sshuttle

mirror of https://github.com/sshuttle/sshuttle.git synced 2025-05-29 14:23:58 +02:00

Go to file

Steven McDonald f528bb9846 Add --no-sudo-pythonpath option

This provides a way to avoid setting PYTHONPATH when invoking the
privileged part of sshuttle with sudo. This is useful if running
sshuttle as a PEX archive, as Telepresence does, as it enables
sshuttle's sudo access to be securely locked down.

PEX archives will extract themselves into the invoking user's home
directory, which means that the invoking user has full control over
the code in them. This makes restricting sudo access with
PYTHONPATH set completely pointless in this scenario -- an attacker
could put any code into ~/.pex and gain full root access anyway.

On the other hand, if sshuttle is a PEX archive, the privileged
invocation will simply extract itself into /root/.pex anyway, so
there is no need to set PYTHONPATH in this case.

2018-09-21 18:48:31 +02:00

docs

works on ChromeOS with Crostini VM (#262 )

2018-08-25 10:30:45 +10:00

sshuttle

Add --no-sudo-pythonpath option

2018-09-21 18:48:31 +02:00

.gitignore

Add entries to .gitignore

2018-03-16 18:10:09 +11:00

.prospector.yml

Fixes some style issues and minor bugs

2017-11-13 11:58:43 +11:00

.travis.yml

Remove Python 2.6 from automatic tests

2018-03-16 18:34:15 +11:00

bandit.yml

Use more standard filename and format for bandit conifguration

2017-11-13 11:58:43 +11:00

CHANGES.rst

Prepare for 0.78.4

2018-04-02 14:52:22 +10:00

conftest.py

Backward compatibility with Python 2.4 (server)

2016-04-03 13:14:02 +10:00

LICENSE

Fix LGPL2 license.

2016-03-07 10:03:22 +11:00

MANIFEST.in

Fix error in requirements.rst

2017-07-09 09:08:48 +10:00

README.rst

Update README.rst

2018-06-22 16:02:11 +10:00

requirements-tests.txt

Various updates to tests

2018-03-16 18:27:50 +11:00

requirements.txt

Pin version in requirements.txt

2017-07-09 09:08:48 +10:00

run

turn off debugging

2017-10-23 06:58:21 +11:00

setup.cfg

Update setup.cfg

2017-07-09 09:08:48 +10:00

setup.py

Remove trailing whitespace

2017-11-16 18:06:33 +11:00

tox.ini

Remove Python 2.6 from automatic tests

2018-03-16 18:34:15 +11:00

README.rst

sshuttle: where transparent proxy meets VPN meets ssh
=====================================================

As far as I know, sshuttle is the only program that solves the following
common case:

- Your client machine (or router) is Linux, FreeBSD, or MacOS.

- You have access to a remote network via ssh.

- You don't necessarily have admin access on the remote network.

- The remote network has no VPN, or only stupid/complex VPN
  protocols (IPsec, PPTP, etc). Or maybe you *are* the
  admin and you just got frustrated with the awful state of
  VPN tools.

- You don't want to create an ssh port forward for every
  single host/port on the remote network.

- You hate openssh's port forwarding because it's randomly
  slow and/or stupid.

- You can't use openssh's PermitTunnel feature because
  it's disabled by default on openssh servers; plus it does
  TCP-over-TCP, which has terrible performance (see below).


Obtaining sshuttle
------------------

- Debian stretch or later::

      apt-get install sshuttle

- From PyPI::

      sudo pip install sshuttle

- Clone::

      git clone https://github.com/sshuttle/sshuttle.git
      cd sshuttle
      sudo ./setup.py install

It is also possible to install into a virtualenv as a non-root user.

- From PyPI::

      virtualenv -p python3 /tmp/sshuttle
      . /tmp/sshuttle/bin/activate
      pip install sshuttle

- Clone::

      virtualenv -p python3 /tmp/sshuttle
      . /tmp/sshuttle/bin/activate
      git clone https://github.com/sshuttle/sshuttle.git
      cd sshuttle
      ./setup.py install

- Homebrew::

      brew install sshuttle


Documentation
-------------
The documentation for the stable version is available at:
https://sshuttle.readthedocs.org/

The documentation for the latest development version is available at:
https://sshuttle.readthedocs.org/en/latest/