Using Sshuttle as a service

1 — Service Account

root@client> 
groupadd sshuttle
useradd -d /home/sshuttle -g sshuttle sshuttle
mkdir /home/sshuttle/.ssh
chown -R sshuttle:sshuttle /home/sshuttle
chmod 700 /home/sshuttle/.ssh
root@client> 
ssh-keygen -o -a 100 -t ed25519 -N "" -C "sshuttle_key" -f /home/sshuttle/.ssh/id_ed25519
root@client> su sshuttle
sshuttle@client> ssh targetServer

2 — Sudo access


sshuttle ALL=(root) NOPASSWD: /usr/bin/python /usr/share/sshuttle/main.py /usr/bin/python --firewall 12*** 0

3 — Install package

root@client> yum install sshuttle

4 — Service scripts

root@client> vi /etc/systemd/system/sshuttle.service[Unit]
Description=sshuttle service
After=network.target
[Service]
User=sshuttle
Restart=always
Type=forking
WorkingDirectory=/etc/sshuttle
ExecStart=/etc/sshuttle/sshuttle.py start
ExecStop=/etc/sshuttle/sshuttle.py stop
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
mkdir /etc/sshuttle
chown sshuttle:sshuttle /etc/sshuttle
sshuttle@client>  vi /etc/sshuttle/sshuttle.py
# make script executable
chmod +x /etc/sshuttle/sshuttle.py
systemctl status sshuttle
systemctl start sshutle
systemctl stop sshuttle

5 — Config File

sshuttle@client> vi /etc/sshuttle/config.json{
"HopServerA": [
"12.182.293.180/32",
"129.33.78.18/32",
"129.13.280.0/24",
"sftp.somehost.com"
],
"HopServerB": [
"11.38.26.0/24"
]
}
systemctl restart sshuttle
cat /srv/salt/pillar/servers/nycweb01.slssshuttle:
HopServerA:
- 12.182.293.180/32 # customer A
- 129.33.78.18/32 # customer B
- 129.13.280.0/24 # customer C
- sftp.somehost.com # ftp customer D
HopServerB:
- 11.38.26.0/24 # customer F

Update #1 — Keep Alive

rpath = "-r {0}@{1} {2} -l listen '0.0.0.0' --ssh-cmd 'ssh -o ServerAliveInterval=60' --no-latency-control".format(ssh_user, rhost, netrange)
--ssh-cmd 'ssh -o ServerAliveInterval=60' --no-latency-control'

Update #2 — Proxying via 2 or more hops

A needs to get to D, via B and C
# config.json on server A{
"0:serverB": [
"serverC hostname or IP",
],
"1:serverC": [
"serverD hostname or IP"
]
}
# config.json on server B
{
"serverC": [
"serverD hostname or IP"
]
}
sleep 3 to establish an SSH handshake
rpath = "-r {0}@{1} {2} -l {{ salt['pillar.get']('sshuttle:listen', '127.0.0.1') }} --ssh-cmd 'ssh -o ServerAliveInterval=60' --no-latency-control".format(ssh_user, rhost, netrange)
## Server B pillar
sshuttle:
listen: 0.0.0.0
relays:
serverC:
- serverD ip or hostname
rpath = "-r {0}@{1} {2} -l 0.0.0.0 --no-latency-control".format(ssh_user, rhost, netrange)
#3 connection will only start after #1 is established

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Customers will not come just because you build it

Spark Interview Guide : Part 3 : Spark SQL & Dataframe

A ‘real-world’ framework for backtesting Uniswap V3 strategies

CS371p Spring 2021: Joshua Brown

Neo-vim vs Vim

NeuML — 2021 Year in Review

How to create timed effects for enhanced user interaction (Part 1)

Why learn python?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mike R

Mike R

More from Medium

Auto enable tap-to-click on Surface Pro 4 after suspend with libinput

re-enable from mouse setting menu

How to Install jq(JSON processor) on RHEL/CentOS

Little Little Troubleshooting for Various Things

How to check the version before installing a package using apt-get?