Ubuntu
sshuttle package

sshuttle doesn't autodetect python3 instead of 'python'

Bug #1592853 reported by Eric Desrochers
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
sshuttle (Ubuntu)
Fix Released
Medium
Unassigned
Xenial
Fix Released
Medium
Dan Streetman
Bionic
Fix Released
Medium
Dan Streetman

Bug Description

[impact]

connecting with sshuttle to a remote system where the only version of python is python3 named 'python3' and no binary named 'python' fails

[test case]

from a x/b system, attempt to sshuttle to a remote system where only 'python3' exists, and no 'python' binary exists

[regression potential]

any regression would likely cause problems with the initial sshuttle connection; it's unlikely any issues would be caused after the connection is successfully established.

[scope]

this is needed only in x/b.

this appears to be fixed upstream with commit 9b7ce2811ec3ef35b9b7f7dfc157127bc46ece47 which is included starting in v0.78.4, so this fixed already in focal and later.

[original description]

sshuttle package implementation doesn't support Python 3.5 on remote host running Xenial and late from a machine <= Wily release.

This cause the connection to fail if the connection is negotiated from a Precise, Trusty or Wily machine and if the remote host is running Xenial (16.04).

Example took from "Wily" :

$ sshuttle -r <REMOTE_SERVER> <TARGET_REMOTE_SUBNET>/0 -vv

Starting sshuttle proxy.
UDP support requires tproxy; disabling UDP.
Binding redirector: 12300 12299
TCP redirector listening on ('127.0.0.1', 12299).
firewall manager ready method nat.
c : connecting to server...
c : executing: ['ssh', '<REMOTE_SERVER>', '--', 'P=python2; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; skip_imports=1; verbosity=2; exec compile(sys.stdin.read(770), "assembler.py", "exec")\'']
c : > channel=0 cmd=PING len=7 (fullness=0)

bash: line 0: exec: python: not found
Read line ""c : fatal: server died with error code 127

See original description
Eric Desrochers (slashd)
Changed in sshuttle (Ubuntu):
importance: Undecided → Low
description: updated
Revision history for this message
Eric Desrochers (slashd) wrote :

Xenial (16.04) by default comes only with python3 (Python 3.5) installed.

The workaround is to install python 2.7 on the remote host using Xenial.

$ sudo apt-get install python -y

and then sshuttle work just fine

description: updated
Eric Desrochers (slashd)
description: updated
Eric Desrochers (slashd)
description: updated
Eric Desrochers (slashd)
description: updated
Revision history for this message
Eric Desrochers (slashd) wrote :

Note that sshuttle package found on Xenial and late does support Python 3.5 as it include the following upstream commit --> ba1cf58 Add Python 3.5 support, that was first introduced upstream in branch : v0.73~32.

Eric

Revision history for this message
pbhj (pbhj) wrote :

I'm using 0.78.3-1 and had to just now pass --python=/usr/bin/python3 to get it to run on latest Ubuntu (17.10).

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in sshuttle (Ubuntu):
status: New → Confirmed
Revision history for this message
Jeff Lane  (bladernr) wrote :

Hit this on system running Bionic, while trying to connect to another Bionic system.

0.78.3-1ubuntu1

--python=/usr/bin/python3

A failing run looks like this:
bladernr@galactica:~$ sshuttle -r ubuntu@IPADDR:PORT -N -v
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.6.9
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: False
TCP redirector listening on ('127.0.0.1', 12300).
Starting client with Python version 3.6.9
c : connecting to server...
/bin/sh: 1: exec: python: not found
c : fatal: server died with error code 127

And a passing connection like this:
bladernr@galactica:~$ sshuttle -r ubuntu@IPADDRESS:PORT -N -v --python=/usr/bin/python3
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.6.9
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: False
TCP redirector listening on ('127.0.0.1', 12300).
Starting client with Python version 3.6.9
c : connecting to server...
Starting server with Python version 3.6.8
 s: latency control setting = True
 s: available routes:
 s: 2/ROUTEIPADDR/23
 s: 2/ROUTEIPADDR/24
 s: 2/ROUTEIPADDR/24
c : Connected.
firewall manager: setting up.
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.1/32 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest ROUTEIPADDR/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest ROUTEIPADDR/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest ROUTEIPADDR/23 -p tcp --to-ports 12300 -m ttl ! --ttl 42

Changed in sshuttle (Ubuntu):
importance: Low → Medium
Dan Streetman (ddstreet)
summary: - sshuttle doesn't support python 3.5
+ sshuttle doesn't autodetect python3 instead of 'python'
description: updated
Changed in sshuttle (Ubuntu Xenial):
status: New → In Progress
Changed in sshuttle (Ubuntu Bionic):
status: New → In Progress
Changed in sshuttle (Ubuntu Xenial):
importance: Undecided → Medium
Changed in sshuttle (Ubuntu Bionic):
importance: Undecided → Medium
Changed in sshuttle (Ubuntu Xenial):
assignee: nobody → Dan Streetman (ddstreet)
Changed in sshuttle (Ubuntu Bionic):
assignee: nobody → Dan Streetman (ddstreet)
Changed in sshuttle (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Chris Halse Rogers (raof) wrote : Please test proposed package

Hello Eric, or anyone else affected,

Accepted sshuttle into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sshuttle/0.78.3-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in sshuttle (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Changed in sshuttle (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed-xenial
Revision history for this message
Chris Halse Rogers (raof) wrote :

Hello Eric, or anyone else affected,

Accepted sshuttle into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sshuttle/0.76-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Dan Streetman (ddstreet) wrote :

unfortunately verification fails for x, so i opened bug 1897961

root@lp1896299-x:~# dpkg -l|grep sshuttle
ii sshuttle 0.76-1ubuntu1 all Transparent proxy server for VPN over SSH

root@lp1896299-x:~# sshuttle -r lp1896299-f.lxd 1.2.3.4/24
bash: line 0: exec: python: not found
client: fatal: server died with error code 127

root@lp1896299-x:~# dpkg -l|grep sshuttle
ii sshuttle 0.76-1ubuntu1.1 all Transparent proxy server for VPN over SSH

root@lp1896299-x:~# sshuttle -r lp1896299-f.lxd 1.2.3.4/24
Traceback (most recent call last):
  File "/usr/bin/sshuttle", line 9, in <module>
    load_entry_point('sshuttle==0.76', 'console_scripts', 'sshuttle')()
  File "/usr/lib/python3/dist-packages/sshuttle/cmdline.py", line 226, in main
    opt.daemon, opt.pidfile)
  File "/usr/lib/python3/dist-packages/sshuttle/client.py", line 701, in main
    seed_hosts, auto_nets, daemon)
  File "/usr/lib/python3/dist-packages/sshuttle/client.py", line 408, in _main
    options=dict(latency_control=latency_control))
  File "/usr/lib/python3/dist-packages/sshuttle/ssh.py", line 112, in connect
    "exec \"$P\" -c %s") % quote(pyscript)
NameError: name 'quote' is not defined

tags: added: verification-failed-xenial
removed: verification-needed-xenial
Revision history for this message
Dan Streetman (ddstreet) wrote :

root@lp1896299-b:~# dpkg -l|grep sshuttle
ii sshuttle 0.78.3-1ubuntu1 all Transparent proxy server for VPN over SSH
root@lp1896299-b:~# sshuttle -r lp1896299-f.lxd 1.2.3.4/24
The authenticity of host 'lp1896299-f.lxd (10.202.51.43)' can't be established.
ECDSA key fingerprint is SHA256:PydUWn39X3KKq0obuNhd7vf7oll1BehZGAPynxDNIdI.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'lp1896299-f.lxd,10.202.51.43' (ECDSA) to the list of known hosts.
/bin/sh: 1: exec: python: not found
client: fatal: server died with error code 127

root@lp1896299-b:~# dpkg -l|grep sshuttle
ii sshuttle 0.78.3-1ubuntu1.1 all Transparent proxy server for VPN over SSH
root@lp1896299-b:~# sshuttle -r lp1896299-f.lxd 1.2.3.4/24
assembler.py:3: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
client: Connected.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Dan Streetman (ddstreet) wrote :

The verification failure in Xenial is fixed by the version in the upload queue via bug 1897987 and bug 1897961

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Eric, or anyone else affected,

Accepted sshuttle into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sshuttle/0.76-1ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-needed-xenial
removed: verification-failed-xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sshuttle - 0.78.3-1ubuntu1.1

---------------
sshuttle (0.78.3-1ubuntu1.1) bionic; urgency=medium

  [ Dan Streetman ]
  * d/p/lp1592853-Use-versions-of-python3-greater-than-3.5-when-availa.patch:
    - detect if remote python is 'python' or 'python3' (LP: #1592853)
  * d/p/lp1873368/0001-Don-t-crash-if-we-can-t-look-up-peername.patch,
    d/p/lp1873368/0002-allow-Mux-flush-fill-to-work-with-python-3.5.patch,
    d/p/lp1873368/0003-Fix-python2-server-compatibility.patch,
    - fix interoperability with other releases py2/py3
      (same LP bug as below)

  [ Felipe Reyes ]
  * d/p/0001-compatibility-with-python38.patch:
    Backport patch to make sshuttle compatible
    with python-3.8. (LP: #1873368). Closes: #953621.

 -- Felipe Reyes <email address hidden> Sat, 19 Sep 2020 13:54:06 -0400

Changed in sshuttle (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for sshuttle has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Dan Streetman (ddstreet) wrote :

root@sshuttle-x:~# dpkg -l | grep sshuttle
ii sshuttle 0.76-1ubuntu1 all Transparent proxy server for VPN over SSH
root@sshuttle-x:~# sshuttle -r sshuttle-f.lxd 1.2.3.4/24
bash: line 0: exec: python: not found
client: fatal: server died with error code 127

root@sshuttle-x:~# dpkg -l | grep sshuttle
ii sshuttle 0.76-1ubuntu1.2 all Transparent proxy server for VPN over SSH
root@sshuttle-x:~# sshuttle -r sshuttle-f.lxd 1.2.3.4/24
assembler.py:3: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
client: Connected.

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sshuttle - 0.76-1ubuntu1.2

---------------
sshuttle (0.76-1ubuntu1.2) xenial; urgency=medium

  * d/p/lp1897987-Backward-compatibility-with-Python-2.4-server.patch:
    - Fix compatibility with remote py3.4 (LP: #1897987)
  * d/p/lp1897961-Fix-shell-quoting.patch:
    - Add missing import needed by previous commit backport
      (LP: #1897961)

sshuttle (0.76-1ubuntu1.1) xenial; urgency=medium

  [ Dan Streetman ]
  * d/p/lp1896299/0001-Add-support-for-iproute2.patch,
    d/p/lp1896299/0002-Small-refactoring-of-netstat-iproute-parsing.patch,
    d/p/lp1896299/0003-Backward-compatibility-with-Python-2.4-server.patch:
    - allow connecting to remote without netstat (LP: #1896299)
  * d/p/lp1592853-Use-versions-of-python3-greater-than-3.5-when-availa.patch:
    - detect if remote python is 'python' or 'python3' (LP: #1592853)
  * d/p/lp1873368/0001-Don-t-crash-if-we-can-t-look-up-peername.patch,
    d/p/lp1873368/0002-allow-Mux-flush-fill-to-work-with-python-3.5.patch,
    d/p/lp1873368/0003-Fix-python2-server-compatibility.patch:
    - fix interoperability with remote py2 and/or py3
      (same bug as below)

  [ Felipe Reyes ]
  * d/p/0001-compatibility-with-python38.patch:
    Backport patch to make sshuttle compatible
    with python-3.8. (LP: #1873368). Closes: #953621.

 -- Dan Streetman <email address hidden> Wed, 30 Sep 2020 20:34:45 -0400

Changed in sshuttle (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.