From bcf189230579f62afd5f826a32b938e28bf047d6 Mon Sep 17 00:00:00 2001 From: Avery Pennarun Date: Mon, 8 Nov 2010 23:27:02 -0800 Subject: [PATCH] Make password prompting more clear. Based on suggestions by Jason Grossman and Ed Maste on the mailing list. We now add a [local su] prefix to the 'su' password prompt (by cheating and printing it before calling su), and we replace the 'sudo' password prompt with '[local sudo] Password: ' (by using the little-known and hopefully-portable -p option). We no longer call sudo or su if the uid is already 0; otherwise the prefix on the 'su' prompt would look weird, since su wouldn't ask for a password in that case. We don't add a prefix to the ssh password prompt, because it's too hard to tell if there will *be* an ssh password prompt. But people will probably assume that the password request is for the server anyway; few people are likely to think that 'sshuttle -r myhost.com' is going to prompt for the *local* password. Of course none of this is a problem on a modern OS, like Debian, that would say something like "Password for apenwarr@myhost.com:" instead of just "Password:". MacOS doesn't do that, however, so I assume many other OSes also don't. Let's try to help them out. --- README.md | 8 +++++++- client.py | 6 +++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4038945..6762f72 100644 --- a/README.md +++ b/README.md @@ -54,8 +54,14 @@ This is how you use it: - ./sshuttle -r username@sshserver 0.0.0.0/0 -vv +(You may be prompted for one or more passwords; first, the +local password to become root using either sudo or su, and +then the remote ssh password. Or you might have sudo and ssh set +up to not require passwords, in which case you won't be +prompted at all.) + That's it! Now your local machine can access the remote network as if you -were right there! And if your "client" machine is a router, everyone on +were right there. And if your "client" machine is a router, everyone on your local network can make connections to your remote network. You don't need to install sshuttle on the remote server; diff --git a/client.py b/client.py index 4d657dd..64a0f52 100644 --- a/client.py +++ b/client.py @@ -31,7 +31,7 @@ class FirewallClient: ['-v'] * (helpers.verbose or 0) + ['--firewall', str(port)]) argv_tries = [ - ['sudo'] + argvbase, + ['sudo', '-p', '[local sudo] Password: '] + argvbase, ['su', '-c', ' '.join(argvbase)], argvbase ] @@ -45,8 +45,12 @@ class FirewallClient: # run in the child process s2.close() e = None + if os.getuid() == 0: + argv_tries = argv_tries[-1:] # last entry only for argv in argv_tries: try: + if argv[0] == 'su': + sys.stderr.write('[local su] ') self.p = ssubprocess.Popen(argv, stdout=s1, preexec_fn=setup) e = None break