adds sshuttle

2021-07-13 16:05:37 +02:00 · 2021-07-13 16:05:37 +02:00 · 211cedccb6
parent 06c37f84b9
commit 211cedccb6
1 changed files with 39 additions and 3 deletions
--- a/modules/qualifying/learning_ssh.md
+++ b/modules/qualifying/learning_ssh.md
@ -323,11 +323,12 @@ Last login: Tue Jul 13 14:12:18 2021 from 172.30.40.99
 We've done quite a bit of SFTP before so we won't go into detail here but if you forgot, go have a look at the networking exercises in the resources directory.
 I'm mentioning it because it's crucial to remember it's existence in order to understand the next topic, sshfs.
 If it's all a bit vague I urge you to read the `man sftp-server`.
 ## SSHFS
 Thanks to the sftp subsystem of ssh we can use it to copy files form one system to an other.
-Some clever guy's used it to build [sshfs]() which mounts a remote folder into our system so we can use it like a network share.
+Some clever guy's used it to build [sshfs](https://wiki.archlinux.org/title/SSHFS) which mounts a remote folder into our system so we can use it like a network share.
 It's a poor mans NFS that can be a true lifesaver.
 You'll have to install it onto the client where you want to mount the folder to.
 This can be done as follows, `sudo apt install sshfs`.
@ -365,6 +366,43 @@ bigone.ovpn         configuration    gitea.service  homeserver.yaml  linux64.out
 ➜  ~ git:(master) ✗ 
 ```
 Nice no?
 You can even add these mounts to your `/etc/fstab` file!
 ## SSHuttle
 SSHFS gives us a poor man's NFS and SSHuttle a poor man's VPN.
 Again, this is very handy additional program to install on your ssh **client** which requires no modifications to the ssh **server** you're connection to.
 You install it with trusty old `apt`, `sudo apt install sshuttle`.
 Now, what does it do?
 It creates a connection to a **remote** ssh server and adds **local** iptable rules to send all (or some) traffic via that remote server onto the internet.
 In practice it behaves as a VPN.
 To test this out I added an for you to one of my remote servers.
 Use the private key I'll give you in class to authenticate yourself as student@sproutsin.space.
 The syntax is as follows.
 ```
 ➜  ssh-keys git:(master) ✗ curl icanhazip.com
 85.28.111.118
 ➜  ssh-keys git:(master) ✗ sshuttle -r student@sproutsin.space -x sproutsin.space 0.0.0.0/0 --ssh-cmd 'ssh -i student' -D
 ➜  ssh-keys git:(master) ✗ curl icanhazip.com
 51.195.42.244
 ➜  ssh-keys git:(master) ✗ killall sshuttle
 ➜  ssh-keys git:(master) ✗ curl icanhazip.com
 85.28.111.118
 ➜  ssh-keys git:(master) ✗ 
 ```
 This might look a bit intimidating but I'll break down the command line options a bit.
 * `sshuttle` is the program you're using to create the VPN (it's a python3 script)
 * `-r student@sproutsin.space` is the remote host you want to send your traffic to
 * `-x sproutsin.space` is needed to exclude traffic to *that* specific host (the connection would fail otherwise)
 * `0.0.0.0/0` is the IP range you want to send through the VPN, in this case it's everything
 * `--ssh-cmd -i student` is needed to specify our specific private key (not needed if you use `~/.ssh/id_rsa.pub`)
 * `-D` will daemonize the VPN so you can continue to use the shell
 ## Tweaking the sshd configuration file
 All server configuration is done in the `/etc/ssh/sshd_config` file.
@ -396,5 +434,3 @@ Protocol
 ## Autossh
 ## SSHuttle