A toolkit for setting up a security layer to protect private services
Project description
Introduction
Passless is a toolkit for setting up a security layer to protect private services. It based on Yingbo Gu’s Shadowproxy project and comes with two components, a plugin of Slowdown server and a client.
For example, in most cases you have to run a ssh service at least. If you are Slowdown user, you can force users to access this ssh service only via the working Slowdown server. And so on, all private services can be protected under the Slowdown server.
Installation
Passless are published on the Python Package Index , and can be installed with the following command.
$ pip install -U passlessYou can also install Passless directly from a clone of the Git repository .
$ git clone https://github.com/wilhelmshen/passless
$ cd passless
$ pip install .or
$ pip install git+https://github.com/wilhelmshen/passlessServer
Server creation
First, you need to create a Slowdown server.
$ virtualenv --python=/usr/bin/python3 myserver
$ myserver/bin/slowdown --init
Initialize a project in /PATH/TO/myserver? [Y/n]: Y
Creating myserver/bin ... exists
Creating myserver/etc ... exists
Creating myserver/var ... done
Creating myserver/pkgs ... done
Creating myserver/var/log ... done
Creating myserver/bin/slowdown ... exists
Creating myserver/etc/slowdown.conf ... done
DONE! Completed all initialization steps.Configuration
Next, edit the profile. The config file of the slowdown server called slowdown.conf is placed in the etc folder. Here’s an example:
# URL Routing based on regular expression.
<routers>
<router ALL>
# A regular expression to match hosts
# Group name must be uppercased
#
pattern ^(?P<EXAMPLE>example\.com)$$
<host EXAMPLE>
# A reqular expression to match PATH_INFO
#
pattern ^/passless(?P<PASSLESS>/.*)$$
<path PASSLESS>
handler passless
cipher aes-128-cfb
password PASSWORD
# Bridge server (optional)
#
#via passless://CIPHER:PASSWD@BRIDGE.SERVER/HOST/PATH/
# Ad block list (optional)
#
#adblk /PATH/TO/AD/BLOCK.conf
# Connect directly to the server, if the connection
# fails, auto switch to the bridge server specified
# by the "via" configuration for transmission.
# The default is "yes".
#
#auto_switch yes
# Deny access to the local ip, the default is "yes"
#
#global_only yes
#accesslog $LOGS/access-%Y%m.log
#errorlog $LOGS/error-%Y%m.log
</path>
</host>
# More hosts ..
#
#<host HOSTNAME>...</host>
</router>
</routers>
<servers>
<http MY_HTTP_SERVER>
address 0.0.0.0:8080
router ALL
</http>
</servers>Start server:
myserver/bin/slowdown -vv
2020-09-14 17:45:49 INFO slowdown/{__version__}
2020-09-14 17:45:49 INFO Serving HTTP on 0.0.0.0 port 8080 ...In this case, Passless service is available on the host example.com and port 8080.
More details are documented at Slowdown project.
Client
The passless command can start the Passless client side server that support the socks5 or http protocol.
usage: bin/passless [-h] [-u USER] [-v | -vv | -q] SERVERSExample:
sudo bin/passless -vv -u nobody "socks://127.0.0.1:1080/?via=passless://aes-128-cfb:PASSWORD@example.com:8080/example.com:8080/passless/&auto_switch=no&global_only=no" "http://127.0.0.1:8118/?via=passless://aes-128-cfb:PASSWORD@example.com:8080/example.com:8080/passless/&adblk=my_ad_block.conf"With this socks/http server, you can access private services of the remote server that running the Slowdown server with the Passless plugin.
Ad block
You can specify an ad block list for servers and clients. The file of the ad block list is very simple, as shown below:
com.baidu.adscdn REJECT
com.google PROXYRelease history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
