A logo that says ‘OP&C’

Use sshuttle to send your SSH connection’s connection through an SSH connection

I think that’s what this is doing?

Oddly specific use cases

  • You have a PiHole on your network and you want to update the list of blocked domains but the adlist is hosted on https://raw.githubusercontent.com and that URL is blocked by your ISP because of reasons.
  • You want to add a software signing key to the Debian box on your network so you can install some software from a private repository but the software signing key link is blocked by your ISP because of reasons.

Requirements

  • An SSH login on a server that is in a network location where githubsercontent and/or the signing key server is not blocked. (for the following examples we’ll call that server yourserver.com)
  • sshuttle installed on the computer that needs to have its connection go through yourserver.com. (and let’s call that computer PiHole)

TL;DR:

  1. Connect to PiHole (Connection 1) and run sshuttle --dns -vv -r user@ yourserver.com 0/0 -x yourserver.com
  2. Make a separate connection to PiHole (Connection 2) and run pihole -g to update the adlists (or see here for a software signing key example)

Walking through it …

You’ll open two separate connections to PiHole.

Connection 1 / Terminal Window 1

  • SSH to PiHole (Connection 1).
  • Run curl ipinfo.io to see which IP address you are connecting from on PiHole.
  • Run the command sshuttle --dns -vv -r user@ yourserver.com 0/0 -x yourserver.com and provide the password to log in.

Connection 2 / Terminal Window 2

  • SSH connection to PiHole (Connection 2).
  • Run curl ipinfo.io to see which IP address you are connecting from now. (it should be that of yourserver.com)
  • Run your other commands.
  • ??
  • Profit.

Explanations

What is the sshuttle command doing?

sshuttle --dns -vv -r user@yourserver.com 0/0 -x yourserver.com

  • --dns flag – sends the DNS lookups through the sshuttle connection to yourserver.com as well, so your ISP can’t see those either.
  • -vv flag – controls how much info sshuttle prints to the screen while in operation. Not essential. -v means ‘verbose’, -vv means doubly-verbose I guess? (Okay actually -vv means ‘very verbose’)
  • -r user@yourserver.com – the -r flag means ‘remote’, so it opens an SSH connection to the server address that follows.
  • 0/0 – this tells sshuttle which traffic should be sent to yourserver.com. (0/0 means ‘all of it’, which is required for this use-case)
  • -x yourserver.com – the -x flag means ‘exclude’, so this stops traffic to that server address from being sent through the sshuttle connection, which would cause a loop.

What is sshuttle

From the Github, it’s a “transparent proxy server that works as a poor man’s VPN. Forwards over ssh. Doesn’t require admin. Works with Linux and MacOS. Supports DNS tunneling.”

More about sshuttle
sshuttle Github
sshuttle docs

How to install sshuttle

sudo apt-get update then sudo apt-get install sshuttle

Or see here for install instructions for different OSs.

Yo dawg I heard you liked

Sponsor-presented message:
Brought to you by sshuttlewho heard you liked SSH connectionsso they let you put an SSH connectioninside of your SSH connection