Surf Safely with sshuttle

In past articles, I've explained how to set up a SOCKS proxy with SSH. I've demonstrated how to tunnel traffic with SSH. I've even shown how to circumvent a company firewall with SSH. I've never been able to use SSH completely as a VPN, however, and that's always bummed me out—until I discovered sshuttle.

Mind you, sshuttle isn't a new program. It isn't even a new concept. What it is, however, is pure awesome. Basically, launching the sshuttle binary with root privileges will modify your system firewall to tunnel all (yes all) traffic through a remote SSH connection. The remote connection doesn't even need administrator privileges, so your shell account at your Web host might suffice for securing your traffic in a hotel or coffee shop. sshuttle will even tunnel your DNS lookups, which means your entire network interaction should be secure and encrypted.

sshuttle is in many OS repositories, or you can downloaded it from https://github.com/apenwarr/sshuttle.

With a simple sudo sshuttle --dns -vvr username@server 0/0, all your traffic will be encrypted and funneled through the remote server. Because DNS also is tunneled, it means you won't be vulnerable to DNS poisoning either! Check out sshuttle today. You won't be sorry.

______________________

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

How to listed Google Local Business Listing?

Web Designing Company in Chennai's picture

Pls help me this questions...

Any one know humminbird updates?

Web Designing Company in Chennai's picture

Hi There.
I need humminbird updates?

web designing company in chennai

u2smile's picture

Hi, Every time I read one of your article I learn something new. Keep it up.web development in Chennai

web designing company in chennai

suresh raj's picture

This is very much interesting. Thanks for sharing this useful information.
web designing company

++++

cnbestmall's picture

++++ http://www.cnbestmall.com ++++

Paypal online order accept, FREE SHIPPING

Nike AIr max, Shox, Rift, dunk, blazer, air force 1 shoes: 48 USD

Nike free running shoes: 42 USD

D&G, LV, Gucci, parda DC, polo, puma, supra shoes: 42 USD.

Timberland boot: 50 USD

T-shirts (polo, ed hardy, lacoste,gucci, lv, etc) $28

Jeans (AF, armani, bape, BBC, CA, coogi, D&G, Diesel, Evisu, Levis, gucci, true religion, versace) 45 USD

Down Coat jacket parka vests (moncler, canada goose, barbour, parajumpers, woolrich) 168 USD-268 USD

++++ http://www.cnbestmall.com ++++

Great now every webhost will

Damianus's picture

Great now every webhost will account as a vpn for some mildly tech dudes. I guess China will start banning ssh now.

Damian at SmartIT

You don't need guess, ISPs

Anonymous's picture

You don't need guess, ISPs and GFW in China do interfere SSH connections to make it unstable if you haven't use obfuscated SSH.

Great stuff, just great!

 Online Indonesia Terpercaya's picture

Its Great I Have use it Before

Online they have more places

Anonymous's picture

Online they have more places to buy authentic bags, but be aware any Louis Vuitton http://www.scottandterry.com you try to buy online that is discounted or cheaper than on their retail site, luxury, is fake, period.

web design company in chennai

kavin's picture

This is very much interesting. Thanks for sharing this useful information.
Web design company in chennai

i'm getting this error ssh:

Anonymous's picture

i'm getting this error
ssh: connect to host server port 22: Connection timed out
c : fatal: failed to establish ssh session (2)

when running : sudo sshuttle --dns -vvr username@server 0/0

Could be: 1) You're not

RoseHosting's picture

Could be:
1) You're not running ssh
2) You're running ssh on a different port
3) You're running a firewall that is blocking port 22

ssh: connect to host server

Anonymous's picture

ssh: connect to host server port 22: Connection timed out

can you ssh to the remote host w/o the sshuttle part? e.g.:

ssh username@server

if that doesn't work, then sshuttle won't.

ssh: connect to host server

Anonymous's picture

ssh: connect to host server port 22: Connection timed out

can you ssh to the remote host w/o the sshuttle part? e.g.:

ssh username@server

if that doesn't work, then sshuttle won't.

ssh as VPN

Sergio Vaccaro's picture

I'm a "VPN over SSH" user.

The -w option (yes, very deep in the alphabetical ordered options) creates a couple of network interfaces, one for each end of the secure channel.
Usual Linux users' crafts are smart enough to configure a LAN between them and to manage iptables for forwarding and NAT.
A handful of bash scripting will put all together.
That's all, no?

The core line in my script (Gentoo) is:
/usr/bin/ssh -f -w 0:0 "${REMOTE}" /etc/init.d/net.tun0 --quiet start

Regards,
Sergio

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState