Bash, Applescript, and Sshuttle (Python): Creating a multi-jump into the multiverse...

Basically, I work through VPN's most of my existence.  The problem lies when I have to switch to different VPN's it disrupts my communications w/ other tools that only exist in one VPN, but not the other.  There does appear to be tools around some of these things, but I wanted something quick and dirty.  AND DIRTY it is.  This enables me to stay connected to the main VPN and cheat by sshuttle'ing through systems of access temporarily.

I'm using MACOS and to launch a terminal in a new window turned me on to AppleScript.  I wanted to pass two variables.
1st was basically an identifier for the end system I wanted to shuttle my traffic through.
2nd was to pass a password variable to any system inbetween that was not setup w/ my SSH public key.

So I made a bash function, to call applescript to open my terminals to run what is effectively a python binary.  It works, but has several prerequisites for it to run smoothly.  The nice thing about this script, it demonstrates the utility of a bash function and how you can make use of AppleScript.

Would any sane person need this?  Probably not, but who am I to judge.

  1. sshuttle
  2. visudo modifications (optional), but useful.
    1. Cmnd_Alias for sshuttle so you can define a NOPASSWD sudo'er for sshuttle ONLY
    2. This is super important, because you don't want to enable NOPASSWD for all applications.  Although I don't know why I stress this point since I'm probably breaking so many security rules as it is.  Oh well.
    3. Cmnd_Alias SSHUTTLE = /usr/bin/env PYTHONPATH=/usr/local/Cellar/sshuttle/0.78.5/libexec/lib/python3.7/site-packages /usr/local/Cellar/sshuttle/0.78.5/libexec/bin/python3.7 /usr/local/bin/sshuttle --method auto --firewall
    4. yourUsername ALL=(root) NOPASSWD: SSHUTTLE
  3. SSHHostKeyChecking (Optional) disable
    1. I'm going to change this later, but as a quick and dirty, I'm basically saying I don't care about security because I KNOW the endpoints I'm connecting to.  Need to make it a bit more strict, but the goal is to skip the "yes" I accept the host key automatically.
    2. ~/.ssh/config
      1. Host *
           StrictHostKeyChecking no
Simple Diagram Example:
Effectively there is either no route or firewall preventing access to the networks I need to get to.  This diagram basically demonstrates how I can use shuttle to proxy my mac to the networks I need.



Kahy said…
Are you doing the visudo modifications on your local box or the box you are ssh'ing into?

Great script - working on something similar

Popular posts from this blog

NSX-T: vCenter and NSX-T Inventory out of Sync (Hosts in vSphere not showing up in NSX-T)

NSX-T: Release associated invalid node ID from certificate

MacOS: AnyConnect VPN client was unable to successfully verify the IP forwarding table modifications.