In the age of Firesheep and other network nastiness, you must be careful how you connect to remote networks. Setting up or connecting to VPNs can be a major hassle — but with sshuttle, you can set up a quick and dirty VPN on any network to which you have SSH access.
This Python app makes use of SSH to create a VPN between a Linux, BSD, or Mac OS X machine and a remote system that has SSH access and Python — great for building a VPN on the fly.
What’s sshuttle? It’s a Python app that makes use of SSH to create a on-the-fly VPN between your Linux, BSD, or Mac OS X machine and a remote system that has SSH access and Python. Written by Avery Pennarun and licensed under the GPLv2, sshuttle is a transparent proxy server that lets users fake a VPN with minimal hassle.
The code is hosted on Github right now. It’s a fairly new program that hasn’t yet made its way yet into any of the major distros that I’m aware of. You’ll need git to grab the source (git clone git://github.com/apenwarr/sshuttle) and install it on the client machine. You do need root access on the client — nothing needs to be installed on the server.
To run sshuttle, you’ll need to be root or use sudo and then cd to the sshuttle directory you grabbed from Github. Use sshuttle -r user@remote.host.tld 0.0.0.0/0. You’ll want to replace the user@host stuff with your specifics, of course, and you’ll want to replace the IP address with the specific IP addresses you want to use.
Side note — if you don’t replace the IP with the addresses for the network you’re VPN’ing into what you get is a proxy for all traffic out through the remote server instead. This can be useful if you’re looking for a quick and dirty proxy for traffic because you don’t trust the local network. I’ve tried this mode using my server while sitting in the airport, and it seems to work transparently and fine.
A little caution should be employed when using sshuttle, however. First, since it doesn’t require root or administrator access on the remote machine, you want to make sure you’re not violating any company policies by using sshuttle. In other words, just because you have the technical ability to do something doesn’t necessarily mean you should or won’t get fired for doing so.
Second, it’s a relatively new application, and it hasn’t been widely tested in the wild. Use with caution, and be sure to report any problems to Pennarun. Since it’s on Github, it should be easy to suggest patches as well.
That said, sshuttle looks like an interesting little utility, and I think it might be useful for a lot of admins. Give it a shot and see what you think!
Joe ‘Zonker’
Brockmeier is a freelance writer and editor with more than 10 years covering IT. Formerly the openSUSE Community Manager for Novell, Brockmeier has written for Linux Magazine, Sys Admin, Linux Pro Magazine, IBM developerWorks, Linux.com, CIO.com, Linux Weekly News, ZDNet, and many other publications. You can reach Zonker at jzb@zonker.net and follow him on Twitter.
Joe Brockmeier is the editorial director of the Red Hat Blog. He joined Red Hat in 2013 as part of the Open Source and Standards (OSAS) group, now the Open Source Program Office (OSPO). Prior to Red Hat, Brockmeier worked for Citrix on the Apache OpenStack project, and was the first OpenSUSE community manager for Novell between 2008-2010. Brockmeier also has an extensive history in the tech press and publishing, having been editor-in-chief of Linux Magazine, editorial director of Linux.com, and a contributor to LWN.net, ZDNet, UnixReview.com, and many others.
ServerWatch is a top resource on servers. Explore the latest news, reviews and guides for server administrators now.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
