SSH tool — sshuttle

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and macOS. Supports DNS tunneling. sshuttle: where transparent proxy meets VPN meets ssh

SSH tool  — sshuttle
Photo by Markus Krisetya / Unsplash

Where transparent proxy meets VPN meets ssh

Sshuttle facilitates the creation of a VPN connection between your computer and any remote server that can be accessed via ssh, provided that the server has a sufficiently recent Python installation.

Some reasons to use sshuttle (from the GitHub page)

As far as I know, sshuttle is the only program that solves the following common case:

  • Your client machine (or router) is Linux, FreeBSD, or macOS.
  • You have access to a remote network via ssh.
  • You don't necessarily have admin access on the remote network.
  • The remote network has no VPN, or only stupid/complex dangerous VPN protocols (e.g., IPsec, PPTP, etc.). Or maybe you are the admin, and you just got frustrated with the awful state of VPN tools.
  • You don't want to create an ssh port forward for every single host/port on the remote network. It's stupid and dangerous.
  • You hate OpenSSH's port forwarding because it's randomly slow and/or stupid.
  • You can't use OpenSSH's PermitTunnel feature because it's disabled by default on OpenSSH servers; plus, it does TCP-over-TCP, which has terrible performance.

Installation

Depending on your package manager, do

  • nala sudo nala install sshuttle
  • apt sudo apt upgrage && sudo apt install sshuttle
  • apk doas apk update && doas apk add sshuttle
  • homebrew brew install sshuttle
  • if you don't have python, install it too

Or use git clone:

git clone https://github.com/sshuttle/sshuttle.git
cd sshuttle
sudo ./setup.py install

Generate a secure SSH key

Some basics first ssh-keygen

  • -a rounds Default is 16, more is better but slower, see docs
  • -C "comment"
  • -t type use ed25519
  • -P passphrase
  • -R hostname Removes all keys belonging to the specified hostname
  • -f filename /directory/path/filename if not the ~/.ssh/id_ed25519

ssh-keygen -a 64 -t ed25519 -P "" -C "sshuttle_key" -f /home/sshuttle/.ssh/sshuttle_key

Other requirements

  • You need to run as root, but the other machine does not need to be root
  • You need python to be installed on both machines

Usage

How to use sshuttle

Tunnel to all networks (0.0.0.0/0)

$ sudo sshuttle -r user@server 0/0

Tunnel to a particular subnet

$ sudo sshuttle -r root@router:31415 192.0.2.0/24

Run it as a daemon.

-D --daemon

Set different levels of verbosity

At max, you see it on the console each time a new TCP session is redirected

-v -vv -vvv

Test your IP

curl ifconfig.me

Running as a service

Sshuttle can also be run as a service and configured using a config management system: https://medium.com/@mike.reider/using-sshuttle-as-a-service-bec2684a65fe


References

sshutle [1]


  1. SSHutle on GitHub, Red Hat documentation, man page ↩︎