accept, used additionally to global client host key database
99. -keypairFile=file
100. A file containing a private key for authentication.
101. -keypairPassphrase=passphrase
102. Provide a passphrase for the keypair specified with the -keypairFile parameter. Passphrase must always be present when an OpenSSH encoded and passphrase protected keypair is specified.
103. -traceLog
104. Enable trace logging. Causes trace messages to appear in addition to the client's normal output.
105. -flowDebugFile=file
106. Records an extremely detailed debug log of the session in the specified textual file. If the file already exists, it will be appended to. The recording may include potentially sensitive information exchanged over the session, stored in the file in plaintext.
107. -title=title
108. Use this parameter to set a custom console window title.
109. -ftpBridge=y|n
110. Enable FTP-to-SFTP bridge. Disabled by default.
111. -ftpListIntf=interface
112. Listening interface for FTP-to-SFTP bridge. 127.0.0.1 by default.
113. -ftpListPort=port
114. Listening port for FTP-to-SFTP bridge. 21 by default.
115. -ftpPassword=password
116. FTP logon password to require for FTP-to-SFTP bridge. None required by default.
117. -ftpPasvPortStart=port
118. FTP PASV start port range for FTP-to-SFTP bridge. If both start and end port ranges are set to 0, the PASV port will be allocated by Windows from the standard dynamic port range. Otherwise, search for a free PASV port will commence downwards or upwards from the configured start to end (inclusive). Set to 0 by default.
119. -ftpPasvPortEnd=port
120. FTP PASV end port range for FTP-to-SFTP bridge. If both start and end port ranges are set to 0, the PASV port will be allocated by Windows from the standard dynamic port range. Otherwise, search for a free PASV port will commence downwards or upwards from the configured start to end (inclusive). Set to 0 by default.
121. -sftpNewline=auto|crlf|lf|cr
122. SFTP newline for FTP-to-SFTP bridge when working with SFTPv3 or earlier. Valid options are: Auto, CRLF, LF, CR, Win, Unix, Mac. Set to Auto by default.
123. -sftpStartDir=sftp-path
124. SFTP start directory for FTP-to-SFTP bridge. If not set, FTP will start in the SFTP start directory. Set it to '/' when connecting Windows File Explorer to the FTP-to-SFTP bridge. Not set by default.
125. -sftpPipelineSize=kbytes
126. SFTP pipeline size in kilobytes. The default value is 512. The valid range is 16 to 4096.
127. -proxyFwding=y|n
128. Enable SOCKS/HTTP proxy forwarding. Disabled by default.
129. -proxyListIntf=interface
130. Listening interface for SOCKS/HTTP proxy forwarding. 127.0.0.1 by default.
131. -proxyListPort=port
132. Listening port for SOCKS/HTTP proxy forwarding. 1080 by default.
133. -proxyBindIp4Intf=ip4-interface
134. IPv4 SSH server bind interface for SOCKS proxy forwarding. The SSH server will be instructed to use this interface for listening when handling IPv4 SOCKS TCP BIND request. Set to 0.0.0.0 (any IPv4) interface) by default.
135. -proxyBindIp6Intf=ip6-interface
136. IPv6 SSH server bind interface for SOCKS proxy forwarding. The SSH server will be instructed to use this interface for listening when handling IPv6 SOCKS TCP BIND request. Set to :: (any IPv6 interface) by default.
137. -proxyPublicIp4=ip4-address
138. IPv4 SSH server public address for SOCKS proxy forwarding. This is the address that a program on the server side will connect to in order to complete the IPv4 SOCKS TCP BIND request. If this address is not set, the client will try to obtain it from the DNS or IP address it used to connect to the SSH server. Not set by default.
139. -proxyPublicIp6=ip6-address
140. IPv6 SSH server public address for SOCKS proxy forwarding. This is the address that a program on the server side will connect to in order to complete the IPv6 SOCKS TCP BIND request. If this address is not set, the client will try to obtain it from the DNS or IP address it used to connect to the SSH server. Not set by default.
141. -c2s=rules
142. CSV list of client-to-server port forwarding rules of the following values: listen-interface-1, listen-port-1, destination-host-1, destination-port-1, listen-interface-2, listen-port-2, destination-host-2, destination-port-2, etc. This parameter cannot be used in conjunction with -c2sFile.
143. -c2sFile=file-path
144. File name with client-to-server port forwarding rules. Each forwarding rule must appear on a separate line. Each line is a CSV list of the following values: listen-interface, listen-port, destination-host, destination-port, comment. The final comment value is optional. This parameter cannot be used in conjunction with -c2s.
145. -c2sAccept=y|n
146. Accept server configured port forwarding rules, for connections to be forwarded from the SSH client to the server. At the time of this writing, Bitvise SSH Server is the only server we know that supports server-configured port forwarding. By default, server-configured port forwarding will not be accepted.
147. -s2c=rules
148. CSV list of server-to-client port forwarding rules of the following values: listen-interface-1, listen-port-1, destination-host-1, destination-port-1, listen-interface-2, listen-port-2, destination-host-2, destination-port-2, etc. This parameter cannot be used in conjunction with -s2cFile.
149. -s2cFile=file-path
150. File name with server-to-client port forwarding rules. Each forwarding rule must be placed in a separate line. Each line is a CSV list of the following values: listen-interface, listen-port, destination-host, destination-port, comment The last comment value is optional. This parameter cannot be used in conjunction with -s2c.
151. -s2cAccept=y|n
152. Accept server configured port forwarding rules, for connections to be forwarded from the SSH server to the client. At the time of this writing, Bitvise SSH Server is the only server we know that supports server-configured port forwarding. By default, server-configured port forwarding will not be accepted.
153.  
154. EXAMPLES:
155. stnlc myserver -ftpBridge=y -c2s=0.0.0.0,5900,myvncserver,5900
156. Logs into 'myserver' with the account name of the current Windows user as the username. Will prompt to choose an authentication method when connected. Enables FTP-to-SFTP bridge and adds a client-to-server port forwarding rule on local address 0.0.0.0:5900 (port 5900 on all IPv4 interfaces) to remote address myvncserver:5900.
157. stnlc myusername@myserver -pw=mypassword -unat -c2sAccept -s2cAccept
158. Logs into 'myserver' as 'myusername' with password 'mypassword' in unattended mode. Once logged on, server-configured port forwarding will be enabled in forwarding both directions. This requires an SSH server with support for server-configured port forwarding. Enabling unattended mode will disable the interactive shell; use Ctrl+C or Ctrl+Break to exit the client.
159. stnlc -profile=file.bscp -s2c -s2cAccept=n
160. Logs into the SSH server as configured in the profile stored in 'file.bscp'. Sets up the FTP-to-SFTP bridge, SOCKS/HTTP proxy forwarding, and client-to-server port forwarding as configured in the profile. Note that the the last two parameters override the profile to disable both client-configured and server-configured port forwarding in the direction from SSH server to client.
161.  
162. RETURN CODES:
163. 0 Success
164. 1 Unknown failure
165. 2 Usage error
166. 100 SSH session failure
167. 101 Failure connecting to server
168. 102 SSH host authentication failure
169. 103 SSH user authentication failure
170. 201 Error setting up the FTP-to-SFTP bridge
171. 202 Error setting up SOCKS/HTTP proxy forwarding
172. 203 Error adding client-to-server port forwarding rule
173. 204 Error adding server-to-client port forwarding rule
174. 205 Error inviting server-configured client-to-server port forwarding
175. 206 Error inviting server-configured server-to-client port forwarding
176.  
177. To read the above help more easily, try:
178. stnlc -help-usage (display usage information)
179. stnlc -help | more (displays help page by page)
180. stnlc -help > h.txt (creates a text file you can open e.g. with Notepad)
181. stnlc -help-params (display help for parameters in general)
182. stnlc -help-<param> (display help for a particular parameter)
183. stnlc -help-examples (display examples)
184. stnlc -help-codes (display return codes)