In the age of Firesheep and other network nastiness, you must be careful how you connect to remote networks. Setting up or connecting to VPNs can be a major hassle — but with sshuttle, you can set up a quick and dirty VPN on any network to which you have SSH access.
This Python app makes use of SSH to create a VPN between a Linux, BSD, or Mac OS X machine and a remote system that has SSH access and Python — great for building a VPN on the fly.
What’s sshuttle? It’s a Python app that makes use of SSH to create a on-the-fly VPN between your Linux, BSD, or Mac OS X machine and a remote system that has SSH access and Python. Written by Avery Pennarun and licensed under the GPLv2, sshuttle is a transparent proxy server that lets users fake a VPN with minimal hassle.
The code is hosted on Github right now. It’s a fairly new program that hasn’t yet made its way yet into any of the major distros that I’m aware of. You’ll need git to grab the source (git clone git://github.com/apenwarr/sshuttle
) and install it on the client machine. You do need root access on the client — nothing needs to be installed on the server.
To run sshuttle
, you’ll need to be root or use sudo
and then cd
to the sshuttle
directory you grabbed from Github. Use sshuttle -r user@remote.host.tld 0.0.0.0/0
. You’ll want to replace the user@host stuff with your specifics, of course, and you’ll want to replace the IP address with the specific IP addresses you want to use.
Side note — if you don’t replace the IP with the addresses for the network you’re VPN’ing into what you get is a proxy for all traffic out through the remote server instead. This can be useful if you’re looking for a quick and dirty proxy for traffic because you don’t trust the local network. I’ve tried this mode using my server while sitting in the airport, and it seems to work transparently and fine.
A little caution should be employed when using sshuttle
, however. First, since it doesn’t require root or administrator access on the remote machine, you want to make sure you’re not violating any company policies by using sshuttle
. In other words, just because you have the technical ability to do something doesn’t necessarily mean you should or won’t get fired for doing so.
Second, it’s a relatively new application, and it hasn’t been widely tested in the wild. Use with caution, and be sure to report any problems to Pennarun. Since it’s on Github, it should be easy to suggest patches as well.
That said, sshuttle
looks like an interesting little utility, and I think it might be useful for a lot of admins. Give it a shot and see what you think!
Joe ‘Zonker’
Brockmeier is a freelance writer and editor with more than 10 years covering IT. Formerly the openSUSE Community Manager for Novell, Brockmeier has written for Linux Magazine, Sys Admin, Linux Pro Magazine, IBM developerWorks, Linux.com, CIO.com, Linux Weekly News, ZDNet, and many other publications. You can reach Zonker at jzb@zonker.net and follow him on Twitter.