mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
translated
This commit is contained in:
geekpi
parent
b40646a9d9
commit
488aea4892
@ -1,81 +0,0 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (geekpi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (Use sshuttle to build a poor man’s VPN)
|
||||
[#]: via: (https://fedoramagazine.org/use-sshuttle-to-build-a-poor-mans-vpn/)
|
||||
[#]: author: (Paul W. Frields https://fedoramagazine.org/author/pfrields/)
|
||||
|
||||
Use sshuttle to build a poor man’s VPN
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
Nowadays, business networks often use a VPN (virtual private network) for [secure communications with workers][2]. However, the protocols used can sometimes make performance slow. If you can reach reach a host on the remote network with SSH, you could set up port forwarding. But this can be painful, especially if you need to work with many hosts on that network. Enter **sshuttle** — which lets you set up a quick and dirty VPN with just SSH access. Read on for more information on how to use it.
|
||||
|
||||
The sshuttle application was designed for exactly the kind of scenario described above. The only requirement on the remote side is that the host must have Python available. This is because sshuttle constructs and runs some Python source code to help transmit data.
|
||||
|
||||
### Installing sshuttle
|
||||
|
||||
The sshuttle application is packaged in the official repositories, so it’s easy to install. Open a terminal and use the following command [with sudo][3]:
|
||||
|
||||
```
|
||||
$ sudo dnf install sshuttle
|
||||
```
|
||||
|
||||
Once installed, you may find the manual page interesting:
|
||||
|
||||
```
|
||||
$ man sshuttle
|
||||
```
|
||||
|
||||
### Setting up the VPN
|
||||
|
||||
The simplest case is just to forward all traffic to the remote network. This isn’t necessarily a crazy idea, especially if you’re not on a trusted local network like your own home. Use the _-r_ switch with the SSH username and the remote host name:
|
||||
|
||||
```
|
||||
$ sshuttle -r username@remotehost 0.0.0.0/0
|
||||
```
|
||||
|
||||
However, you may want to restrict the VPN to specific subnets rather than all network traffic. (A complete discussion of subnets is outside the scope of this article, but you can read more [here on Wikipedia][4].) Let’s say your office internally uses the reserved Class A subnet 10.0.0.0 and the reserved Class B subnet 172.16.0.0. The command above becomes:
|
||||
|
||||
```
|
||||
$ sshuttle -r username@remotehost 10.0.0.0/8 172.16.0.0/16
|
||||
```
|
||||
|
||||
This works great for working with hosts on the remote network by IP address. But what if your office is a large network with lots of hosts? Names are probably much more convenient — maybe even required. Never fear, sshuttle can also forward DNS queries to the office with the _–dns_ switch:
|
||||
|
||||
```
|
||||
$ sshuttle --dns -r username@remotehost 10.0.0.0/8 172.16.0.0/16
|
||||
```
|
||||
|
||||
To run sshuttle like a daemon, add the _-D_ switch. This also will send log information to the systemd journal via its syslog compatibility.
|
||||
|
||||
Depending on the capabilities of your system and the remote system, you can use sshuttle for an IPv6 based VPN. You can also set up configuration files and integrate it with your system startup if desired. If you want to read even more about sshuttle and how it works, [check out the official documentation][5]. For a look at the code, [head over to the GitHub page][6].
|
||||
|
||||
* * *
|
||||
|
||||
_Photo by _[_Kurt Cotoaga_][7]_ on _[_Unsplash_][8]_._
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/use-sshuttle-to-build-a-poor-mans-vpn/
|
||||
|
||||
作者:[Paul W. Frields][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/pfrields/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2019/10/sshuttle-816x345.jpg
|
||||
[2]: https://en.wikipedia.org/wiki/Virtual_private_network
|
||||
[3]: https://fedoramagazine.org/howto-use-sudo/
|
||||
[4]: https://en.wikipedia.org/wiki/Subnetwork
|
||||
[5]: https://sshuttle.readthedocs.io/en/stable/index.html
|
||||
[6]: https://github.com/sshuttle/sshuttle
|
||||
[7]: https://unsplash.com/@kydroon?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[8]: https://unsplash.com/s/photos/shuttle?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
@ -0,0 +1,81 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (geekpi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (Use sshuttle to build a poor man’s VPN)
|
||||
[#]: via: (https://fedoramagazine.org/use-sshuttle-to-build-a-poor-mans-vpn/)
|
||||
[#]: author: (Paul W. Frields https://fedoramagazine.org/author/pfrields/)
|
||||
|
||||
使用 shuttle 构建一个穷人的 VPN
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
如今,企业网络经常使用 VPN(虚拟专用网络)[来保证员工通信安全][2]。但是,使用的协议有时会降低性能。如果你可以使用 SSH 连接远程主机,那么你可以设置端口转发。但这可能会很痛苦,尤其是在你需要与该网络上的许多主机一起使用的情况下。试试 **sshuttle**,它可以通过 SSH 访问来设置快速简易的 VPN。请继续阅读以获取有关如何使用它的更多信息。
|
||||
|
||||
sshuttle 正是针对上述情况而设计的。远程端的唯一要求是主机必须有可用的 Python。这是因为 sshuttle 会构造并运行一些 Python 代码来帮助传输数据。
|
||||
|
||||
### 安装 sshuttle
|
||||
|
||||
sshuttle 被打包在官方仓库中,因此很容易安装。打开一个终端,并使用[使用 sudo][3] 运行以下命令:
|
||||
|
||||
```
|
||||
$ sudo dnf install sshuttle
|
||||
```
|
||||
|
||||
安装后,你可能会发现手册页很有趣:
|
||||
|
||||
```
|
||||
$ man sshuttle
|
||||
```
|
||||
|
||||
### 设置 VPN
|
||||
|
||||
最简单的情况就是将所有流量转发到远程网络。这不一定是一个疯狂的想法,尤其是如果你不在自己家里这样的受信任的本地网络中。将 _-r_ 选项与 SSH 用户名和远程主机名一起使用:
|
||||
|
||||
```
|
||||
$ sshuttle -r username@remotehost 0.0.0.0/0
|
||||
```
|
||||
|
||||
但是,你可能希望将 VPN 限制为特定子网,而不是所有网络流量。 (有关子网的完整讨论超出了本文的范围,但是你可以在 [Wikipedia][4] 上阅读更多内容。)假设你的办公室内部使用了预留的 A 类子网 10.0.0.0 和预留的 B 类子网 172.16.0.0。上面的命令变为:
|
||||
|
||||
```
|
||||
$ sshuttle -r username@remotehost 10.0.0.0/8 172.16.0.0/16
|
||||
```
|
||||
|
||||
这非常适合通过 IP 地址访问远程网络的主机。但是,如果你的办公室是一个拥有大量主机的大型网络,该怎么办?名称可能更方便,甚至是必须的。不用担心,sshuttle 还可以使用 _–dns_ 选项转发 DNS 查询:
|
||||
|
||||
```
|
||||
$ sshuttle --dns -r username@remotehost 10.0.0.0/8 172.16.0.0/16
|
||||
```
|
||||
|
||||
要使 sshuttle 已守护进程运行,请加上 _-D_ 选项。它会以 syslog 兼容的日志格式发送到 systemd 日志中。
|
||||
|
||||
根据本地和远程系统的功能,可以将 shuttle 用于基于 IPv6 的 VPN。如果需要,你还可以设置配置文件并将其与系统启动集成。如果你想阅读更多有关 sshuttle 及其工作方式的信息,请[查看官方文档][5]。要查看代码,请[进入 GitHub 页面][6]。
|
||||
|
||||
* * *
|
||||
|
||||
_由 _[_Kurt Cotoaga_][7]_ 拍摄并发表在 _[_Unsplash_][8]_ 上。_
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/use-sshuttle-to-build-a-poor-mans-vpn/
|
||||
|
||||
作者:[Paul W. Frields][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[geekpi](https://github.com/geekpi)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/pfrields/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2019/10/sshuttle-816x345.jpg
|
||||
[2]: https://en.wikipedia.org/wiki/Virtual_private_network
|
||||
[3]: https://fedoramagazine.org/howto-use-sudo/
|
||||
[4]: https://en.wikipedia.org/wiki/Subnetwork
|
||||
[5]: https://sshuttle.readthedocs.io/en/stable/index.html
|
||||
[6]: https://github.com/sshuttle/sshuttle
|
||||
[7]: https://unsplash.com/@kydroon?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[8]: https://unsplash.com/s/photos/shuttle?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
Loading…
Reference in New Issue
Block a user