sshuttle:一个使用ssh的基于VPN的透明代理

khxu 2015-05-28

sshuttle 允许你通过 ssh 创建一条从你电脑连接到任何远程服务器的 VPN 连接,只要你的服务器支持 python2.3 或则更高的版本。你必须有本机的 root 权限,但是你可以在服务端有普通账户即可。

你可以在一台机器上同时运行多次 sshuttle 来连接到不同的服务器上,这样你就可以同时使用多个 VPN, sshuttle可以转发你子网中所有流量到VPN中。

sshuttle:一个使用ssh的基于VPN的透明代理

 

在Ubuntu中安装sshuttle

在终端中输入下面的命令

  1. <span class="pln">sudo apt</span><span class="pun">-</span><span class="kwd">get</span><span class="pln"> install sshuttle</span>

 

使用 sshuttle

 

sshuttle 语法

  1. <span class="pln">sshuttle </span><span class="pun">[</span><span class="pln">options</span><span class="pun">...]</span><span class="pun">[-</span><span class="pln">r </span><span class="pun">[</span><span class="pln">username@</span><span class="pun">]</span><span class="pln">sshserver</span><span class="pun">[:</span><span class="pln">port</span><span class="pun">]]</span><span class="pun">[</span><span class="pln">subnets</span><span class="pun">]</span>

 

选项细节

-r, —remote=[username@]sshserver[:port]

远程主机名和可选的用户名,用于连接远程服务器的ssh端口号。比如example.com、[email protected][email protected]:2222或者example.com:2244。

 

sshuttle 例子

在机器中使用下面的命令:

  1. <span class="pln">sudo sshuttle </span><span class="pun">-</span><span class="pln">r username@sshserver </span><span class="lit">0.0</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">/</span><span class="lit">0</span><span class="pun">-</span><span class="pln">vv</span>

当开始后,sshuttle会创建一个ssh会话到由-r指定的服务器。如果-r被丢了,它会在本地运行客户端和服务端,这个有时会在测试时有用。

连接到远程服务器后,sshuttle会上传它的(python)源码到远程服务器并执行。所以,你就不需要在远程服务器上安装sshuttle,并且客户端和服务器端间不会存在sshuttle版本冲突。

 

手册中的更多例子

代理所有的本地连接用于本地测试,没有使用ssh:

  1. <span class="pln">$ sudo sshuttle </span><span class="pun">-</span><span class="pln">v </span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span>
  2. <span class="typ">Starting</span><span class="pln"> sshuttle proxy</span><span class="pun">.</span>
  3. <span class="typ">Listening</span><span class="pln"> on </span><span class="pun">(‘</span><span class="lit">0.0</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">′,</span><span class="lit">12300</span><span class="pun">).</span>
  4. <span class="pun">[</span><span class="kwd">local</span><span class="pln"> sudo</span><span class="pun">]</span><span class="typ">Password</span><span class="pun">:</span>
  5. <span class="pln">firewall manager ready</span><span class="pun">.</span>
  6. <span class="pln">c </span><span class="pun">:</span><span class="pln"> connecting to server</span><span class="pun">...</span>
  7. <span class="pln">s</span><span class="pun">:</span><span class="pln"> available routes</span><span class="pun">:</span>
  8. <span class="pln">s</span><span class="pun">:</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">42.0</span><span class="pun">/</span><span class="lit">24</span>
  9. <span class="pln">c </span><span class="pun">:</span><span class="pln"> connected</span><span class="pun">.</span>
  10. <span class="pln">firewall manager</span><span class="pun">:</span><span class="pln"> starting transproxy</span><span class="pun">.</span>
  11. <span class="pln">c </span><span class="pun">:</span><span class="typ">Accept</span><span class="pun">:</span><span class="pun">‘</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">42.106</span><span class="str">':50035 -> ‘192.168.42.121'</span><span class="pun">:</span><span class="lit">139.</span>
  12. <span class="pln">c </span><span class="pun">:</span><span class="typ">Accept</span><span class="pun">:</span><span class="pun">‘</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">42.121</span><span class="str">':47523 -> ‘77.141.99.22'</span><span class="pun">:</span><span class="lit">443.</span>
  13. <span class="pun">...</span><span class="pln">etc</span><span class="pun">...</span>
  14. <span class="pun">^</span><span class="pln">C</span>
  15. <span class="pln">firewall manager</span><span class="pun">:</span><span class="pln"> undoing changes</span><span class="pun">.</span>
  16. <span class="typ">KeyboardInterrupt</span>
  17. <span class="pln">c </span><span class="pun">:</span><span class="typ">Keyboard</span><span class="pln"> interrupt</span><span class="pun">:</span><span class="pln"> exiting</span><span class="pun">.</span>
  18. <span class="pln">c </span><span class="pun">:</span><span class="pln"> SW</span><span class="com">#8:192.168.42.121:47523: deleting</span>
  19. <span class="pln">c </span><span class="pun">:</span><span class="pln"> SW</span><span class="com">#6:192.168.42.106:50035: deleting</span>

测试到远程服务器上的连接,自动猜测主机名和子网:

  1. <span class="pln">$ sudo sshuttle </span><span class="pun">-</span><span class="pln">vNHr example</span><span class="pun">.</span><span class="pln">org</span>
  2. <span class="typ">Starting</span><span class="pln"> sshuttle proxy</span><span class="pun">.</span>
  3. <span class="typ">Listening</span><span class="pln"> on </span><span class="pun">(‘</span><span class="lit">0.0</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">′,</span><span class="lit">12300</span><span class="pun">).</span>
  4. <span class="pln">firewall manager ready</span><span class="pun">.</span>
  5. <span class="pln">c </span><span class="pun">:</span><span class="pln"> connecting to server</span><span class="pun">...</span>
  6. <span class="pln">s</span><span class="pun">:</span><span class="pln"> available routes</span><span class="pun">:</span>
  7. <span class="pln">s</span><span class="pun">:</span><span class="lit">77.141</span><span class="pun">.</span><span class="lit">99.0</span><span class="pun">/</span><span class="lit">24</span>
  8. <span class="pln">c </span><span class="pun">:</span><span class="pln"> connected</span><span class="pun">.</span>
  9. <span class="pln">c </span><span class="pun">:</span><span class="pln"> seed_hosts</span><span class="pun">:</span><span class="pun">[]</span>
  10. <span class="pln">firewall manager</span><span class="pun">:</span><span class="pln"> starting transproxy</span><span class="pun">.</span>
  11. <span class="pln">hostwatch</span><span class="pun">:</span><span class="typ">Found</span><span class="pun">:</span><span class="pln"> testbox1</span><span class="pun">:</span><span class="lit">1.2</span><span class="pun">.</span><span class="lit">3.4</span>
  12. <span class="pln">hostwatch</span><span class="pun">:</span><span class="typ">Found</span><span class="pun">:</span><span class="pln"> mytest2</span><span class="pun">:</span><span class="lit">5.6</span><span class="pun">.</span><span class="lit">7.8</span>
  13. <span class="pln">hostwatch</span><span class="pun">:</span><span class="typ">Found</span><span class="pun">:</span><span class="pln"> domaincontroller</span><span class="pun">:</span><span class="lit">99.1</span><span class="pun">.</span><span class="lit">2.3</span>
  14. <span class="pln">c </span><span class="pun">:</span><span class="typ">Accept</span><span class="pun">:</span><span class="pun">‘</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">42.121</span><span class="str">':60554 -> ‘77.141.99.22'</span><span class="pun">:</span><span class="lit">22.</span>
  15. <span class="pun">^</span><span class="pln">C</span>
  16. <span class="pln">firewall manager</span><span class="pun">:</span><span class="pln"> undoing changes</span><span class="pun">.</span>
  17. <span class="pln">c </span><span class="pun">:</span><span class="typ">Keyboard</span><span class="pln"> interrupt</span><span class="pun">:</span><span class="pln"> exiting</span><span class="pun">.</span>
  18. <span class="pln">c </span><span class="pun">:</span><span class="pln"> SW</span><span class="com">#6:192.168.42.121:60554: deleting</span>

via: http://www.ubuntugeek.com/sshuttle-a-transparent-proxy-based-vpn-using-ssh.html

作者:ruchi 译者:geekpi 校对:wxy

本文由 LCTT 原创翻译,Linux中国 荣誉推出

来源:http://linux.cn/article-5528-1.html

相关推荐