diff --git a/README.rst b/README.rst index 00f029e..05ec055 100644 --- a/README.rst +++ b/README.rst @@ -24,7 +24,7 @@ common case: - You can't use openssh's PermitTunnel feature because it's disabled by default on openssh servers; plus it does TCP-over-TCP, which has `terrible performance`_. - + .. _terrible performance: https://sshuttle.readthedocs.io/en/stable/how-it-works.html Obtaining sshuttle @@ -37,7 +37,7 @@ Obtaining sshuttle - Debian stretch or later:: apt-get install sshuttle - + - Arch Linux:: pacman -S sshuttle @@ -45,13 +45,13 @@ Obtaining sshuttle - Fedora:: dnf install sshuttle - + - openSUSE:: zypper in sshuttle - Gentoo:: - + emerge -av net-proxy/sshuttle - NixOS:: @@ -116,5 +116,5 @@ https://sshuttle.readthedocs.org/en/latest/ Running as a service -------------------- -Sshuttle can also be run as a service and configured using a config management system: +Sshuttle can also be run as a service and configured using a config management system: https://medium.com/@mike.reider/using-sshuttle-as-a-service-bec2684a65fe diff --git a/docs/chromeos.rst b/docs/chromeos.rst index fd879fa..34136e3 100644 --- a/docs/chromeos.rst +++ b/docs/chromeos.rst @@ -9,4 +9,3 @@ stretch/Debian 9 VM, you can then install sshuttle as on any Linux box and it just works, as do xterms and ssvncviewer etc. https://www.reddit.com/r/Crostini/wiki/getstarted/crostini-setup-guide - diff --git a/docs/how-it-works.rst b/docs/how-it-works.rst index 7f6cad9..b25edf9 100644 --- a/docs/how-it-works.rst +++ b/docs/how-it-works.rst @@ -34,4 +34,3 @@ sshuttle assembles the TCP stream locally, multiplexes it statefully over an ssh session, and disassembles it back into packets at the other end. So it never ends up doing TCP-over-TCP. It's just data-over-TCP, which is safe. - diff --git a/docs/index.rst b/docs/index.rst index 1603429..983f0d7 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -26,4 +26,3 @@ Indices and tables * :ref:`genindex` * :ref:`search` - diff --git a/docs/manpage.rst b/docs/manpage.rst index cffeefd..39e166b 100644 --- a/docs/manpage.rst +++ b/docs/manpage.rst @@ -344,7 +344,7 @@ information:: $ sshuttle -r example.com -x example.com:22 0/0 Starting sshuttle proxy (version ...). - [local sudo] Password: + [local sudo] Password: fw: Starting firewall with Python version 3.9.5 fw: ready method name nat. c : IPv6 disabled since it isn't supported by method nat. @@ -362,7 +362,7 @@ information:: c : TCP redirector listening on ('127.0.0.1', 12299). c : Starting client with Python version 3.9.5 c : Connecting to server... - user@example.com's password: + user@example.com's password: s: Starting server with Python version 3.6.8 s: latency control setting = True s: auto-nets:False @@ -383,7 +383,7 @@ and subnet guessing:: $ sshuttle -vNHr example.com -x example.com:22 Starting sshuttle proxy (version ...). - [local sudo] Password: + [local sudo] Password: fw: Starting firewall with Python version 3.9.5 fw: ready method name nat. c : IPv6 disabled since it isn't supported by method nat. @@ -401,7 +401,7 @@ and subnet guessing:: c : TCP redirector listening on ('127.0.0.1', 12300). c : Starting client with Python version 3.9.5 c : Connecting to server... - user@example.com's password: + user@example.com's password: s: Starting server with Python version 3.6.8 s: latency control setting = True s: auto-nets:True diff --git a/docs/requirements.rst b/docs/requirements.rst index 08bed53..49a2865 100644 --- a/docs/requirements.rst +++ b/docs/requirements.rst @@ -81,7 +81,7 @@ Additional Suggested Software - If you are using systemd, sshuttle can notify it when the connection to the remote end is established and the firewall rules are installed. For this feature to work you must configure the process start-up type for the - sshuttle service unit to notify, as shown in the example below. + sshuttle service unit to notify, as shown in the example below. .. code-block:: ini :emphasize-lines: 6 @@ -89,10 +89,10 @@ Additional Suggested Software [Unit] Description=sshuttle After=network.target - + [Service] Type=notify ExecStart=/usr/bin/sshuttle --dns --remote @ - + [Install] WantedBy=multi-user.target diff --git a/docs/tproxy.rst b/docs/tproxy.rst index a805120..c47cf78 100644 --- a/docs/tproxy.rst +++ b/docs/tproxy.rst @@ -11,7 +11,7 @@ There are some things you need to consider for TPROXY to work: ip rule add fwmark {TMARK} lookup 100 ip -6 route add local default dev lo table 100 ip -6 rule add fwmark {TMARK} lookup 100 - + where {TMARK} is the identifier mark passed with -t or --tmark flag as a hexadecimal string (default value is '0x01'). @@ -20,7 +20,7 @@ There are some things you need to consider for TPROXY to work: - The client needs to be run as root. e.g.:: - sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy ... + sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy ... - You may need to exclude the IP address of the server you are connecting to. Otherwise sshuttle may attempt to intercept the ssh packets, which will not diff --git a/docs/trivia.rst b/docs/trivia.rst index dd20dfa..f8d7db5 100644 --- a/docs/trivia.rst +++ b/docs/trivia.rst @@ -33,4 +33,3 @@ That project I did for Slipstream was what first gave me the idea to merge the concepts of Fast Forward, Double Vision, and Tunnel Vision into a single program that was the best of all worlds. And here we are, at last. You're welcome. - diff --git a/docs/usage.rst b/docs/usage.rst index f7a2b85..bf1dfc2 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -51,7 +51,7 @@ were right there. And if your "client" machine is a router, everyone on your local network can make connections to your remote network. You don't need to install sshuttle on the remote server; -the remote server just needs to have python available. +the remote server just needs to have python available. sshuttle will automatically upload and run its source code to the remote python interpreter. @@ -71,7 +71,7 @@ admin access on the server. Sudoers File ------------ -sshuttle can auto-generate the proper sudoers.d file using the current user +sshuttle can auto-generate the proper sudoers.d file using the current user for Linux and OSX. Doing this will allow sshuttle to run without asking for the local sudo password and to give users who do not have sudo access ability to run sshuttle:: @@ -83,7 +83,7 @@ it is needed. A costume user or group can be set with the : option:`sshuttle --sudoers --sudoers-username {user_descriptor}` option. Valid -values for this vary based on how your system is configured. Values such as +values for this vary based on how your system is configured. Values such as usernames, groups pre-pended with `%` and sudoers user aliases will work. See the sudoers manual for more information on valid user specif actions. The options must be used with `--sudoers`:: diff --git a/docs/windows.rst b/docs/windows.rst index bd2f471..9103ec9 100644 --- a/docs/windows.rst +++ b/docs/windows.rst @@ -16,4 +16,4 @@ Assuming the VM has the IP 192.168.1.200 obtained on the bridge NIC (we can configure that in Vagrant), we can then ask Windows to route all its traffic via the VM by running the following in cmd.exe with admin right:: - route add 0.0.0.0 mask 0.0.0.0 192.168.1.200 + route add 0.0.0.0 mask 0.0.0.0 192.168.1.200 diff --git a/sshuttle/methods/pf.py b/sshuttle/methods/pf.py index c8fe3fd..ed56c51 100644 --- a/sshuttle/methods/pf.py +++ b/sshuttle/methods/pf.py @@ -273,7 +273,7 @@ class OpenBsd(Generic): def add_anchors(self, anchor): # before adding anchors and rules we must override the skip lo # that comes by default in openbsd pf.conf so the rules we will add, - # which rely on translating/filtering packets on lo, can work + # which rely on translating/filtering packets on lo, can work if self.has_skip_loopback(): pfctl('-f /dev/stdin', b'match on lo\n') super(OpenBsd, self).add_anchors(anchor) @@ -353,7 +353,7 @@ class Darwin(FreeBsd): def add_anchors(self, anchor): # before adding anchors and rules we must override the skip lo # that in some cases ends up in the chain so the rules we will add, - # which rely on translating/filtering packets on lo, can work + # which rely on translating/filtering packets on lo, can work if self.has_skip_loopback(): pfctl('-f /dev/stdin', b'pass on lo\n') super(Darwin, self).add_anchors(anchor)