SSHuttle is a powerful, VPN-like tool that allows Linux users to securely route network traffic through a remote server using SSH. It is ideal for scenarios where you need secure traffic encryption, bypassing firewalls, or accessing restricted resources without the overhead of setting up a full-fledged VPN.
In this tutorial you will learn:
- How to route all your traffic through SSH with SSHuttle
- Advanced SSHuttle options to enhance functionality
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Any Linux distribution of your choice with SSH access |
| Software | SSHuttle |
| Other | An SSH server configured and accessible |
| Conventions | # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Getting Started with SSHuttle
The most basic use of SSHuttle is to route all your traffic through a remote SSH server. This creates a VPN-like tunnel for all your network activity.
- Route All Traffic Through SSH: Securely route all network traffic through a remote SSH server.
$ sshuttle -r user@remote-server 0/0
This command directs all outgoing traffic (
0/0means all IP ranges) through the remote server. Replaceuserwith your SSH username andremote-serverwith the SSH server’s hostname or IP address. After running this, your internet activity will appear as originating from the remote server, bypassing any local firewalls or network restrictions.PING NOT WORKING
SSHuttle does not support ICMP traffic, so ping commands won’t work. It only routes TCP and optionally DNS traffic. Use tools like curl or ssh to test connectivity instead. - Include DNS Traffic: Prevent DNS leaks by routing DNS queries through the remote server.
$ sshuttle -r user@remote-server --dns 0/0
The
--dnsoption ensures that DNS requests are also encrypted and routed through the SSH tunnel.This is essential for maintaining privacy and avoiding DNS leaks while using SSHuttle. - Route Specific Traffic Only: Limit routing to a specific subnet, such as internal corporate resources.
$ sshuttle -r user@remote-server 10.1.2.0/24
This example routes traffic only for the
10.1.2.xsubnet through the ssh tunnel. Useful for accessing remote internal systems without routing unrelated internet traffic.
Route Specific Traffic Only - Bind to a Specific Network Interface: Control which network interface SSHuttle listens on.
$ sshuttle --listen 10.1.2.99 -r user@remote-server 0/0
The
--listenoption binds SSHuttle to a specific local interface, such as10.1.2.99. This is particularly useful in multi-interface systems to restrict SSHuttle’s traffic. - Run as a Daemon: Keep SSHuttle running in the background.
$ sshuttle -r user@remote-server 0/0 -D
The
-Doption runs SSHuttle as a daemon (background process). Combine this with logging for monitoring:$ sshuttle -r user@remote-server 0/0 -D --logfile /path/to/logfile.log
- Exclude Specific Hosts: Prevent certain IPs or domains from being routed through SSHuttle.
$ sshuttle -r user@remote-server 0/0 --exclude example.com
Use the
--excludeoption to bypass specific hosts or subnets, such asexample.com. Combine exclusions to handle multiple cases:$ sshuttle -r user@remote-server 0/0 --exclude example.com --exclude 10.1.2.99
This allows you to optimize routing and avoid unnecessary traffic over the tunnel.
Conclusion
SSHuttle is a versatile tool that simplifies secure traffic routing through SSH. Whether you need to route all traffic, access specific subnets, or enhance functionality with options like DNS routing and traffic compression, SSHuttle provides a lightweight, flexible solution. By combining the examples above, you can tailor SSHuttle to your specific networking needs.
