# SSHuttle

**SSHuttle** creates a tunneled proxy that acts like a new interface, simulating a VPN, allowing us to route our traffic through the proxy without the use of[ proxychains](https://oscp.adot8.com/post-exploitation/good-to-know/tunneling#proxychains), all using ssh so the **connection is encrypted.**

{% hint style="info" %}
sshuttle only works on **Linux machines,** **python needs to be installed** (uploading a python binary is possible) AND **you need SSH access to the machine**
{% endhint %}

Open a tunnel using sshuttle

```bash
sshuttle -r username@address subnet  
sshuttle -r user@172.16.0.5 172.16.0.0/24
```

Use **-N** to get sshuttle to automatically determine the subnets the machine is on using the servers routing table (doesn't always work).

```bash
sshuttle -r user@172.16.0.5 -N
```

Connect back using a key file

<pre class="language-bash"><code class="lang-bash"><strong>sshuttle -r user@172.16.0.5 --ssh-cmd "ssh -i private_key" 172.16.0.0/24
</strong></code></pre>

If the following error ever occurs we can get around it by excluding the compromised server out out the subnet we wish to forward to

```bash
client: Connected.
client_loop: send disconnect: Broken pipe
client: fatal: server died with error code 255
```

```bash
sshuttle -r user@172.16.0.5 172.16.0.0/24 -x 172.16.0.5
```