SSH tool — sshuttle
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and macOS. Supports DNS tunneling. sshuttle: where transparent proxy meets VPN meets ssh
Where transparent proxy meets VPN meets ssh
Sshuttle facilitates the creation of a VPN connection between your computer and any remote server that can be accessed via ssh, provided that the server has a sufficiently recent Python installation.
Some reasons to use sshuttle (from the GitHub page)
As far as I know, sshuttle is the only program that solves the following common case:
- Your client machine (or router) is Linux, FreeBSD, or macOS.
- You have access to a remote network via ssh.
- You don't necessarily have admin access on the remote network.
- The remote network has no VPN, or only stupid/complex dangerous VPN protocols (e.g., IPsec, PPTP, etc.). Or maybe you are the admin, and you just got frustrated with the awful state of VPN tools.
- You don't want to create an ssh port forward for every single host/port on the remote network. It's stupid and dangerous.
- You hate OpenSSH's port forwarding because it's randomly slow and/or stupid.
- You can't use OpenSSH's PermitTunnel feature because it's disabled by default on OpenSSH servers; plus, it does TCP-over-TCP, which has terrible performance.
Installation
Depending on your package manager, do
- nala
sudo nala install sshuttle
- apt
sudo apt upgrage && sudo apt install sshuttle
- apk
doas apk update && doas apk add sshuttle
- homebrew
brew install sshuttle
- if you don't have python, install it too
Or use git clone:
git clone https://github.com/sshuttle/sshuttle.git
cd sshuttle
sudo ./setup.py install
Generate a secure SSH key
Some basics first ssh-keygen
- -a rounds Default is 16, more is better but slower, see docs
- -C "comment"
- -t type use ed25519
- -P passphrase
- -R hostname Removes all keys belonging to the specified hostname
- -f filename /directory/path/filename if not the ~/.ssh/id_ed25519
ssh-keygen -a 64 -t ed25519 -P "" -C "sshuttle_key" -f /home/sshuttle/.ssh/sshuttle_key
Other requirements
- You need to run as root, but the other machine does not need to be root
- You need python to be installed on both machines
Usage
How to use sshuttle
Tunnel to all networks (0.0.0.0/0)
$ sudo sshuttle -r user@server 0/0
Tunnel to a particular subnet
$ sudo sshuttle -r root@router:31415 192.0.2.0/24
Run it as a daemon.
-D
--daemon
Set different levels of verbosity
At max, you see it on the console each time a new TCP session is redirected
-v
-vv
-vvv
Test your IP
curl ifconfig.me
Running as a service
Sshuttle can also be run as a service and configured using a config management system: https://medium.com/@mike.reider/using-sshuttle-as-a-service-bec2684a65fe
References
sshutle [1]
SSHutle on GitHub, Red Hat documentation, man page ↩︎