I don’t know about you, but when I hear the word (s)shuttle I think about a mean of transport doing continual to-and-fro trips. Probably, this is exactly what the guys who invented
sshuttle had in mind when they named this amazing project, making a funny mash-up with the acronym SSH.
So, what is
sshuttle? Basically, it is a useful piece of software for making a VPN over SSH. Pretty cool, isn’t it? As it is described in the
sshuttle GitHub repo, it allows users to create a:
transparent proxy server that works as a poor man’s VPN. Forwards over
ssh. Doesn’t require admin. Works with Linux and MacOS. Supports DNS tunneling.
Really a swiss army knife for everyday networking. Here you can find a brief overview about
sshuttle, as well as a list of requirements. Basically, you just need (i) a sudo/root access (ii) a Python interpreter on your client machine. Besides, you need (iii) a Python interpreter also on the server side. An admin access on server machine is not necessary. That’s it!
Why might you need it?
It’s a simple solution and it is really useful in many situations. For example, if you simply want to encrypt your connection in insecure networks (e.g., public Wi-Fi). Indeed,
sshuttle forwards all your traffic to the remote server, relying on an encrypted channel between your local machine and such a server. Or maybe you might just want to reach your office network. In those cases, like in many others,
sshuttle will be your best friend.
You can install
sshuttle in different ways.
PyPI - the Python Package Index
Even better, you might want to install
sshuttle in action
There are different options for harnessing
sshuttle and you have to choose according to your personal needs.
Let’s explore some typical cases. From now on, I assume the user
user does exist on the remote server
Forwarding all traffic
- With the option
-ryou specify the remote server
- You can use the shorthand
0.0.0.0/0. It tells
sshuttleto route everything through the VPN.
Forwarding all traffic + DNS
--dnsto capture local DNS requests and to forward them to the DNS server of
Forwarding all traffic + remote hostnames
/etc/hostsentries. As long as your VPN is active, you can see new entries in your
Those entries will be removed when you close the VPN.
Forwarding all traffic with exceptions
- with the option
-xyou forward all traffic except a specific subnet or IP. You can pass more than one
-x subnetoption. Eventually, you can also load the exceptions from a file.
There are many more interesting options and cases. Here there is the complete reference of the stable version of
Have a nice VPNing, exploiting this awesome library!