Recently stumbled across sshuttle, a useful tool for proxying connections through a server over SSH.

This is useful when you have SSH access to a server but can’t or don’t want to setup a full-blown VPN solution on local or the remote server.

It functions much like a VPN, forwarding any TCP connections with the specified destination IP addresses through the proxy server.

It doesn’t require that the client application have any special capabilities unlike SOCKS proxies.

An added perk is it doesn’t require you to have admin access to the remote server for it to work.

Usage

A scenario could go like this - to access destination in a private network from local with SSH access to remote:

                         +--Private-Network---------------------------------+
                         |                                                  |
+-----------+            |  +------------+             +-----------------+  |
|           |            |  |            |             |                 |  |
|   local   +------SSH------>   remote   +-----TCP----->   destination   |  |
|           |            |  |            |             |                 |  |
+-----------+            |  +------------+             +-----------------+  |
                         |                                                  |
                         +--------------------------------------------------+

Firstly, install sshuttle on local.

Secondly setup SSH access with remote if it hasn’t already been setup; SSH setup can be a whole topic on its own so I won’t go into it here.

If you only have the hostname for destination, the IP address(es) can be obtained with:

host <hostname of destination>

Then, assuming SSH access has been setup for remote, run the following command on local:

sshuttle -vr remote <IP or subnet of destination>

The -v option toggles verbose logging while sshuttle runs, this would print a log similar to the following if a connection has been proxied:

c : Accept: 192.168.42.121:47523 -> 77.141.99.22:443.