Shell command reference
Note: this is not CLI command reference
Note: snap installations are simplified for quick use and don't have all commands below installed
This command will control full smithproxy instance, including: * smithproxy core * smithd * bend * web portal for HTTP * web portal for HTTPS
smithproxy [--tenant-id <name> --tenant-idx <num>] [--daemonize] [--help] [--]
* (no mandatory parameters)
tenant-id name of tenant, it is a base string for logs
tenant-id tenant index, number for lookup in tenant table
daemonize run smithproxy at background
--config-check-only load config file to check its correctness
Program is core smithproxy component. Run without arguments, it loads
file and starts to run on foreground unless specified otherwise.
Signing CA authority generator script
Program doesn't take any arguments. It will check smithproxy certificate store and interactively
asks user for desired actions. it can generate new signing CA and necessary keys for EC or RSA methods.
Program can be executed in dry mode, to just check how it works.
This is simple script connecting administrator to smithproxy CLI interface. It is tenant aware.
If tenant table is present in the system, tenant_name is mandatory.
Script to prepare networking in the system for smithproxy use. Usage:
sx_network start|stop [tenantid]
If smithproxy is configured for multiple tenants, you need to specify tenant name as the last argument (it is not needed otherwise).
Networking setup is configurable in the
It controls which traffic is diverted to smithproxy and which interfaces it is related to.
There are many options, but let's highlight some:
-- apply divert rules to all interfaces without default route Special value
*- apply divert rules to all interfaces in the system Any other string value means interface name.
Inspect all TCP traffic
This command checks or changes user password. Users are stored in separate
/etc/smithproxy/users.cfg file. User secrets are salted and encrypted by
/etc/smithproxy/users.key (128 byte key).
Obviously, if you change it, all secrets are lost.
If you want use smithproxy with authentication in serious way, you will probably want to generate new key file and not use default pre-installed one.
If used with
--check argument, sx_passwd process will return 0 if password check was ok,
or 1 otherwise.
# change password for user 'abc' (with password prompt) sx_passwd --user abc # change password for user 'abc' to MySecretPass sx_passwd --user abc --password MySecretPass # check user 'abc' password sx_passwd
To technically allow outbound TLS connections certificate transparency checks (which are enabled by default),
you need to download CT keys log.
sx_download_ctlog will download ready-made log prepared in smithproxy.org download site.
Downloaded CT log is stored in
This deamon is query server ready for future use. It's not an active component currently.