diff options
author | Avery Pennarun <apenwarr@gmail.com> | 2010-11-08 23:27:02 -0800 |
---|---|---|
committer | Avery Pennarun <apenwarr@gmail.com> | 2010-11-08 23:35:16 -0800 |
commit | bcf189230579f62afd5f826a32b938e28bf047d6 (patch) | |
tree | cf71b646c82f3241e1a4effe15f9a87e9fe7212f | |
parent | fe742c928d3a134aab9ced7fa316b04b9bbfbf3f (diff) |
Make password prompting more clear.
Based on suggestions by Jason Grossman and Ed Maste on the mailing list.
We now add a [local su] prefix to the 'su' password prompt (by cheating and
printing it before calling su), and we replace the 'sudo' password prompt
with '[local sudo] Password: ' (by using the little-known and
hopefully-portable -p option).
We no longer call sudo or su if the uid is already 0; otherwise the prefix
on the 'su' prompt would look weird, since su wouldn't ask for a password in
that case.
We don't add a prefix to the ssh password prompt, because it's too hard to
tell if there will *be* an ssh password prompt. But people will probably
assume that the password request is for the server anyway; few people are
likely to think that 'sshuttle -r myhost.com' is going to prompt for the
*local* password.
Of course none of this is a problem on a modern OS, like Debian, that would
say something like "Password for apenwarr@myhost.com:" instead of just
"Password:". MacOS doesn't do that, however, so I assume many other OSes
also don't. Let's try to help them out.
-rw-r--r-- | README.md | 8 | ||||
-rw-r--r-- | client.py | 6 |
2 files changed, 12 insertions, 2 deletions
@@ -54,8 +54,14 @@ This is how you use it: - <tt>./sshuttle -r username@sshserver 0.0.0.0/0 -vv</tt> +(You may be prompted for one or more passwords; first, the +local password to become root using either sudo or su, and +then the remote ssh password. Or you might have sudo and ssh set +up to not require passwords, in which case you won't be +prompted at all.) + That's it! Now your local machine can access the remote network as if you -were right there! And if your "client" machine is a router, everyone on +were right there. And if your "client" machine is a router, everyone on your local network can make connections to your remote network. You don't need to install sshuttle on the remote server; @@ -31,7 +31,7 @@ class FirewallClient: ['-v'] * (helpers.verbose or 0) + ['--firewall', str(port)]) argv_tries = [ - ['sudo'] + argvbase, + ['sudo', '-p', '[local sudo] Password: '] + argvbase, ['su', '-c', ' '.join(argvbase)], argvbase ] @@ -45,8 +45,12 @@ class FirewallClient: # run in the child process s2.close() e = None + if os.getuid() == 0: + argv_tries = argv_tries[-1:] # last entry only for argv in argv_tries: try: + if argv[0] == 'su': + sys.stderr.write('[local su] ') self.p = ssubprocess.Popen(argv, stdout=s1, preexec_fn=setup) e = None break |