passless 0.0.1.dev1

Description:

passless 0.0.1.dev1

Introduction
Passless is a toolkit for setting up a security layer to protect private
services. It based on Yingbo Gu’s Shadowproxy project and comes with
two components, a plugin of Slowdown server and a client.
For example, in most cases you have to run a ssh service at least. If you
are Slowdown user, you can force users to access this ssh service only
via the working Slowdown server. And so on, all private services can be
protected under the Slowdown server.


Installation
Passless are published on the Python Package Index , and can be
installed with the following command.
$ pip install -U passless
You can also install Passless directly from a clone of the
Git repository .
$ git clone https://github.com/wilhelmshen/passless
$ cd passless
$ pip install .
or
$ pip install git+https://github.com/wilhelmshen/passless


Server

Server creation
First, you need to create a Slowdown server.
$ virtualenv --python=/usr/bin/python3 myserver
$ myserver/bin/slowdown --init
Initialize a project in /PATH/TO/myserver? [Y/n]: Y
Creating myserver/bin ... exists
Creating myserver/etc ... exists
Creating myserver/var ... done
Creating myserver/pkgs ... done
Creating myserver/var/log ... done
Creating myserver/bin/slowdown ... exists
Creating myserver/etc/slowdown.conf ... done
DONE! Completed all initialization steps.


Configuration
Next, edit the profile. The config file of the slowdown server called
slowdown.conf is placed in the etc folder. Here’s an example:
# URL Routing based on regular expression.
<routers>
<router ALL>

# A regular expression to match hosts
# Group name must be uppercased
#
pattern ^(?P<EXAMPLE>example\.com)$$

<host EXAMPLE>

# A reqular expression to match PATH_INFO
#
pattern ^/passless(?P<PASSLESS>/.*)$$

<path PASSLESS>
handler passless
cipher aes-128-cfb
password PASSWORD

# Bridge server (optional)
#
#via passless://CIPHER:[email protected]/HOST/PATH/

# Ad block list (optional)
#
#adblk /PATH/TO/AD/BLOCK.conf

# Connect directly to the server, if the connection
# fails, auto switch to the bridge server specified
# by the "via" configuration for transmission.
# The default is "yes".
#
#auto_switch yes

# Deny access to the local ip, the default is "yes"
#
#global_only yes

#accesslog $LOGS/access-%Y%m.log
#errorlog $LOGS/error-%Y%m.log
</path>
</host>

# More hosts ..
#
#<host HOSTNAME>...</host>

</router>
</routers>

<servers>
<http MY_HTTP_SERVER>
address 0.0.0.0:8080
router ALL
</http>
</servers>
Start server:
myserver/bin/slowdown -vv
2020-09-14 17:45:49 INFO slowdown/{__version__}
2020-09-14 17:45:49 INFO Serving HTTP on 0.0.0.0 port 8080 ...
In this case, Passless service is available on the host example.com and
port 8080.
More details are documented at Slowdown project.



Client
The passless command can start the Passless client side server that
support the socks5 or http protocol.
usage: bin/passless [-h] [-u USER] [-v | -vv | -q] SERVERS
Example:
sudo bin/passless -vv -u nobody "socks://127.0.0.1:1080/?via=passless://aes-128-cfb:[email protected]:8080/example.com:8080/passless/&auto_switch=no&global_only=no" "http://127.0.0.1:8118/?via=passless://aes-128-cfb:[email protected]:8080/example.com:8080/passless/&adblk=my_ad_block.conf"
With this socks/http server, you can access private services of the
remote server that running the Slowdown server with the Passless plugin.


Ad block
You can specify an ad block list for servers and clients. The file of the ad block list is very simple, as shown below:
com.baidu.adscdn REJECT
com.google PROXY