Can I ssh from remote back to client with just sshuttle running?

775 views
Skip to first unread message

jolle...@gmail.com

unread,
Aug 11, 2018, 8:02:56 AM8/11/18
to sshuttle
I can successfully run sshuttle to connect from my client to my remote server. From time to time, I'd like to ssh from the remote server back to my client machine. Is this possible over sshuttle? Before I started using sshuttle, I would open up a reverse ssh tunnel which would open port 2222 on the remote end. When I wanted to get back into my client machine I could run "ssh -p 2222 localhost" and I would be on the client machine. Is there a natural way to do that with sshuttle, or should I continue to also open up the reverse ssh over port 2222?

Gabriel Filion

unread,
Aug 13, 2018, 1:50:11 PM8/13/18
to sshu...@googlegroups.com
Hi,

I'm just talking from what I remember of how sshuttle works. Others here
might correct me if I'm wrong:

On 2018-08-11 08:02 AM, jolle...@gmail.com wrote:
> I can successfully run sshuttle to connect from my client to my remote
> server. From time to time, I'd like to ssh from the remote server back to
> my client machine. Is this possible over sshuttle?

I think it is not. Basically you're using the proxy host (and its IP) to
reach the network behind it. The proxy only knows to send packets back
to the python process because it is the one that opened up those
connections. In effect your client is not really present on the remote
network because it does not have an address of its own over there.

> Before I started using
> sshuttle, I would open up a reverse ssh tunnel which would open port 2222
> on the remote end. When I wanted to get back into my client machine I could
> run "ssh -p 2222 localhost" and I would be on the client machine. Is there
> a natural way to do that with sshuttle, or should I continue to also open
> up the reverse ssh over port 2222?

I believe this is the only way.

Cheers

signature.asc

Brian May

unread,
Aug 13, 2018, 6:03:56 PM8/13/18
to sshu...@googlegroups.com
Gabriel Filion <gab...@lelutin.ca> writes:

> I think it is not. Basically you're using the proxy host (and its IP) to
> reach the network behind it. The proxy only knows to send packets back
> to the python process because it is the one that opened up those
> connections. In effect your client is not really present on the remote
> network because it does not have an address of its own over there.

This is correct. sshuttle as currently implemented is one way only.
--
Brian May <br...@linuxpenguins.xyz>
https://linuxpenguins.xyz/brian/

Tony Godshall

unread,
Aug 13, 2018, 8:37:23 PM8/13/18
to Brian May, sshuttle
You can add a -R option to the ssh command. -R 22222:localhost:22, for example.


--
You received this message because you are subscribed to the Google Groups "sshuttle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sshuttle+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

drew.w...@gmail.com

unread,
Sep 28, 2018, 3:59:16 PM9/28/18
to sshuttle
I also have a similar request. The remote server has no ingress, Anyconnect software is running on it and will break all ingress with route table rules. It would be nice to be able to sshuttle out of the box and provide a vpn on another computer.

I currently have to do this with ssh reverse proxy, but it would be really great to do it with a reverse VPN tunnel. I'm thinking the workaround is to reverse proxy the SSH server. Then sshuttle to the reverse port.
Reply all
Reply to author
Forward
0 new messages