This is an old revision of the document!
Proxy Tab
Proxy tab allows you to configure WinSCP to use various types of proxy in order to make its network connections.
Advertisement
- Setting the Proxy Type
- Username and Password
- Telnet Proxy Command
- Name Resolution When Using a Proxy
Setting the Proxy Type
First, select what type of proxy you want WinSCP to use for its network connections. The default setting is None. In this mode no proxy is used for the connection.
Selecting HTTP allows you to proxy your connections through a web server supporting the HTTP CONNECT
command, as documented in RFC 2817.
Selecting SOCKS 4 or SOCKS 5 allows you to proxy your connections through a SOCKS server.
Many firewalls implement a less formal type of proxy in which a user can make a Telnet connection directly to the firewall machine and enter a command such as connect myhost.com 22
to connect through to an external host. Selecting Telnet allows you to tell WinSCP to use this type of proxy.
Username and Password
If your proxy requires authentication, you can enter a username and a password in the Username and Password boxes.
Authentication is not fully supported for all forms of proxy:
- Username and password authentication is supported for HTTP proxies and SOCKS 5 proxies.
- With SOCKS 5, authentication is via CHAP if the proxy supports it, otherwise the password is sent to the proxy in plain text.
- With HTTP proxying, the only currently supported authentication method is “basic”, where the password is sent to the proxy in plain text.
- SOCKS 4 can use the Username field, but does not support passwords.
- You can specify a way to include a username and password in the Telnet proxy command.
Advertisement
Telnet Proxy Command
If you are using the Telnet proxy type, the usual command required by the firewall’s Telnet server is connect
, followed by a host name and a port number. If your proxy needs a different command, you can enter an alternative here.
In this string, you can use \n
to represent a new-line, \r
to represent a carriage return, \t
to represent a tab character, and \x
followed by two hex digits to represent any other character. \\
is used to encode the \ character itself.
Also, the special strings %host
and %port
will be replaced by the host name and port number you want to connect to. The strings %user
and %pass
will be replaced by the proxy username and password you specify. To get a literal % sign, enter %%
.
If the Telnet proxy server prompts for a username and password before commands can be sent, you can use a command such as:
%user\n%pass\nconnect %host %port\n
This will send your username and password as the first two lines to the proxy, followed by a command to connect to the desired host and port. Note that if you do not include the %user
or %pass
tokens in the Telnet command, then the Username and Password configuration fields will be ignored.
Name Resolution When Using a Proxy
If you are using a proxy to access a private network, it can make a difference whether DNS name resolution is performed by WinSCP itself (on the client machine) or performed by the proxy.
The Do DNS name lookup at proxy end configuration option allows you to control this. If you set it to No, WinSCP will always do its own DNS, and will always pass an IP address to the proxy. If you set it to Yes, WinSCP will always pass host names straight to the proxy without trying to look them up first.
If you set this option to Auto (the default), WinSCP will do something it considers appropriate for each type of proxy. Telnet and HTTP proxies will have host names passed straight to them; SOCKS proxies will not.
The original SOCKS 4 protocol does not support proxy-side DNS. There is a protocol extension (SOCKS 4A) which does support it, but not all SOCKS 4 servers provide this extension. If you enable proxy DNS and your SOCKS 4 server cannot deal with it, this might be why.1
- The text is copy of PuTTY User Manual or was inspired by it.Back