Auto-hosts do not include fqdn

Bug #1787245 reported by Chris Sanders on 2018-08-15
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sshuttle (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Billy Olsen
Bionic
Medium
Billy Olsen

Bug Description

The --H, --auto-hosts option does not currently include fqdn and in fact removes the fqdn entries. This is blocking the use of sshuttle for things like accessing a Graylog server which links back to itself via fqdn.

This has been fixed with pull request #173 [0] in Oct of 2017 adds this functionality and works for the Graylog forwarding which I've been trying to use it for.

[0]: https://github.com/sshuttle/sshuttle/pull/173

[Impact]

Some services which may be remotely accessed over an sshuttle vpn tunnel may require full fqdn access to remote machines. Depending on the remote application, it may fail to function properly if the initiator system cannot resolve hosts by fqdn's. Graylog mentioned above, is one such example of this.

This patch works by changing the host watch functionality to match more than just hostnames found at the remote site. If fqdns are also found, then this patch will ensure they get included in the initator's local /etc/host file.

[Test Case]

1. Initiate an sshuttle connection at a remote endpoint w/ the -H or --auto-hosts parameter.

$ sshuttle 10.5.0.0/16 -r 10.230.65.47 --daemon -H

2. Observe the initiator's /etc/hosts file
 - Without the patch, observe only hostnames are populated
 - With the patch, hostnames and fqdns are populated

[Regression Potential]

This area of code is limited to only affecting those users using the --auto-hosts parameter. That being said, the change is to expand the regular expressions which identify remote hostnames to include/allow fqdns. It may be possible that this introduces a naming collision with the initiator's DNS resolution where they relied on foo and foo.some.domain resolve to uniquely different hosts. This may be an unwanted side-effect, but upstream seems not to be concerned with this.

Billy Olsen (billy-olsen) wrote :

Looks like the patch identified (commit 29cd75b) is in the v0.78.4 version:

$ git tag --contains 29cd75b
v0.78.4

which is in cosmic, so this would apply to bionic and xenial. Not sure its worth backporting all the way to trusty.

$ rmadison sshuttle
 sshuttle | 0.54-1 | precise/universe | source, all
 sshuttle | 0.54-2 | trusty/universe | source, all
 sshuttle | 0.76-1 | xenial/universe | source, all
 sshuttle | 0.78.3-1 | bionic/universe | source, all
 sshuttle | 0.78.4-1 | cosmic/universe | source, all

I've built packages with this patch included in https://launchpad.net/~billy-olsen/+archive/ubuntu/sshuttle-lp1787245

Changed in sshuttle (Ubuntu):
status: New → Confirmed
Billy Olsen (billy-olsen) wrote :
Billy Olsen (billy-olsen) wrote :

The attachment "bionic patch" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
description: updated
description: updated
Bryan Quigley (bryanquigley) wrote :

Just fyi, the 0.78.4 looks like mostly bugfixes. https://sshuttle.readthedocs.io/en/stable/changes.html

Eric Desrochers (slashd) on 2018-09-04
Changed in sshuttle (Ubuntu):
status: Confirmed → Fix Released
Eric Desrochers (slashd) on 2018-09-04
Changed in sshuttle (Ubuntu Bionic):
status: New → In Progress
Changed in sshuttle (Ubuntu Xenial):
status: New → In Progress
Changed in sshuttle (Ubuntu Bionic):
assignee: nobody → Billy Olsen (billy-olsen)
Changed in sshuttle (Ubuntu Xenial):
assignee: nobody → Billy Olsen (billy-olsen)
Changed in sshuttle (Ubuntu Bionic):
importance: Undecided → Medium
Changed in sshuttle (Ubuntu Xenial):
importance: Undecided → Medium
Eric Desrochers (slashd) wrote :

Sponsored for 'X' and 'B'. It is now waiting in the upload queue waiting for SRU approval.

- Eric

Hello Chris, or anyone else affected,

Accepted sshuttle into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sshuttle/0.78.3-1ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in sshuttle (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Brian Murray (brian-murray) wrote :

Hello Chris, or anyone else affected,

Accepted sshuttle into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sshuttle/0.76-1ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in sshuttle (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed-xenial
Billy Olsen (billy-olsen) wrote :

Verified and confirmed the fix on Bionic:

$ lsb_release -r
Release: 18.04

$ dpkg -l | grep sshuttle
ii sshuttle 0.78.3-1ubuntu1 all Transparent proxy server for VPN over SSH

$ sshuttle -v 10.5.0.0/24 -r 10.230.65.47 --daemon -H
$ cat /etc/hosts
127.0.0.1 localhost

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
10.5.0.5 billy-olsen-bastion # sshuttle-firewall-12300 AUTOCREATED
10.5.0.5 billy-olsen-bastion-cloud-sts # sshuttle-firewall-12300 AUTOCREATED
10.5.0.5 billy-olsen-bastion.cloud.sts # sshuttle-firewall-12300 AUTOCREATED
10.5.0.6 juju-929bff-controller-0 # sshuttle-firewall-12300 AUTOCREATED
10.5.0.6 juju-929bff-controller-0-cloud-sts # sshuttle-firewall-12300 AUTOCREATED
10.5.0.6 juju-929bff-controller-0.cloud.sts # sshuttle-firewall-12300 AUTOCREATED
10.5.0.31 juju-b9cf0a-default-4 # sshuttle-firewall-12300 AUTOCREATED
10.5.0.31 juju-b9cf0a-default-4-cloud-sts # sshuttle-firewall-12300 AUTOCREATED
10.5.0.31 juju-b9cf0a-default-4.cloud.sts # sshuttle-firewall-12300 AUTOCREATED

tags: added: verification-done-bionic
removed: verification-needed-bionic
Billy Olsen (billy-olsen) wrote :

Also verified and confirmed this fix on Xenial:

$ lsb_release -r
Release: 16.04

$ dpkg -l | grep sshuttle
ii sshuttle 0.76-1ubuntu1 all Transparent proxy server for VPN over SSH

$ sshuttle -v 10.5.0.0/24 -r 10.230.65.47 --daemon -H
$ cat /etc/hosts
127.0.0.1 localhost

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
10.5.0.5 billy-olsen-bastion # sshuttle-firewall-12300 AUTOCREATED
10.5.0.5 billy-olsen-bastion-cloud-sts # sshuttle-firewall-12300 AUTOCREATED
10.5.0.5 billy-olsen-bastion.cloud.sts # sshuttle-firewall-12300 AUTOCREATED
10.5.0.6 juju-929bff-controller-0 # sshuttle-firewall-12300 AUTOCREATED
10.5.0.6 juju-929bff-controller-0-cloud-sts # sshuttle-firewall-12300 AUTOCREATED
10.5.0.6 juju-929bff-controller-0.cloud.sts # sshuttle-firewall-12300 AUTOCREATED
10.5.0.31 juju-b9cf0a-default-4 # sshuttle-firewall-12300 AUTOCREATED
10.5.0.31 juju-b9cf0a-default-4-cloud-sts # sshuttle-firewall-12300 AUTOCREATED
10.5.0.31 juju-b9cf0a-default-4.cloud.sts # sshuttle-firewall-12300 AUTOCREATED

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sshuttle - 0.78.3-1ubuntu1

---------------
sshuttle (0.78.3-1ubuntu1) bionic; urgency=medium

  * Make hostwatch find both fqdn and hostname (LP: #1787245)
    - d/p/make-hostwatch-find-fqdn-and-hostname.patch: cherry-pick
      patch from upstream to add both the FQDN and the hostname
      so they are both resolvable.

 -- Billy Olsen <email address hidden> Wed, 29 Aug 2018 15:00:55 -0700

Changed in sshuttle (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for sshuttle has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sshuttle - 0.76-1ubuntu1

---------------
sshuttle (0.76-1ubuntu1) xenial; urgency=medium

  * Make hostwatch find both fqdn and hostname (LP: #1787245)
    - d/p/make-hostwatch-find-fqdn-and-hostname.patch: cherry-pick
      patch from upstream to add both the FQDN and the hostname
      so they are both resolvable.

 -- Billy Olsen <email address hidden> Wed, 29 Aug 2018 20:49:40 -0700

Changed in sshuttle (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers