Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Bitvise SSH Client 6.47 - stnlc, a command line SSH tunnel client
- Copyright (C) 2000-2016 by Bitvise Limited.
- USAGE:
- stnlc [username@]host[:port] OR -profile=file [-host=host] [-port=port] [-obfs=y|n] [-obfsKw=keyword] [-spn=SPN] [-sspi=y|n] [-sspiDlg=y|n]
- [-user=username] [-gka] [-gma [-krb OR -ntlm] [-gmaDlg]] [-pk=location [-pp=passphrase]] [-pw=password] [-kbdi [-sub=submethods]]
- [-unat=y|n] [-trustLsp=y|n]
- [-encr=list] [-mac=list] [-cmpr=list] [-kex=list] [-hkey=list] [-ka=y|n] [-kre=y|n]
- [-noRegistry OR -baseRegistry=registry-key]
- [-proxy=y|n [-proxyType=type] -proxyServer=server [-proxyPort=port] [-proxyUsername=username [-proxyPassword=password]] [-proxyResolveLocally=y|n]]
- [-hostKeyFp=fingerprints] [-hostKeyFile=file]
- [-keypairFile=file [-keypairPassphrase=passphrase]]
- [-traceLog] [-flowDebugFile=file]
- [-title=title]
- [-ftpBridge=y|n] [-ftpListIntf=interface] [-ftpListPort=port] [-ftpPassword=password] [-ftpPasvPortStart=port] [-ftpPasvPortEnd=port] [-sftpNewline=auto|crlf|lf|cr] [-sftpStartDir=sftp-path] [-sftpPipelineSize=kbytes]
- [-proxyFwding=y|n] [-proxyListIntf=interface] [-proxyListPort=port] [-proxyBindIp4Intf=ip4-interface] [-proxyBindIp6Intf=ip6-interface] [-proxyPublicIp4=ip4-address] [-proxyPublicIp6=ip6-address]
- [-c2s=rules OR -c2sFile=file-path] [-c2sAccept=y|n]
- [-s2c=rules OR -s2cFile=file-path] [-s2cAccept=y|n]
- PARAMETERS:
- -profile=file
- Load session parameters from the specified Bitvise SSH Client profile. If a command line parameter is additionally provided for any of the profile settings, the command line parameter overrides the profile.
- -host=host
- The server host to connect to, overriding any already set host.
- -port=port
- The port on server host to connect to, overriding any already set port.
- -obfs=y|n
- If the SSH server to which you are conecting uses SSH protocol obfuscation, you can use this parameter to enable it. Obfuscation is supported by some SSH servers, and makes it more difficult for an outside observer to detect that the protocol being used is SSH.
- -obfsKw=keyword
- If the SSH server to which you are connecting uses an obfuscation keyword, you can use this parameter to provide it.
- -spn=SPN
- If specified, Bitvise SSH Client will use the value of this parameter as the service principal name during Kerberos authentication. If not specified, Bitvise SSH Client will use a default, but possibly incorrect, SPN based on the SSH server's host name.
- -sspi=y|n
- SSPI/Kerberos 5 host authentication - disabled by default, but can also be disabled explicitly to override profile setting.
- -sspiDlg=y|n
- Permit access delegation - disabled by default, but can also be disabled explicitly to override profile setting. For use only with SSPI/Kerberos 5 host authentication.
- -user=username
- The username to login with overriding the already set username.
- -gka
- Log in using the gssapi-keyex method. Available only when SSPI/Kerberos 5 host authentication has been performed. Can also be combined with other authentication methods, in which case gssapi-keyex is attempted first.
- -gma
- Log in using the gssapi-with-mic method. Can also be combined with other authentication methods, in which case gssapi-with-mic is attempted after gssapi-keyex.
- -krb
- Use gssapi-with-mic with the Kerberos 5 mechanism only.
- -ntlm
- Use gssapi-with-mic with the NTLM mechanism only.
- -gmaDlg
- Permit access delegation - disabled by default. For use only with gssapi-with-mic user authentication.
- -pk=location
- Log in using the 'publickey' method, with the client key stored on the specified location. Can also be combined with other authentication methods, in which case 'publickey' is attempted after gssapi-with-mic. For keypairs stored globally in Windows registry for the currently logged on account, identify the key as <nr> or g<nr>. For keypairs stored in a profile provided using the -profile parameter, identify the key as p<nr>. For keypairs accessible via PuTTY or OpenSSH authentication agents, use t<nr> for PuTTY, or o<nr> for OpenSSH. Examples: -pk=3 for the third keypair configured globally for the current user; -pk=p1 for the first keypair stored in the provided profile.
- -pp=passphrase
- A passphrase for the keypair specified with -pk.
- -pw=password
- Log in with the specified password. Can also be combined with other authentication methods, in which case the password is attempted after the publickey method.
- -kbdi
- Log in with the keyboard-interactive method. Can also be combined with other authentication methods, in which case the keyboard-interactive method is attempted last.
- -sub=submethods
- Optional submethods for keyboard-interactive.
- -unat=y|n
- Use unattended mode to prevent any user interaction by the SSH session - in particular, host key verification and user authentication. Disabled by default.
- -trustLsp=y|n
- If enabled, only a narrow selection of trusted Windows Sockets LSP providers will be used, promoting stability, but at a possible expense of connectivity. If disabled, any LSP that is installed will be used, promoting connectivity, but at a possible expense of stability. By default, only trusted LSPs are used.
- -encr=list
- Comma-separated priority list of session encryption algorithms. If not specified, the following algorithm list is assumed: aes256-ctr,aes192-ctr,aes128-ctr,3des-ctr.
- -mac=list
- Comma-separated priority list of session MAC algorithms. If not specified, the following algorithm list is assumed: hmac-sha2-256,hmac-sha1.
- -cmpr=list
- Comma-separated priority list of session compression algorithms. If not specified, the following algorithm list is assumed: none,zlib.
- -kex=list
- Comma-separated priority list of ECDH and DH key exchange algorithms. If not specified, the following algorithm list is assumed: ecdh-sha2/secp256k1,ecdh-sha2/nistp521,ecdh-sha2/nistp384,ecdh-sha2/nistp256,diffie-hellman-group14-sha1, plus any GSSAPI key exchange methods if -sspi is specified. When connecting to OpenSSH servers, the diffie-hellman-group-exchange-sha256 and diffie-hellman-group-exchange-sha1 algorithms will automatically be moved to the back of the list for compatibility reasons.
- -hkey=list
- Comma-separated priority list of host key algorithms. If not specified, the following algorithm list is assumed: ECDSA/secp256k1,ECDSA/nistp521,ECDSA/nistp384,ECDSA/nistp256,RSA,DSA.
- -ka
- Keep-alive / broken session detection - enabled by default, but can also be enabled explicitly to override profile.
- -kre
- Key re-exchange - enabled by default, but can also be enabled explicitly to override profile.
- -noRegistry
- Do not load settings from or store them to Windows registry. Use of global client proxy settings, host key database, and user keypair database is prevented.
- -baseRegistry=registry-key
- A base Windows registry key to replace the default 'HKEY_CURRENT_USER\Software\Bitvise' key.
- -proxy=y|n
- Use a proxy server, overrides global client proxy settings.
- -proxyType=type
- The type of proxy server to use. 'SOCKS4', 'SOCK5', and 'HTTP' proxy types are supported. 'SOCKS4' is set by default.
- -proxyServer=server
- The IP address or DNS name of the proxy server.
- -proxyPort=port
- The proxy server port, 1080 by default.
- -proxyUsername=username
- The proxy server username (SOCKS5 and HTTP only).
- -proxyPassword=password
- The proxy server password (SOCKS5 and HTTP only).
- -proxyResolveLocally=y|n
- Resolve a DNS name locally before passing it to the proxy when this flag is used.
- -hostKeyFp=fingerprints
- A CSV list of SHA-256, Bubble-Babble, or MD5 fingerprints of host keys to accept, used additionally to global and per-profile host keys
- -hostKeyFile=file
- A file containing host keys to accept, used additionally to global client host key database
- -keypairFile=file
- A file containing a private key for authentication.
- -keypairPassphrase=passphrase
- Provide a passphrase for the keypair specified with the -keypairFile parameter. Passphrase must always be present when an OpenSSH encoded and passphrase protected keypair is specified.
- -traceLog
- Enable trace logging. Causes trace messages to appear in addition to the client's normal output.
- -flowDebugFile=file
- Records an extremely detailed debug log of the session in the specified textual file. If the file already exists, it will be appended to. The recording may include potentially sensitive information exchanged over the session, stored in the file in plaintext.
- -title=title
- Use this parameter to set a custom console window title.
- -ftpBridge=y|n
- Enable FTP-to-SFTP bridge. Disabled by default.
- -ftpListIntf=interface
- Listening interface for FTP-to-SFTP bridge. 127.0.0.1 by default.
- -ftpListPort=port
- Listening port for FTP-to-SFTP bridge. 21 by default.
- -ftpPassword=password
- FTP logon password to require for FTP-to-SFTP bridge. None required by default.
- -ftpPasvPortStart=port
- FTP PASV start port range for FTP-to-SFTP bridge. If both start and end port ranges are set to 0, the PASV port will be allocated by Windows from the standard dynamic port range. Otherwise, search for a free PASV port will commence downwards or upwards from the configured start to end (inclusive). Set to 0 by default.
- -ftpPasvPortEnd=port
- FTP PASV end port range for FTP-to-SFTP bridge. If both start and end port ranges are set to 0, the PASV port will be allocated by Windows from the standard dynamic port range. Otherwise, search for a free PASV port will commence downwards or upwards from the configured start to end (inclusive). Set to 0 by default.
- -sftpNewline=auto|crlf|lf|cr
- SFTP newline for FTP-to-SFTP bridge when working with SFTPv3 or earlier. Valid options are: Auto, CRLF, LF, CR, Win, Unix, Mac. Set to Auto by default.
- -sftpStartDir=sftp-path
- SFTP start directory for FTP-to-SFTP bridge. If not set, FTP will start in the SFTP start directory. Set it to '/' when connecting Windows File Explorer to the FTP-to-SFTP bridge. Not set by default.
- -sftpPipelineSize=kbytes
- SFTP pipeline size in kilobytes. The default value is 512. The valid range is 16 to 4096.
- -proxyFwding=y|n
- Enable SOCKS/HTTP proxy forwarding. Disabled by default.
- -proxyListIntf=interface
- Listening interface for SOCKS/HTTP proxy forwarding. 127.0.0.1 by default.
- -proxyListPort=port
- Listening port for SOCKS/HTTP proxy forwarding. 1080 by default.
- -proxyBindIp4Intf=ip4-interface
- IPv4 SSH server bind interface for SOCKS proxy forwarding. The SSH server will be instructed to use this interface for listening when handling IPv4 SOCKS TCP BIND request. Set to 0.0.0.0 (any IPv4) interface) by default.
- -proxyBindIp6Intf=ip6-interface
- IPv6 SSH server bind interface for SOCKS proxy forwarding. The SSH server will be instructed to use this interface for listening when handling IPv6 SOCKS TCP BIND request. Set to :: (any IPv6 interface) by default.
- -proxyPublicIp4=ip4-address
- IPv4 SSH server public address for SOCKS proxy forwarding. This is the address that a program on the server side will connect to in order to complete the IPv4 SOCKS TCP BIND request. If this address is not set, the client will try to obtain it from the DNS or IP address it used to connect to the SSH server. Not set by default.
- -proxyPublicIp6=ip6-address
- IPv6 SSH server public address for SOCKS proxy forwarding. This is the address that a program on the server side will connect to in order to complete the IPv6 SOCKS TCP BIND request. If this address is not set, the client will try to obtain it from the DNS or IP address it used to connect to the SSH server. Not set by default.
- -c2s=rules
- CSV list of client-to-server port forwarding rules of the following values: listen-interface-1, listen-port-1, destination-host-1, destination-port-1, listen-interface-2, listen-port-2, destination-host-2, destination-port-2, etc. This parameter cannot be used in conjunction with -c2sFile.
- -c2sFile=file-path
- File name with client-to-server port forwarding rules. Each forwarding rule must appear on a separate line. Each line is a CSV list of the following values: listen-interface, listen-port, destination-host, destination-port, comment. The final comment value is optional. This parameter cannot be used in conjunction with -c2s.
- -c2sAccept=y|n
- Accept server configured port forwarding rules, for connections to be forwarded from the SSH client to the server. At the time of this writing, Bitvise SSH Server is the only server we know that supports server-configured port forwarding. By default, server-configured port forwarding will not be accepted.
- -s2c=rules
- CSV list of server-to-client port forwarding rules of the following values: listen-interface-1, listen-port-1, destination-host-1, destination-port-1, listen-interface-2, listen-port-2, destination-host-2, destination-port-2, etc. This parameter cannot be used in conjunction with -s2cFile.
- -s2cFile=file-path
- File name with server-to-client port forwarding rules. Each forwarding rule must be placed in a separate line. Each line is a CSV list of the following values: listen-interface, listen-port, destination-host, destination-port, comment The last comment value is optional. This parameter cannot be used in conjunction with -s2c.
- -s2cAccept=y|n
- Accept server configured port forwarding rules, for connections to be forwarded from the SSH server to the client. At the time of this writing, Bitvise SSH Server is the only server we know that supports server-configured port forwarding. By default, server-configured port forwarding will not be accepted.
- EXAMPLES:
- stnlc myserver -ftpBridge=y -c2s=0.0.0.0,5900,myvncserver,5900
- Logs into 'myserver' with the account name of the current Windows user as the username. Will prompt to choose an authentication method when connected. Enables FTP-to-SFTP bridge and adds a client-to-server port forwarding rule on local address 0.0.0.0:5900 (port 5900 on all IPv4 interfaces) to remote address myvncserver:5900.
- stnlc myusername@myserver -pw=mypassword -unat -c2sAccept -s2cAccept
- Logs into 'myserver' as 'myusername' with password 'mypassword' in unattended mode. Once logged on, server-configured port forwarding will be enabled in forwarding both directions. This requires an SSH server with support for server-configured port forwarding. Enabling unattended mode will disable the interactive shell; use Ctrl+C or Ctrl+Break to exit the client.
- stnlc -profile=file.bscp -s2c -s2cAccept=n
- Logs into the SSH server as configured in the profile stored in 'file.bscp'. Sets up the FTP-to-SFTP bridge, SOCKS/HTTP proxy forwarding, and client-to-server port forwarding as configured in the profile. Note that the the last two parameters override the profile to disable both client-configured and server-configured port forwarding in the direction from SSH server to client.
- RETURN CODES:
- 0 Success
- 1 Unknown failure
- 2 Usage error
- 100 SSH session failure
- 101 Failure connecting to server
- 102 SSH host authentication failure
- 103 SSH user authentication failure
- 201 Error setting up the FTP-to-SFTP bridge
- 202 Error setting up SOCKS/HTTP proxy forwarding
- 203 Error adding client-to-server port forwarding rule
- 204 Error adding server-to-client port forwarding rule
- 205 Error inviting server-configured client-to-server port forwarding
- 206 Error inviting server-configured server-to-client port forwarding
- To read the above help more easily, try:
- stnlc -help-usage (display usage information)
- stnlc -help | more (displays help page by page)
- stnlc -help > h.txt (creates a text file you can open e.g. with Notepad)
- stnlc -help-params (display help for parameters in general)
- stnlc -help-<param> (display help for a particular parameter)
- stnlc -help-examples (display examples)
- stnlc -help-codes (display return codes)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement