-l, —listen=[ip:]port
use this ip address and port number as the transparent proxy port. By default sshuttle finds an
available port automatically and listens on IP 127.0.0.1 (localhost), so you don't need to
override it, and connections are only proxied from the local machine, not from outside machines.
If you want to accept connections from other machines on your network (ie. to run sshuttle on a
router) try enabling IP Forwarding in your kernel, then using --listen 0.0.0.0:0.
|
-H, —auto-hosts
scan for remote hostnames and update the local /etc/hosts file with matching entries for as long
as the VPN is open. This is nicer than changing your system's DNS (/etc/resolv.conf) settings,
for several reasons. First, hostnames are added without domain names attached, so you can
ssh thatserver without worrying if your local domain matches the remote one. Second, if you
sshuttle into more than one VPN at a time, it's impossible to use more than one DNS server at once
anyway, but sshuttle correctly merges /etc/hosts entries between all running copies. Third, if
you're only routing a few subnets over the VPN, you probably would prefer to keep using your local
DNS server for everything else.
|
-N, —auto-nets
in addition to the subnets provided on the command line, ask the server which subnets it thinks we
should route, and route those automatically. The suggestions are taken automatically from the
server's routing table.
—dns capture local DNS requests and forward to the remote DNS server.
—python
specify the name/path of the remote python interpreter. The default is just python, which means
to use the default python interpreter on the remote system's PATH.
|
-r, —remote=[username@]sshserver[:port]
the remote hostname and optional username and ssh port number to use for connecting to the remote
server. For example, example.com, testuser@example.com, testuser@example.com:2222, or
example.com:2244.
|
-x, —exclude=subnet
explicitly exclude this subnet from forwarding. The format of this option is the same as the
<subnets> option. To exclude more than one subnet, specify the -x option more than once. You can
say something like 0/0 -x 1.2.3.0/24 to forward everything except the local subnet over the VPN,
for example.
|
-v, —verbose
print more information about the session. This option can be used more than once for increased
verbosity. By default, sshuttle prints only error messages.
|
-e, —ssh-cmd
the command to use to connect to the remote server. The default is just ssh. Use this if your
ssh client is in a non-standard location or you want to provide extra options to the ssh command,
for example, -e 'ssh -v'.
—seed-hosts
a comma-separated list of hostnames to use to initialize the --auto-hosts scan algorithm. --auto-
hosts does things like poll local SMB servers for lists of local hostnames, but can speed things
up if you use this option to give it a few names to start from.
|
-D, —daemon
automatically fork into the background after connecting to the remote server. Implies --syslog.
—syslog
after connecting, send all log messages to the syslog(3) service instead of stderr. This is
implicit if you use --daemon.
|