sshuttle on github

What is sshuttle? Basically, it’s a Python app that uses SSH to create a quick and dirty VPN between your Linux, BSD, or Mac OS X machine and a remote system that has SSH access and Python. Written by Avery Pennarun and licensed under the GPLv2, sshuttle is a transparent proxy server that lets users fake a VPN with minimal hassle.

WARNING: On MacOS 10.6 (at least up to 10.6.6), your network will stop responding about 10 minutes after the first time you start sshuttle, because of a MacOS kernel bug relating to arp and the net.inet.ip.scopedroute sysctl. To fix it, just switch your wireless off and on. Sshuttle makes the kernel setting it changes permanent, so this won’t happen again, even after a reboot.

Continue reading “sshuttle”

Add Two Factor SSH Authentication With Authy



This is an excellent tool to implement 2 factor authentication on your server. Granted you will need your phone close by in order to login but if you have ever used RSA, this will be very familiar to you.

You will need to sign up in order to use this.

Once you sign up, you will receive an email to authenticate against the account. Once this is done, you will need to install the smartphone app. Once this is installed, you will begin receiving updates every 20 seconds with new codes when the app is active.

Once you login to your new Authy account, go to the User Menu (top left) and create a new application. Name the app and it will provide the API key needed for the server install in step 2.

Next you will be asked what you would like to do in case your server cannot connect to API. Select option 1 or 2 at this point. Authy will then be installed and configured. Next, enable the 2 factor authentication by adding the needed user info seen below in step 3. That’s it, the authentication is ready to go. Restart SSH to make sure the new configs take effect.

Here is a video of the install process for Authy

The github code can be found here

To install on the server:

$ curl '' -o authy-ssh
$ sudo bash authy-ssh install /usr/local/bin
$ sudo /usr/local/bin/authy-ssh enable `whoami` (your-email) (your-country-code) (your-cellphone)
$ authy-ssh test
$ sudo service ssh restart




ClusterSSH is a tool for making the same change on multiple servers at the same time. The ‘cssh’ command opens an administration console and an xterm to all specified hosts. Any text typed into the administration console is replicated to all windows. All windows may also be typed into directly.
This tool is intended for (but not limited to) cluster administration where the same configuration or commands must be run on each node within the cluster. Performing these commands all at once via this tool ensures all nodes are kept in sync.

Source code is available from the SourceForge git repository (see and also via a mirror on GitHub (see

key-based ssh authentication – Simple tar backup for free forever


feature request for tarbackup is using a private ssh key instead of a password to connect to the tarbackup server when using sftp to backup files. I’m happy to report that we now support public/private keys for sftp authentication!

To use an ssh key with tarbackup, first use this command to create your public/private key-pair:

# mkdir ~/.ssh
# cd ~/.ssh
# ssh-keygen -f tarbackup_rsa -C .youremail. -N . -t rsa -q

This will generate 2 files: tarbackup_rsa and tarbackup_rsa is your private ssh key, you will keep this on your computer as proof that you are who you are. is a public key that you send to the server so that can authenticate you when you log in via sftp in the future.

To use your private key to authenticate you when you login via sftp, you need to create an ssh_config file in your home directory with:

# echo "IdentityFile ~/.ssh/tarbackup_rsa" > ~/ssh_config

This is the config file that specifies where your private ssh key is.

You’ll pass the ssh_config file as a parameter to the sftp program when you connect to via sftp:

# sftp -F ~/ssh_config


And that’s it! Let me know if you have any feedback or questions@davidnanch.