search

sshuttle / sshuttle

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
GNU Lesser General Public License v2.1
11.78k stars 732 forks source link

Usernames with colons are wrongly parsed #994

Open Eldorico opened 2 months ago

Eldorico commented 2 months ago

Hello,

When I use a username with colon like 'proxyuser:target' the username is converted to proxyuser, preventing me to connect to the proxy. 

# sshuttle -r proxyuser:target@10.4.42.52:2222 10.254.0.0/24 -vv
Starting sshuttle proxy (version 1.2.0).
c : Starting firewall manager with command: ['/usr/local/bin/sshuttle', '-v', '-v', '--method', 'auto', '--firewall']
fw: Starting firewall with Python version 3.9.2
fw: which() found 'iptables' at /usr/sbin/iptables
fw: which() found 'iptables' at /usr/sbin/iptables
fw: ready method name nat.
c : Using default IPv4 listen address 127.0.0.1
c : IPv6 enabled: Using default IPv6 listen address ::1
c : Method: nat
c : IPv4: on
c : IPv6: on
c : UDP : off (not available with nat method)
c : DNS : off (available)
c : User: off (available)
c : Subnets to forward through remote host (type, IP, cidr mask width, startPort, endPort):
c :   (<AddressFamily.AF_INET: 2>, '10.254.0.0', 24, 0, 0)
c : Subnets to exclude from forwarding:
c :   (<AddressFamily.AF_INET: 2>, '127.0.0.1', 32, 0, 0)
c :   (<AddressFamily.AF_INET6: 10>, '::1', 128, 0, 0)
c : Trying to bind redirector on port 12300
c : TCP redirector listening on ('::1', 12300, 0, 0).
c : TCP redirector listening with <socket.socket fd=5, family=AddressFamily.AF_INET6, type=SocketKind.SOCK_STREAM, proto=0, laddr=('::1', 12300, 0, 0)>.
c : TCP redirector listening on ('127.0.0.1', 12300).
c : TCP redirector listening with <socket.socket fd=7, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>.
c : Starting client with Python version 3.9.2
c : Connecting to server...
c : which() found 'sshpass' at /usr/bin/sshpass
c : executing: ['/usr/bin/sshpass', '-e', 'ssh', '-p', '2222', 'proxyuser@10.4.42.52', '--', '/bin/sh -c \'P=python3; $P -V 2>/dev/null || P=python; exec "$P" -c \'"\'"\'import sys, os; verbosity=2; stdin = os.fdopen(0, \'"\'"\'"\'"\'"\'"\'"\'"\'rb\'"\'"\'"\'"\'"\'"\'"\'"\'); exec(compile(stdin.read(1785), \'"\'"\'"\'"\'"\'"\'"\'"\'assembler.py\'"\'"\'"\'"\'"\'"\'"\'"\', \'"\'"\'"\'"\'"\'"\'"\'"\'exec\'"\'"\'"\'"\'"\'"\'"\'"\')); sys.exit(98);\'"\'"\'; exit 97\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
proxyuser@10.4.42.52: Permission denied (publickey,keyboard-interactive).
c : fatal: failed to establish ssh session (2)

The ssh command should be ssh -p 2222 proxyuser:target@10.4.42.52 instead of ssh -p 2222 proxyuser@10.4.42.52

Is it possible to fix this? How could I help?

Thank you very much!

Eldorico commented 2 months ago

The workaround I found is using the ssh variables: 

sshuttle -e 'ssh -o User=proxyuser:target'  -r 10.4.42.52:2222 10.254.0.0/24 -vv