System Servicessshvpnproxytunnelnetworkingiptables

sshuttle

Transparent proxy server for VPN over SSH. Forwards all traffic through an SSH tunnel to access remote networks.

Description

Sshuttle makes it possible to access remote networks using SSH. It creates a transparent proxy server, using iptables, that will forward all the traffic through an SSH tunnel to a remote copy of sshuttle. It does not require installation on the remote server, which just needs to have Python installed.

This tool is particularly useful for creating VPN-like functionality without needing root access or special software on the target server. It leverages existing SSH connectivity to route traffic transparently, making it ideal for secure network access in pentesting scenarios.

Sshuttle is featured in OffSec's PEN-200 course under Port Redirection and SSH Tunneling.

How It Works

Sshuttle operates by creating a transparent proxy server using iptables (or nftables) on the local machine. It captures traffic destined for specified subnets and forwards it through an SSH tunnel to a remote sshuttle instance running over SSH. The remote side requires only Python. Local DNS requests can be captured and forwarded to the remote DNS server. The solution uses SSH for secure tunneling without needing VPN server installation.

Installation

bash
sudo apt install sshuttle

Flags

-h, --helpshow this help message and exit
-l, --listen [IP:]PORTtransproxy to this ip address and port number
-H, --auto-hostscontinuously scan for remote hostnames and update local /etc/hosts as they are found
-N, --auto-netsautomatically determine subnets to route
--dnscapture local DNS requests and forward to the remote DNS server

Examples

Show the help message and usage information
sshuttle -h
Forward traffic for subnet 192.168.1.0/24 through SSH tunnel to sshserver
sshuttle -r user@sshserver 192.168.1.0/24
Listen on port 2222 and forward traffic for 10.0.0.0/8 subnet via SSH
sshuttle -l 0.0.0.0:2222 -r user@sshserver 10.0.0.0/8
Capture DNS requests and forward traffic for 172.16.0.0/12 through SSH tunnel
sshuttle --dns -r user@sshserver 172.16.0.0/12
Auto-update /etc/hosts with discovered hostnames while forwarding 192.168.0.0/16 traffic
sshuttle -H -r user@sshserver 192.168.0.0/16
Automatically detect subnets to route through the SSH tunnel
sshuttle -N -r user@sshserver
Updated 2026-04-16kali.org ↗