Passless is a toolkit for setting up a security layer to protect private services. It based on Yingbo Gu’s Shadowproxy project and comes with two components, a plugin of Slowdown server and a client.

For example, in most cases you have to run a ssh service at least. If you are having a Slowdown server, you can force users to access this ssh service only via the working Slowdown server (by forbidden non-local connections to the ssh service). All private services can be protected under the Slowdown server who is know as Bastion Host.


Passless are published on the Python Package Index , and can be installed with the following command.

$ pip install -U passless

You can also install Passless directly from a clone of the Git repository .

$ git clone
$ cd passless
$ pip install .


$ pip install git+


Server creation

First, you need to create a Slowdown server.

$ virtualenv --python=/usr/bin/python3 myserver
$ myserver/bin/pip3 install passless
$ myserver/bin/slowdown --init
Initialize a project in /PATH/TO/myserver? [Y/n]: Y
Creating myserver/bin ... exists
Creating myserver/etc ... exists
Creating myserver/var ... done
Creating myserver/pkgs ... done
Creating myserver/var/log ... done
Creating myserver/bin/slowdown ... exists
Creating myserver/etc/slowdown.conf ... done
DONE! Completed all initialization steps.


Next, edit the profile. The config file of the slowdown server called slowdown.conf is placed in the etc folder. Here’s an example:

# URL Routing based on regular expression.
    <router ALL>

        # A regular expression to match hosts
        # Group name must be uppercased
        pattern ^(?P<EXAMPLE>example\.com)$$

        <host EXAMPLE>

            # A reqular expression to match PATH_INFO
            pattern ^/passless(?P<PASSLESS>/.*)$$

            <path PASSLESS>
                handler     passless
                cipher      aes-128-cfb
                password    PASSWORD

                # The forwarding server (optional)
                #via passless://CIPHER:PASSWD@BRIDGE.SERVER/HOST/PATH/

                # Ad block list (optional)
                #adblk /PATH/TO/AD/BLOCK.conf

                # If the direct connection fails, use the forwarding
                # server instead. The default is "no".
                #autoswitch no

                # Deny access to the local ip, the default is "no"
                # If you want a Bastion Host, this option must be
                # setted to "no".
                #globalonly no

                #accesslog  $LOGS/access-%Y%m.log
                #errorlog   $LOGS/error-%Y%m.log

        # More hosts ..
        #<host HOSTNAME>...</host>


    <http MY_HTTP_SERVER>
        router   ALL

Start the server:

$ myserver/bin/slowdown -vv
2020-09-14 17:45:49 INFO slowdown/{__version__}
2020-09-14 17:45:49 INFO Serving HTTP on port 8080 ...

In this case, Passless service is available on pass:// .

More details are documented at Slowdown project.



The passless command can start the Passless client side server that support the socks5 and http protocol.

usage: bin/passless [-h] [-u USER] [-v | -vv | -q] SERVERS


$ sudo bin/passless -vv -u nobody "socks://" ""
$ bin/passless ""

With this socks/http server, you can access private services of the remote server that running the Slowdown server with the Passless plugin.


The default scheme is socks://, the default via scheme is passless:// .


This script is based on Adam Hamsik’s proxychains project. It automatically starts a temporary local socks server configured to the remote Bastion Host, and bridge the network traffic of the specified program, just as the original proxychains does.


$ bin/proxychains "pass://" ssh
$ bin/proxychains "" bash

Detect that you have entered bash in proxy mode, use "exit" to leave later.

$ exit


The default socks port is 1080 , the default passless port is 80 .

Ad block

You can specify an ad block list for servers and clients (see the case ablove). The file of the ad block list is very simple, as shown below:

domain1 REJECT
domain2 REJECT
domain1 PROXY
domain2 PROXY