Surf Safely with sshuttle

In past articles, I've explained how to set up a SOCKS proxy with SSH. I've demonstrated how to tunnel traffic with SSH. I've even shown how to circumvent a company firewall with SSH. I've never been able to use SSH completely as a VPN, however, and that's always bummed me out—until I discovered sshuttle.

Mind you, sshuttle isn't a new program. It isn't even a new concept. What it is, however, is pure awesome. Basically, launching the sshuttle binary with root privileges will modify your system firewall to tunnel all (yes all) traffic through a remote SSH connection. The remote connection doesn't even need administrator privileges, so your shell account at your Web host might suffice for securing your traffic in a hotel or coffee shop. sshuttle will even tunnel your DNS lookups, which means your entire network interaction should be secure and encrypted.

sshuttle is in many OS repositories, or you can downloaded it from https://github.com/apenwarr/sshuttle.

With a simple sudo sshuttle --dns -vvr username@server 0/0, all your traffic will be encrypted and funneled through the remote server. Because DNS also is tunneled, it means you won't be vulnerable to DNS poisoning either! Check out sshuttle today. You won't be sorry.

______________________

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

How to listed Google Local Business Listing?

Web Designing Company in Chennai's picture

Pls help me this questions...

Any one know humminbird updates?

Web Designing Company in Chennai's picture

Hi There.
I need humminbird updates?

web designing company in chennai

u2smile's picture

Hi, Every time I read one of your article I learn something new. Keep it up.web development in Chennai

web designing company in chennai

suresh raj's picture

This is very much interesting. Thanks for sharing this useful information.
web designing company

++++

cnbestmall's picture

++++ http://www.cnbestmall.com ++++

Paypal online order accept, FREE SHIPPING

Nike AIr max, Shox, Rift, dunk, blazer, air force 1 shoes: 48 USD

Nike free running shoes: 42 USD

D&G, LV, Gucci, parda DC, polo, puma, supra shoes: 42 USD.

Timberland boot: 50 USD

T-shirts (polo, ed hardy, lacoste,gucci, lv, etc) $28

Jeans (AF, armani, bape, BBC, CA, coogi, D&G, Diesel, Evisu, Levis, gucci, true religion, versace) 45 USD

Down Coat jacket parka vests (moncler, canada goose, barbour, parajumpers, woolrich) 168 USD-268 USD

++++ http://www.cnbestmall.com ++++

Great now every webhost will

Damianus's picture

Great now every webhost will account as a vpn for some mildly tech dudes. I guess China will start banning ssh now.

Damian at SmartIT

You don't need guess, ISPs

Anonymous's picture

You don't need guess, ISPs and GFW in China do interfere SSH connections to make it unstable if you haven't use obfuscated SSH.

Great stuff, just great!

 Online Indonesia Terpercaya's picture

Its Great I Have use it Before

Online they have more places

Anonymous's picture

Online they have more places to buy authentic bags, but be aware any Louis Vuitton http://www.scottandterry.com you try to buy online that is discounted or cheaper than on their retail site, luxury, is fake, period.

web design company in chennai

kavin's picture

This is very much interesting. Thanks for sharing this useful information.
Web design company in chennai

i'm getting this error ssh:

Anonymous's picture

i'm getting this error
ssh: connect to host server port 22: Connection timed out
c : fatal: failed to establish ssh session (2)

when running : sudo sshuttle --dns -vvr username@server 0/0

Could be: 1) You're not

RoseHosting's picture

Could be:
1) You're not running ssh
2) You're running ssh on a different port
3) You're running a firewall that is blocking port 22

ssh: connect to host server

Anonymous's picture

ssh: connect to host server port 22: Connection timed out

can you ssh to the remote host w/o the sshuttle part? e.g.:

ssh username@server

if that doesn't work, then sshuttle won't.

ssh: connect to host server

Anonymous's picture

ssh: connect to host server port 22: Connection timed out

can you ssh to the remote host w/o the sshuttle part? e.g.:

ssh username@server

if that doesn't work, then sshuttle won't.

ssh as VPN

Sergio Vaccaro's picture

I'm a "VPN over SSH" user.

The -w option (yes, very deep in the alphabetical ordered options) creates a couple of network interfaces, one for each end of the secure channel.
Usual Linux users' crafts are smart enough to configure a LAN between them and to manage iptables for forwarding and NAT.
A handful of bash scripting will put all together.
That's all, no?

The core line in my script (Gentoo) is:
/usr/bin/ssh -f -w 0:0 "${REMOTE}" /etc/init.d/net.tun0 --quiet start

Regards,
Sergio

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix