Shell command reference

Note: this is not CLI command reference

Note: snap installations are simplified for quick use and don't have all commands below installed

sx_ctl command


sx_ctl start|stop|status|fix

This command will control full smithproxy instance, including: * smithproxy core * smithd * bend * web portal for HTTP * web portal for HTTPS

smithproxy command


smithproxy [--tenant-id <name> --tenant-idx <num>] [--daemonize] [--help] [--]

Parameters (mandatory):
* (no mandatory parameters)

Parameters (optional): * tenant-id name of tenant, it is a base string for logs * tenant-id tenant index, number for lookup in tenant table * daemonize run smithproxy at background * --config-check-only load config file to check its correctness

Program is core smithproxy component. Run without arguments, it loads smithproxy.cfg configuration file and starts to run on foreground unless specified otherwise.

sx_regencerts command



Signing CA authority generator script

Program doesn't take any arguments. It will check smithproxy certificate store and interactively asks user for desired actions. it can generate new signing CA and necessary keys for EC or RSA methods.
Program can be executed in dry mode, to just check how it works.

sx_cli command

sx_cli [tenant_nane]

This is simple script connecting administrator to smithproxy CLI interface. It is tenant aware.
If tenant table is present in the system, tenant_name is mandatory.

sx_network command

Script to prepare networking in the system for smithproxy use. Usage:

sx_network start|stop [tenantid]

If smithproxy is configured for multiple tenants, you need to specify tenant name as the last argument (it is not needed otherwise).

Networking setup is configurable in the /etc/smithproxy/smithproxy.startup.cfg file. It controls which traffic is diverted to smithproxy and which interfaces it is related to.

There are many options, but let's highlight some:

  • SMITH_INTERFACE='-' Special value - - apply divert rules to all interfaces without default route Special value * - apply divert rules to all interfaces in the system Any other string value means interface name.


Inspect all TCP traffic

sx_passwd command

This command checks or changes user password. Users are stored in separate /etc/smithproxy/users.cfg file. User secrets are salted and encrypted by /etc/smithproxy/users.key (128 byte key). Obviously, if you change it, all secrets are lost.

If you want use smithproxy with authentication in serious way, you will probably want to generate new key file and not use default pre-installed one.

If used with --check argument, sx_passwd process will return 0 if password check was ok, or 1 otherwise.

Usage examples:

# change password for user 'abc' (with password prompt)
sx_passwd --user abc             

# change password for user 'abc' to MySecretPass
sx_passwd --user abc --password MySecretPass 

# check user 'abc' password

sx_download_ctlog command

To technically allow outbound TLS connections certificate transparency checks (which are enabled by default), you need to download CT keys log.
sx_download_ctlog will download ready-made log prepared in download site. Downloaded CT log is stored in /etc/smithproxy/ct_log_list.cnf file.

smithd command

This deamon is query server ready for future use. It's not an active component currently.