I don’t know about you, but when I hear the word (s)shuttle I think about a
mean of transport doing continual to-and-fro trips. Probably, this is exactly
what the guys who invented sshuttle had in mind when they named this amazing
project, making a funny mash-up with the acronym SSH.
So, what is sshuttle? Basically, it is a useful piece of software for making a
VPN over SSH. Pretty cool, isn’t it? As it is described in the sshuttle
GitHub repo, it allows users to create
a:
transparent proxy server that works as a poor man’s VPN. Forwards over
ssh. Doesn’t require admin. Works with Linux and MacOS. Supports DNS tunneling.
Really a swiss army knife for everyday networking.
Here you can find a
brief overview about sshuttle, as well as a list of
requirements.
Basically, you just need (i) a sudo/root access (ii) a Python interpreter on
your client machine. Besides, you need (iii) a Python interpreter also on the
server side. An admin access on server machine is not necessary. That’s it!
Table of contents
Open Table of contents
Why might you need it?
It’s a simple solution and it is really useful in many situations. For example,
if you simply want to encrypt your connection in insecure networks (e.g., public
Wi-Fi). Indeed, sshuttle forwards all your traffic to the remote server,
relying on an encrypted channel between your local machine and such a server. Or
maybe you might just want to reach your office network. In those cases, like in
many others, sshuttle will be your best friend.
Getting sshuttle
You can install sshuttle in different ways.
macOS
$ brew install sshuttle
Debian
$ sudo apt install sshuttle
PyPI - the Python Package Index
$ sudo pip install sshuttle
Even better, you might want to install sshuttle with
pipx.
sshuttle in action
There are different options for harnessing sshuttle and you have to choose
according to your personal needs.
Let’s explore some typical cases. From now on, I assume the user user does
exist on the remote server yourserver.
Forwarding all traffic
$ sshuttle -r user@yourserver 0.0.0.0/0
- With the option
-ryou specify the remote server - You can use the shorthand
0/0instead of0.0.0.0/0. It tellssshuttleto route everything through the VPN.
Forwarding all traffic + DNS
$ sshuttle --dns -r user@yourserver 0/0
- Use
--dnsto capture local DNS requests and to forward them to the DNS server ofyoursever.
Forwarding all traffic + remote hostnames
$ sshuttle --auto-hosts -r user@yourserver 0/0
- Use
--auto-hostsfor merging/etc/hostsentries. As long as your VPN is active, you can see new entries in yourhostsfile. E.g.,:
192.168.122.9 foo # sshuttle-firewall-12300 AUTOCREATED
192.168.122.10 bar # sshuttle-firewall-12300 AUTOCREATED
Those entries will be removed when you close the VPN.
Forwarding all traffic with exceptions
$ sshuttle -r user@yourserver 0/0 -x 1.2.3.0/24
- with the option
-xyou forward all traffic except a specific subnet or IP. You can pass more than one-x subnetoption. Eventually, you can also load the exceptions from a file.
There are many more interesting options and cases.
Here there is the complete reference of the
stable version of sshuttle.
Have a nice VPNing, harnessing this awesome library!
^..^