Surf Safely with sshuttle

In past articles, I've explained how to set up a SOCKS proxy with SSH. I've demonstrated how to tunnel traffic with SSH. I've even shown how to circumvent a company firewall with SSH. I've never been able to use SSH completely as a VPN, however, and that's always bummed me out—until I discovered sshuttle.

Mind you, sshuttle isn't a new program. It isn't even a new concept. What it is, however, is pure awesome. Basically, launching the sshuttle binary with root privileges will modify your system firewall to tunnel all (yes all) traffic through a remote SSH connection. The remote connection doesn't even need administrator privileges, so your shell account at your Web host might suffice for securing your traffic in a hotel or coffee shop. sshuttle will even tunnel your DNS lookups, which means your entire network interaction should be secure and encrypted.

sshuttle is in many OS repositories, or you can downloaded it from

With a simple sudo sshuttle --dns -vvr username@server 0/0, all your traffic will be encrypted and funneled through the remote server. Because DNS also is tunneled, it means you won't be vulnerable to DNS poisoning either! Check out sshuttle today. You won't be sorry.

Shawn is Associate Editor here at Linux Journal, and has been around Linux since the beginning. He has a passion for open source, and he loves to teach. He also drinks too much coffee, which often shows in his writing.

Load Disqus comments