adds sshuttle
This commit is contained in:
parent
06c37f84b9
commit
211cedccb6
|
@ -323,11 +323,12 @@ Last login: Tue Jul 13 14:12:18 2021 from 172.30.40.99
|
|||
|
||||
We've done quite a bit of SFTP before so we won't go into detail here but if you forgot, go have a look at the networking exercises in the resources directory.
|
||||
I'm mentioning it because it's crucial to remember it's existence in order to understand the next topic, sshfs.
|
||||
If it's all a bit vague I urge you to read the `man sftp-server`.
|
||||
|
||||
## SSHFS
|
||||
|
||||
Thanks to the sftp subsystem of ssh we can use it to copy files form one system to an other.
|
||||
Some clever guy's used it to build [sshfs]() which mounts a remote folder into our system so we can use it like a network share.
|
||||
Some clever guy's used it to build [sshfs](https://wiki.archlinux.org/title/SSHFS) which mounts a remote folder into our system so we can use it like a network share.
|
||||
It's a poor mans NFS that can be a true lifesaver.
|
||||
You'll have to install it onto the client where you want to mount the folder to.
|
||||
This can be done as follows, `sudo apt install sshfs`.
|
||||
|
@ -365,6 +366,43 @@ bigone.ovpn configuration gitea.service homeserver.yaml linux64.out
|
|||
➜ ~ git:(master) ✗
|
||||
```
|
||||
|
||||
Nice no?
|
||||
You can even add these mounts to your `/etc/fstab` file!
|
||||
|
||||
## SSHuttle
|
||||
|
||||
SSHFS gives us a poor man's NFS and SSHuttle a poor man's VPN.
|
||||
Again, this is very handy additional program to install on your ssh **client** which requires no modifications to the ssh **server** you're connection to.
|
||||
You install it with trusty old `apt`, `sudo apt install sshuttle`.
|
||||
|
||||
Now, what does it do?
|
||||
It creates a connection to a **remote** ssh server and adds **local** iptable rules to send all (or some) traffic via that remote server onto the internet.
|
||||
In practice it behaves as a VPN.
|
||||
To test this out I added an for you to one of my remote servers.
|
||||
Use the private key I'll give you in class to authenticate yourself as student@sproutsin.space.
|
||||
The syntax is as follows.
|
||||
|
||||
```
|
||||
➜ ssh-keys git:(master) ✗ curl icanhazip.com
|
||||
85.28.111.118
|
||||
➜ ssh-keys git:(master) ✗ sshuttle -r student@sproutsin.space -x sproutsin.space 0.0.0.0/0 --ssh-cmd 'ssh -i student' -D
|
||||
➜ ssh-keys git:(master) ✗ curl icanhazip.com
|
||||
51.195.42.244
|
||||
➜ ssh-keys git:(master) ✗ killall sshuttle
|
||||
➜ ssh-keys git:(master) ✗ curl icanhazip.com
|
||||
85.28.111.118
|
||||
➜ ssh-keys git:(master) ✗
|
||||
```
|
||||
|
||||
This might look a bit intimidating but I'll break down the command line options a bit.
|
||||
|
||||
* `sshuttle` is the program you're using to create the VPN (it's a python3 script)
|
||||
* `-r student@sproutsin.space` is the remote host you want to send your traffic to
|
||||
* `-x sproutsin.space` is needed to exclude traffic to *that* specific host (the connection would fail otherwise)
|
||||
* `0.0.0.0/0` is the IP range you want to send through the VPN, in this case it's everything
|
||||
* `--ssh-cmd -i student` is needed to specify our specific private key (not needed if you use `~/.ssh/id_rsa.pub`)
|
||||
* `-D` will daemonize the VPN so you can continue to use the shell
|
||||
|
||||
## Tweaking the sshd configuration file
|
||||
|
||||
All server configuration is done in the `/etc/ssh/sshd_config` file.
|
||||
|
@ -396,5 +434,3 @@ Protocol
|
|||
|
||||
## Autossh
|
||||
|
||||
## SSHuttle
|
||||
|
||||
|
|
Loading…
Reference in New Issue