sshuttle

Who

  • Avery Pennarun <apenwarr@gmail.com> via the README

Concept

  • iptables REDIRECT on client
  • multiplexer on server for outbound
  • multiplexer on client for inbound
  • <quote>sshuttle assembles the TCP stream locally, multiplexes it statefully over an ssh session, and disassembles it back into packets at the other end. So it never ends up doing TCP-over-TCP. It’s just data-over-TCP, which is safe.</quote>
  • <quote>After connecting to the remote server, sshuttle uploads its (python) source code to the remote end and executes it there. </quote>
  • <quote>Unlike most VPNs, sshuttle forwards sessions, not packets. That is, it uses kernel transparent proxying (`iptables REDIRECT` rules on Linux, or `ipfw fwd` rules on BSD) to capture outgoing TCP sessions, then creates entirely separate TCP sessions out to the original destination at the other end of the tunnel.</quote>
  • Merges Fast Forward, Double Vision, Tunnel Vision

Requirements

client-side

  • Linux
  • python
  • root
  • iptables
  • redo (a make clone)

server-side

  • (ssh) shell access
  • python 2.3
  • not required
    • root
    • PermitTunnel in sshd_config

Omissions

  • IPv6, the code seems to be IPv4 “dotted quad” only.

Related

Promotions