Merge pull request #682 from a1346054/fixes

Simple maintenance improvements
This commit is contained in:
Brian May 2021-09-23 08:49:18 +10:00 committed by GitHub
commit 9399cf10f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 30 additions and 34 deletions

View File

@ -133,7 +133,7 @@ Fixed
Added Added
~~~~~ ~~~~~
* doas support as replacmeent for sudo on OpenBSD. * doas support as replacement for sudo on OpenBSD.
* Added ChromeOS section to documentation (#262) * Added ChromeOS section to documentation (#262)
* Add --no-sudo-pythonpath option * Add --no-sudo-pythonpath option

View File

@ -24,7 +24,7 @@ common case:
- You can't use openssh's PermitTunnel feature because - You can't use openssh's PermitTunnel feature because
it's disabled by default on openssh servers; plus it does it's disabled by default on openssh servers; plus it does
TCP-over-TCP, which has `terrible performance`_. TCP-over-TCP, which has `terrible performance`_.
.. _terrible performance: https://sshuttle.readthedocs.io/en/stable/how-it-works.html .. _terrible performance: https://sshuttle.readthedocs.io/en/stable/how-it-works.html
Obtaining sshuttle Obtaining sshuttle
@ -37,7 +37,7 @@ Obtaining sshuttle
- Debian stretch or later:: - Debian stretch or later::
apt-get install sshuttle apt-get install sshuttle
- Arch Linux:: - Arch Linux::
pacman -S sshuttle pacman -S sshuttle
@ -45,13 +45,13 @@ Obtaining sshuttle
- Fedora:: - Fedora::
dnf install sshuttle dnf install sshuttle
- openSUSE:: - openSUSE::
zypper in sshuttle zypper in sshuttle
- Gentoo:: - Gentoo::
emerge -av net-proxy/sshuttle emerge -av net-proxy/sshuttle
- NixOS:: - NixOS::
@ -116,5 +116,5 @@ https://sshuttle.readthedocs.org/en/latest/
Running as a service Running as a service
-------------------- --------------------
Sshuttle can also be run as a service and configured using a config management system: Sshuttle can also be run as a service and configured using a config management system:
https://medium.com/@mike.reider/using-sshuttle-as-a-service-bec2684a65fe https://medium.com/@mike.reider/using-sshuttle-as-a-service-bec2684a65fe

View File

@ -9,4 +9,3 @@ stretch/Debian 9 VM, you can then install sshuttle as on any Linux box and
it just works, as do xterms and ssvncviewer etc. it just works, as do xterms and ssvncviewer etc.
https://www.reddit.com/r/Crostini/wiki/getstarted/crostini-setup-guide https://www.reddit.com/r/Crostini/wiki/getstarted/crostini-setup-guide

View File

@ -34,4 +34,3 @@ sshuttle assembles the TCP stream locally, multiplexes it statefully over
an ssh session, and disassembles it back into packets at the other end. So an ssh session, and disassembles it back into packets at the other end. So
it never ends up doing TCP-over-TCP. It's just data-over-TCP, which is it never ends up doing TCP-over-TCP. It's just data-over-TCP, which is
safe. safe.

View File

@ -26,4 +26,3 @@ Indices and tables
* :ref:`genindex` * :ref:`genindex`
* :ref:`search` * :ref:`search`

View File

@ -5,7 +5,7 @@ Installation
pip install sshuttle pip install sshuttle
- Debain package manager:: - Debian package manager::
sudo apt install sshuttle sudo apt install sshuttle

View File

@ -344,7 +344,7 @@ information::
$ sshuttle -r example.com -x example.com:22 0/0 $ sshuttle -r example.com -x example.com:22 0/0
Starting sshuttle proxy (version ...). Starting sshuttle proxy (version ...).
[local sudo] Password: [local sudo] Password:
fw: Starting firewall with Python version 3.9.5 fw: Starting firewall with Python version 3.9.5
fw: ready method name nat. fw: ready method name nat.
c : IPv6 disabled since it isn't supported by method nat. c : IPv6 disabled since it isn't supported by method nat.
@ -362,7 +362,7 @@ information::
c : TCP redirector listening on ('127.0.0.1', 12299). c : TCP redirector listening on ('127.0.0.1', 12299).
c : Starting client with Python version 3.9.5 c : Starting client with Python version 3.9.5
c : Connecting to server... c : Connecting to server...
user@example.com's password: user@example.com's password:
s: Starting server with Python version 3.6.8 s: Starting server with Python version 3.6.8
s: latency control setting = True s: latency control setting = True
s: auto-nets:False s: auto-nets:False
@ -383,7 +383,7 @@ and subnet guessing::
$ sshuttle -vNHr example.com -x example.com:22 $ sshuttle -vNHr example.com -x example.com:22
Starting sshuttle proxy (version ...). Starting sshuttle proxy (version ...).
[local sudo] Password: [local sudo] Password:
fw: Starting firewall with Python version 3.9.5 fw: Starting firewall with Python version 3.9.5
fw: ready method name nat. fw: ready method name nat.
c : IPv6 disabled since it isn't supported by method nat. c : IPv6 disabled since it isn't supported by method nat.
@ -401,7 +401,7 @@ and subnet guessing::
c : TCP redirector listening on ('127.0.0.1', 12300). c : TCP redirector listening on ('127.0.0.1', 12300).
c : Starting client with Python version 3.9.5 c : Starting client with Python version 3.9.5
c : Connecting to server... c : Connecting to server...
user@example.com's password: user@example.com's password:
s: Starting server with Python version 3.6.8 s: Starting server with Python version 3.6.8
s: latency control setting = True s: latency control setting = True
s: auto-nets:True s: auto-nets:True

View File

@ -81,7 +81,7 @@ Additional Suggested Software
- If you are using systemd, sshuttle can notify it when the connection to - If you are using systemd, sshuttle can notify it when the connection to
the remote end is established and the firewall rules are installed. For the remote end is established and the firewall rules are installed. For
this feature to work you must configure the process start-up type for the this feature to work you must configure the process start-up type for the
sshuttle service unit to notify, as shown in the example below. sshuttle service unit to notify, as shown in the example below.
.. code-block:: ini .. code-block:: ini
:emphasize-lines: 6 :emphasize-lines: 6
@ -89,10 +89,10 @@ Additional Suggested Software
[Unit] [Unit]
Description=sshuttle Description=sshuttle
After=network.target After=network.target
[Service] [Service]
Type=notify Type=notify
ExecStart=/usr/bin/sshuttle --dns --remote <user>@<server> <subnets...> ExecStart=/usr/bin/sshuttle --dns --remote <user>@<server> <subnets...>
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -11,7 +11,7 @@ There are some things you need to consider for TPROXY to work:
ip rule add fwmark {TMARK} lookup 100 ip rule add fwmark {TMARK} lookup 100
ip -6 route add local default dev lo table 100 ip -6 route add local default dev lo table 100
ip -6 rule add fwmark {TMARK} lookup 100 ip -6 rule add fwmark {TMARK} lookup 100
where {TMARK} is the identifier mark passed with -t or --tmark flag where {TMARK} is the identifier mark passed with -t or --tmark flag
as a hexadecimal string (default value is '0x01'). as a hexadecimal string (default value is '0x01').
@ -20,7 +20,7 @@ There are some things you need to consider for TPROXY to work:
- The client needs to be run as root. e.g.:: - The client needs to be run as root. e.g.::
sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy ... sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy ...
- You may need to exclude the IP address of the server you are connecting to. - You may need to exclude the IP address of the server you are connecting to.
Otherwise sshuttle may attempt to intercept the ssh packets, which will not Otherwise sshuttle may attempt to intercept the ssh packets, which will not

View File

@ -33,4 +33,3 @@ That project I did for Slipstream was what first gave me the idea to merge
the concepts of Fast Forward, Double Vision, and Tunnel Vision into a single the concepts of Fast Forward, Double Vision, and Tunnel Vision into a single
program that was the best of all worlds. And here we are, at last. program that was the best of all worlds. And here we are, at last.
You're welcome. You're welcome.

View File

@ -51,7 +51,7 @@ were right there. And if your "client" machine is a router, everyone on
your local network can make connections to your remote network. your local network can make connections to your remote network.
You don't need to install sshuttle on the remote server; You don't need to install sshuttle on the remote server;
the remote server just needs to have python available. the remote server just needs to have python available.
sshuttle will automatically upload and run its source code sshuttle will automatically upload and run its source code
to the remote python interpreter. to the remote python interpreter.
@ -71,7 +71,7 @@ admin access on the server.
Sudoers File Sudoers File
------------ ------------
sshuttle can auto-generate the proper sudoers.d file using the current user sshuttle can auto-generate the proper sudoers.d file using the current user
for Linux and OSX. Doing this will allow sshuttle to run without asking for for Linux and OSX. Doing this will allow sshuttle to run without asking for
the local sudo password and to give users who do not have sudo access the local sudo password and to give users who do not have sudo access
ability to run sshuttle:: ability to run sshuttle::
@ -83,7 +83,7 @@ it is needed.
A costume user or group can be set with the : A costume user or group can be set with the :
option:`sshuttle --sudoers --sudoers-username {user_descriptor}` option. Valid option:`sshuttle --sudoers --sudoers-username {user_descriptor}` option. Valid
values for this vary based on how your system is configured. Values such as values for this vary based on how your system is configured. Values such as
usernames, groups pre-pended with `%` and sudoers user aliases will work. See usernames, groups pre-pended with `%` and sudoers user aliases will work. See
the sudoers manual for more information on valid user specif actions. the sudoers manual for more information on valid user specif actions.
The options must be used with `--sudoers`:: The options must be used with `--sudoers`::
@ -99,7 +99,7 @@ access to sshuttle. The default is `sshuttle_auto`::
sshuttle --sudoer --sudoers-filename sshuttle_auto_tommy sshuttle --sudoer --sudoers-filename sshuttle_auto_tommy
You can also see what configuration will be added to your system without You can also see what configuration will be added to your system without
modifying anything. This can be helpfull is the auto feature does not work, or modifying anything. This can be helpful if the auto feature does not work, or
you want more control. This option also works with `--sudoers-username`. you want more control. This option also works with `--sudoers-username`.
`--sudoers-filename` has no effect with this option:: `--sudoers-filename` has no effect with this option::

View File

@ -16,4 +16,4 @@ Assuming the VM has the IP 192.168.1.200 obtained on the bridge NIC (we can
configure that in Vagrant), we can then ask Windows to route all its traffic configure that in Vagrant), we can then ask Windows to route all its traffic
via the VM by running the following in cmd.exe with admin right:: via the VM by running the following in cmd.exe with admin right::
route add 0.0.0.0 mask 0.0.0.0 192.168.1.200 route add 0.0.0.0 mask 0.0.0.0 192.168.1.200

4
run
View File

@ -1,7 +1,7 @@
#!/usr/bin/env sh #!/usr/bin/env sh
set -e set -e
export PYTHONPATH="$(dirname $0):$PYTHONPATH" export PYTHONPATH="$(dirname "$0"):$PYTHONPATH"
export PATH="$(dirname $0)/bin:$PATH" export PATH="$(dirname "$0")/bin:$PATH"
python_best_version() { python_best_version() {
if [ -x "$(command -v python3)" ] && if [ -x "$(command -v python3)" ] &&

View File

@ -164,7 +164,7 @@ class MultiListener:
try: try:
self.v4.listen(backlog) self.v4.listen(backlog)
except socket.error as e: except socket.error as e:
# on some systems v4 bind will fail if the v6 suceeded, # on some systems v4 bind will fail if the v6 succeeded,
# in this case the v6 socket will receive v4 too. # in this case the v6 socket will receive v4 too.
if e.errno == errno.EADDRINUSE and self.v6: if e.errno == errno.EADDRINUSE and self.v6:
self.v4 = None self.v4 = None

View File

@ -126,7 +126,7 @@ def flush_systemd_dns_cache():
# #
# This code is supposed to clean up after itself by deleting its rules on # This code is supposed to clean up after itself by deleting its rules on
# exit. In case that fails, it's not the end of the world; future runs will # exit. In case that fails, it's not the end of the world; future runs will
# supercede it in the transproxy list, at least, so the leftover rules # supersede it in the transproxy list, at least, so the leftover rules
# are hopefully harmless. # are hopefully harmless.
def main(method_name, syslog): def main(method_name, syslog):
helpers.logprefix = 'fw: ' helpers.logprefix = 'fw: '

View File

@ -273,7 +273,7 @@ class OpenBsd(Generic):
def add_anchors(self, anchor): def add_anchors(self, anchor):
# before adding anchors and rules we must override the skip lo # before adding anchors and rules we must override the skip lo
# that comes by default in openbsd pf.conf so the rules we will add, # that comes by default in openbsd pf.conf so the rules we will add,
# which rely on translating/filtering packets on lo, can work # which rely on translating/filtering packets on lo, can work
if self.has_skip_loopback(): if self.has_skip_loopback():
pfctl('-f /dev/stdin', b'match on lo\n') pfctl('-f /dev/stdin', b'match on lo\n')
super(OpenBsd, self).add_anchors(anchor) super(OpenBsd, self).add_anchors(anchor)
@ -353,7 +353,7 @@ class Darwin(FreeBsd):
def add_anchors(self, anchor): def add_anchors(self, anchor):
# before adding anchors and rules we must override the skip lo # before adding anchors and rules we must override the skip lo
# that in some cases ends up in the chain so the rules we will add, # that in some cases ends up in the chain so the rules we will add,
# which rely on translating/filtering packets on lo, can work # which rely on translating/filtering packets on lo, can work
if self.has_skip_loopback(): if self.has_skip_loopback():
pfctl('-f /dev/stdin', b'pass on lo\n') pfctl('-f /dev/stdin', b'pass on lo\n')
super(Darwin, self).add_anchors(anchor) super(Darwin, self).add_anchors(anchor)

View File

@ -61,11 +61,11 @@ def parse_hostport(rhostport):
if ":" in host: if ":" in host:
# IPv6 address and/or got a port specified # IPv6 address and/or got a port specified
# If it is an IPv6 adress with port specification, # If it is an IPv6 address with port specification,
# then it will look like: [::1]:22 # then it will look like: [::1]:22
try: try:
# try to parse host as an IP adress, # try to parse host as an IP address,
# if that works it is an IPv6 address # if that works it is an IPv6 address
host = str(ipaddress.ip_address(host)) host = str(ipaddress.ip_address(host))
except ValueError: except ValueError:
@ -150,7 +150,7 @@ def connect(ssh_cmd, rhostport, python, stderr, options):
# return error code 127. # return error code 127.
# #
# (2) python3 or python exists in the PATH and is # (2) python3 or python exists in the PATH and is
# executable. If they aren't, then exec wont work (see (4) # executable. If they aren't, then exec won't work (see (4)
# below). # below).
# #
# (3) In /bin/sh, that we can redirect stderr in order to # (3) In /bin/sh, that we can redirect stderr in order to