mirror of
https://github.com/sshuttle/sshuttle.git
synced 2025-01-19 12:28:28 +01:00
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
f528bb9846
This provides a way to avoid setting PYTHONPATH when invoking the privileged part of sshuttle with sudo. This is useful if running sshuttle as a PEX archive, as Telepresence does, as it enables sshuttle's sudo access to be securely locked down. PEX archives will extract themselves into the invoking user's home directory, which means that the invoking user has full control over the code in them. This makes restricting sudo access with PYTHONPATH set completely pointless in this scenario -- an attacker could put any code into ~/.pex and gain full root access anyway. On the other hand, if sshuttle is a PEX archive, the privileged invocation will simply extract itself into /root/.pex anyway, so there is no need to set PYTHONPATH in this case. |
||
|---|---|---|
| docs | ||
| sshuttle | ||
| .gitignore | ||
| .prospector.yml | ||
| .travis.yml | ||
| bandit.yml | ||
| CHANGES.rst | ||
| conftest.py | ||
| LICENSE | ||
| MANIFEST.in | ||
| README.rst | ||
| requirements-tests.txt | ||
| requirements.txt | ||
| run | ||
| setup.cfg | ||
| setup.py | ||
| tox.ini | ||
sshuttle: where transparent proxy meets VPN meets ssh
=====================================================
As far as I know, sshuttle is the only program that solves the following
common case:
- Your client machine (or router) is Linux, FreeBSD, or MacOS.
- You have access to a remote network via ssh.
- You don't necessarily have admin access on the remote network.
- The remote network has no VPN, or only stupid/complex VPN
protocols (IPsec, PPTP, etc). Or maybe you *are* the
admin and you just got frustrated with the awful state of
VPN tools.
- You don't want to create an ssh port forward for every
single host/port on the remote network.
- You hate openssh's port forwarding because it's randomly
slow and/or stupid.
- You can't use openssh's PermitTunnel feature because
it's disabled by default on openssh servers; plus it does
TCP-over-TCP, which has terrible performance (see below).
Obtaining sshuttle
------------------
- Debian stretch or later::
apt-get install sshuttle
- From PyPI::
sudo pip install sshuttle
- Clone::
git clone https://github.com/sshuttle/sshuttle.git
cd sshuttle
sudo ./setup.py install
It is also possible to install into a virtualenv as a non-root user.
- From PyPI::
virtualenv -p python3 /tmp/sshuttle
. /tmp/sshuttle/bin/activate
pip install sshuttle
- Clone::
virtualenv -p python3 /tmp/sshuttle
. /tmp/sshuttle/bin/activate
git clone https://github.com/sshuttle/sshuttle.git
cd sshuttle
./setup.py install
- Homebrew::
brew install sshuttle
Documentation
-------------
The documentation for the stable version is available at:
https://sshuttle.readthedocs.org/
The documentation for the latest development version is available at:
https://sshuttle.readthedocs.org/en/latest/