khxu 2015-05-28
sshuttle 允许你通过 ssh 创建一条从你电脑连接到任何远程服务器的 VPN 连接,只要你的服务器支持 python2.3 或则更高的版本。你必须有本机的 root 权限,但是你可以在服务端有普通账户即可。
你可以在一台机器上同时运行多次 sshuttle 来连接到不同的服务器上,这样你就可以同时使用多个 VPN, sshuttle可以转发你子网中所有流量到VPN中。
在终端中输入下面的命令
<span class="pln">sudo apt</span><span class="pun">-</span><span class="kwd">get</span><span class="pln"> install sshuttle</span>
<span class="pln">sshuttle </span><span class="pun">[</span><span class="pln">options</span><span class="pun">...]</span><span class="pun">[-</span><span class="pln">r </span><span class="pun">[</span><span class="pln">username@</span><span class="pun">]</span><span class="pln">sshserver</span><span class="pun">[:</span><span class="pln">port</span><span class="pun">]]</span><span class="pun">[</span><span class="pln">subnets</span><span class="pun">]</span>
-r, —remote=[username@]sshserver[:port]
远程主机名和可选的用户名,用于连接远程服务器的ssh端口号。比如example.com、[email protected]、[email protected]:2222或者example.com:2244。
在机器中使用下面的命令:
<span class="pln">sudo sshuttle </span><span class="pun">-</span><span class="pln">r username@sshserver </span><span class="lit">0.0</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">/</span><span class="lit">0</span><span class="pun">-</span><span class="pln">vv</span>
当开始后,sshuttle会创建一个ssh会话到由-r指定的服务器。如果-r被丢了,它会在本地运行客户端和服务端,这个有时会在测试时有用。
连接到远程服务器后,sshuttle会上传它的(python)源码到远程服务器并执行。所以,你就不需要在远程服务器上安装sshuttle,并且客户端和服务器端间不会存在sshuttle版本冲突。
代理所有的本地连接用于本地测试,没有使用ssh:
<span class="pln">$ sudo sshuttle </span><span class="pun">-</span><span class="pln">v </span><span class="lit">0</span><span class="pun">/</span><span class="lit">0</span>
<span class="typ">Starting</span><span class="pln"> sshuttle proxy</span><span class="pun">.</span>
<span class="typ">Listening</span><span class="pln"> on </span><span class="pun">(‘</span><span class="lit">0.0</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">′,</span><span class="lit">12300</span><span class="pun">).</span>
<span class="pun">[</span><span class="kwd">local</span><span class="pln"> sudo</span><span class="pun">]</span><span class="typ">Password</span><span class="pun">:</span>
<span class="pln">firewall manager ready</span><span class="pun">.</span>
<span class="pln">c </span><span class="pun">:</span><span class="pln"> connecting to server</span><span class="pun">...</span>
<span class="pln">s</span><span class="pun">:</span><span class="pln"> available routes</span><span class="pun">:</span>
<span class="pln">s</span><span class="pun">:</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">42.0</span><span class="pun">/</span><span class="lit">24</span>
<span class="pln">c </span><span class="pun">:</span><span class="pln"> connected</span><span class="pun">.</span>
<span class="pln">firewall manager</span><span class="pun">:</span><span class="pln"> starting transproxy</span><span class="pun">.</span>
<span class="pln">c </span><span class="pun">:</span><span class="typ">Accept</span><span class="pun">:</span><span class="pun">‘</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">42.106</span><span class="str">':50035 -> ‘192.168.42.121'</span><span class="pun">:</span><span class="lit">139.</span>
<span class="pln">c </span><span class="pun">:</span><span class="typ">Accept</span><span class="pun">:</span><span class="pun">‘</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">42.121</span><span class="str">':47523 -> ‘77.141.99.22'</span><span class="pun">:</span><span class="lit">443.</span>
<span class="pun">...</span><span class="pln">etc</span><span class="pun">...</span>
<span class="pun">^</span><span class="pln">C</span>
<span class="pln">firewall manager</span><span class="pun">:</span><span class="pln"> undoing changes</span><span class="pun">.</span>
<span class="typ">KeyboardInterrupt</span>
<span class="pln">c </span><span class="pun">:</span><span class="typ">Keyboard</span><span class="pln"> interrupt</span><span class="pun">:</span><span class="pln"> exiting</span><span class="pun">.</span>
<span class="pln">c </span><span class="pun">:</span><span class="pln"> SW</span><span class="com">#8:192.168.42.121:47523: deleting</span>
<span class="pln">c </span><span class="pun">:</span><span class="pln"> SW</span><span class="com">#6:192.168.42.106:50035: deleting</span>
测试到远程服务器上的连接,自动猜测主机名和子网:
<span class="pln">$ sudo sshuttle </span><span class="pun">-</span><span class="pln">vNHr example</span><span class="pun">.</span><span class="pln">org</span>
<span class="typ">Starting</span><span class="pln"> sshuttle proxy</span><span class="pun">.</span>
<span class="typ">Listening</span><span class="pln"> on </span><span class="pun">(‘</span><span class="lit">0.0</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">′,</span><span class="lit">12300</span><span class="pun">).</span>
<span class="pln">firewall manager ready</span><span class="pun">.</span>
<span class="pln">c </span><span class="pun">:</span><span class="pln"> connecting to server</span><span class="pun">...</span>
<span class="pln">s</span><span class="pun">:</span><span class="pln"> available routes</span><span class="pun">:</span>
<span class="pln">s</span><span class="pun">:</span><span class="lit">77.141</span><span class="pun">.</span><span class="lit">99.0</span><span class="pun">/</span><span class="lit">24</span>
<span class="pln">c </span><span class="pun">:</span><span class="pln"> connected</span><span class="pun">.</span>
<span class="pln">c </span><span class="pun">:</span><span class="pln"> seed_hosts</span><span class="pun">:</span><span class="pun">[]</span>
<span class="pln">firewall manager</span><span class="pun">:</span><span class="pln"> starting transproxy</span><span class="pun">.</span>
<span class="pln">hostwatch</span><span class="pun">:</span><span class="typ">Found</span><span class="pun">:</span><span class="pln"> testbox1</span><span class="pun">:</span><span class="lit">1.2</span><span class="pun">.</span><span class="lit">3.4</span>
<span class="pln">hostwatch</span><span class="pun">:</span><span class="typ">Found</span><span class="pun">:</span><span class="pln"> mytest2</span><span class="pun">:</span><span class="lit">5.6</span><span class="pun">.</span><span class="lit">7.8</span>
<span class="pln">hostwatch</span><span class="pun">:</span><span class="typ">Found</span><span class="pun">:</span><span class="pln"> domaincontroller</span><span class="pun">:</span><span class="lit">99.1</span><span class="pun">.</span><span class="lit">2.3</span>
<span class="pln">c </span><span class="pun">:</span><span class="typ">Accept</span><span class="pun">:</span><span class="pun">‘</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">42.121</span><span class="str">':60554 -> ‘77.141.99.22'</span><span class="pun">:</span><span class="lit">22.</span>
<span class="pun">^</span><span class="pln">C</span>
<span class="pln">firewall manager</span><span class="pun">:</span><span class="pln"> undoing changes</span><span class="pun">.</span>
<span class="pln">c </span><span class="pun">:</span><span class="typ">Keyboard</span><span class="pln"> interrupt</span><span class="pun">:</span><span class="pln"> exiting</span><span class="pun">.</span>
<span class="pln">c </span><span class="pun">:</span><span class="pln"> SW</span><span class="com">#6:192.168.42.121:60554: deleting</span>
via: http://www.ubuntugeek.com/sshuttle-a-transparent-proxy-based-vpn-using-ssh.html