Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Network Pivoting, Port Forwarding, and Tunneling
  2. SSH Tunneling

Sshuttle over SSH

How to Set Up SSHuttle: A Transparent VPN Tunnel Over SSH

SSHuttle is a Python-based tool that allows you to create a VPN-like tunnel over an existing SSH connection. Unlike traditional SSH tunneling, SSHuttle works at a network layer level, forwarding all traffic through an SSH server as if you were physically located in the remote network. This is especially useful when you don’t want to manually configure specific ports for forwarding.

In this guide, we’ll walk through how to set up SSHuttle for transparent, on-the-fly tunneling.

Why Use SSHuttle?

  • Transparent tunneling: It works on a network level and doesn't require configuring individual ports or services.

  • No need to install extra software: It uses SSH, which is likely already set up on the remote machine.

  • Simplicity: SSHuttle is simple to set up and requires no additional configuration on the remote server.

  • Cross-platform: It works on Linux, macOS, and other Unix-like systems.

Installing SSHuttle

SSHuttle can be easily installed on most Linux distributions via the package manager:

sudo apt install sshuttle

Basic SSHuttle Command

Once SSHuttle is installed, you can start tunneling traffic with a simple command:

sshuttle -r [username]@[remote_host] [subnet]

  • -r [username]@[remote_host]: Specifies the remote SSH server to connect to.

  • [subnet]: The subnet you want to route traffic to. You can use 0/0 to route all traffic (which is commonly used for a full VPN tunnel).

Example:

sshuttle -r user@remote-server.com 0/0

This will route all traffic from your local machine through the SSH connection to remote-server.com, effectively creating a VPN-like tunnel.

Advanced SSHuttle Usage

1. Specifying Local Ports

If you only want to route specific IP addresses or networks through the SSH tunnel, you can specify a particular subnet.

sshuttle -r user@remote-server.com 192.168.1.0/24

This will only route traffic destined for 192.168.1.0/24 through the SSH server.

2. Setting Up DNS Forwarding

By default, SSHuttle doesn’t forward DNS queries, which means DNS requests might not resolve correctly when using the tunnel. To ensure DNS queries are forwarded through the tunnel, use the -D option:

sshuttle -r user@remote-server.com -D 0/0

This will ensure that DNS queries, along with other traffic, are routed through the tunnel.

3. Specifying a Local Gateway

In some cases, you may want to specify which local network interface SSHuttle uses. To do this, you can use the -g flag:

sshuttle -r user@remote-server.com -g eth0 0/0

This will force SSHuttle to use the eth0 interface for routing traffic.

4. Running SSHuttle in the Background

If you don’t want to keep the terminal session open, you can run SSHuttle in the background using the -d flag:

sshuttle -r user@remote-server.com -d 0/0 &

This will start the SSHuttle process in the background.

Checking the Tunnel

To verify that SSHuttle is running and that your traffic is routing through the remote server, you can check your IP address using an online service like WhatIsMyIP.com. If the SSH tunnel is working, your IP address should appear as that of the remote server.

You can also use network diagnostic tools like traceroute or ping to confirm that your traffic is being routed correctly.

Stopping the SSHuttle Tunnel

To stop SSHuttle, simply press Ctrl+C in the terminal where it’s running, or find and kill the process manually:

  1. Find the process ID (PID) of SSHuttle:

    ps aux | grep sshuttle

  2. Kill the process:

    kill [PID]

Troubleshooting

  • Permission Denied: If you encounter a "Permission Denied" error, make sure that your SSH key is correctly configured and that you have the appropriate permissions on the remote server.

  • DNS Issues: If you’re having DNS issues, try using the -D flag to forward DNS queries.

  • No Route to Host: If you receive a "No route to host" error, make sure the remote server is accessible and that you’re specifying the correct subnet.

PreviousSSH Dynamic Port ForwardingNextPort Fowarding

Last updated 18 days ago