ssh wrappers like teleport's tsh do not correctly interpret the
double dash as an argument delimiter and will not work properly
with sshuttle. This PR adds a new command line switch to handle
these cases by not adding the delimiter.
Fixes#599
This fixes#909 and is an alternative to the #922 pull request. When
sudo's use_pty is used with sshuttle, it causes issues with the
terminal. Pull request #712 contains some fixes for this problem.
However, when sshuttle is run with the --daemon option, it left the
user's terminal in a non-sane state. The problem appears to be related
to a socketpair that the firewall uses for communication. By setting
it up slightly differently (see changes to client.py and firewall.py),
the terminal state is no longer disrupted. This commit also changes
line endings of the printed messages from \r\n to \n. This undoes a
change introduced by pull request #712 and is no longer needed.
When we use sudo and start the firewall process, we should be able to
read standard in and find the string "READY". However, some
administrators use a wrapper around sudo to print warning messages
(instead of sudo's lecture feature) to standard out. This commit reads
up to 100 lines looking for "READY" instead of expecting it on the
first line.
I believe this should fix issue #916.
Having --dst-type LOCAL rules before DNS ones forces the usage of a
dnsmasq-like program to retrigger DNS requests directed locally
because they are fast-tracked through the firewall and ignored by
sshuttle.
As dns options documentation state that they capture the requests no
matter the server, and other methods and older versions behave
consistently, change the iptables rules to apply DNS ones first.