Skip to content

Instantly share code, notes, and snippets.

@nelaaro

nelaaro/sshuttle.md

Last active July 27, 2021 05:57
Show Gist options
  • Save nelaaro/e5be5f1a4a0a3e3ae5b57029db957f0d to your computer and use it in GitHub Desktop.
Save nelaaro/e5be5f1a4a0a3e3ae5b57029db957f0d to your computer and use it in GitHub Desktop.
Download ZIP
sshuttle
Raw
sshuttle.md

sshuttle to access remote networks

By following these steps you should have password less access to your remote hosts and networks via ssh and sshuttle.

Replace user with the your [user]. Put the relevant sections with configuration specific to your use case.

Configure sudo access

sshuttle --sudoers
Success, sudoers file update.

Copy users ssh key identity to targe server

ssh-copy-id  [user]@some.remote.host.com

run sshuttle to connect

sshuttle -v -r [user]@some.remote.host.com 10.0.0.0/16 10.1.0.0/16 10.2.0.0/16

There should now be no password prompt to securely access this server and the subnets it routes

Add systemd unit file to user

nvim /home/[user]/.config/systemd/user/sshuttle.service

Here is a unit template for

# /home/[user]/.config/systemd/user/sshuttle.service

[Unit]
Description=sshuttle service a permanent tunnel
After=network.target

[Service]
# https://gist.github.com/theherk/8b1bf162a2403cca40f3dfd968be7853
ExecStart=/usr/bin/sshuttle -r [user]@some.remote.host.com 10.0.0.0/16 10.1.0.0/16 10.2.0.0/16 --pidfile=/run/user/%U/sshuttle.pid 
Restart=no
Type=simple
PIDFile=/run/user/%U/sshuttle.pid

Running the service

By placing this unit in your users control you can start and stop it and it will have access to your ssh-agent keys

I have a vpn that I use to connect to the host which I have to run first.

systemctl --user daemon-reload
systemctl --user start sshuttle.service

To confirm every thing is working correctly

journalctl --user -u sshuttle.ct.service -f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment