├── .gitignore
├── generate-ssh-key.sh
├── get-public-ip.sh
├── install-ssh-key.sh
├── readme.md
├── remove-ssh-key.sh
├── retry.sh
├── setup.sh
├── socks5.sh
├── speed-test.sh
├── ssh.sh
├── sshpass.sh
├── tunnel-terminal.sh
└── vpn.sh


/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | config


--------------------------------------------------------------------------------
/generate-ssh-key.sh:
--------------------------------------------------------------------------------
1 | ./remove-ssh-key.sh
2 | 
3 | ssh-keygen -t rsa -b 2048 -f ./config/key -N ''
4 | 


--------------------------------------------------------------------------------
/get-public-ip.sh:
--------------------------------------------------------------------------------
1 | curl http://ipv4.wtfismyip.com/yaml
2 | 


--------------------------------------------------------------------------------
/install-ssh-key.sh:
--------------------------------------------------------------------------------
1 | ./sshpass.sh $(cat ./config/pass) ssh-copy-id -p $(cat ./config/port) -i ./config/key $(cat ./config/ip)
2 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | # Introduction
 2 | SSH is a secure and encrypted tunnel that mainly get used for connecting to remote servers and running commands on it. But you can use it as a VPN to bypass internet censorship and remain anonymous.
 3 | The good thing about SSH is you almost don't need any extra application on your client and it's so easy to config it on server.
 4 | 
 5 | # First you need a SSH account
 6 | ## First method: You need to have a linux server
 7 | You need to get a server. By default, OpenSSH already installed on the servers and you don't need to install anything on server.
 8 | But it's better to change port of it.
 9 | OpenSSH is running on port 22, by default. But this port may not working well, for example in current situation of Iran, the goverment has applied some packet dropping on this port.
10 | ### How to change SSH port on server?
11 | just edit this file `/etc/ssh/sshd_config` using vim (or other file editors) and add this code to first of it:
12 | `Port 2222`
13 | This will change it's port to `2222`.
14 | 
15 | **Advanced tip:** You can increase speed of vpn up to 3 times, just by [enabling BBR](https://unixcop.com/how-to-enable-bbr-on-debian-11-ubuntu/) on your server.
16 | 
17 | ## Second method: Free SSH account 
18 | [sshocean.com](https://sshocean.com/) is one of websites that provides free SSH account.
19 | You can find another providers just by searching in google.
20 | 
21 | (Feel free to send a Pull Request if you find a better provider)
22 | 
23 | # Setting up your client
24 | ## Android
25 | Download [SagerNet](https://play.google.com/store/apps/details?id=io.nekohasekai.sagernet) from googleplay.
26 | 
27 | You can add your account by clicking on `Add Icon` on top right of app,then Manual settings > SSH 
28 | 
29 | Note: SagerNet may not get connected for you in Iran, You need to change `Remote DNS` from settings to `https://8.8.8.8/dns-query`
30 | 
31 | ## Mac + Linux
32 | Clone this repo
33 | `https://github.com/amirkabiri/ssh-tunnel.git`
34 | 
35 | Grant execution permission to all .sh files
36 | `chmod +x $(ll | grep .sh$ | awk '{print $9}')`
37 | 
38 | Then, run `./setup.sh` and enter configuration.
39 | 
40 | 
41 | # Scripts description
42 | ## setup.sh
43 | This will help you to configure your account.
44 | ## socks5.sh [local-port]
45 | This script will lunch a local socks5 server,
46 | default port is 8090, but you can specify another port by passing argument: `./socks5.sh 8080`
47 | ## vpn.sh
48 | This script will tunnel your network completely, but you need to install `sshuttle` package first.
49 | 
50 | MacOS: `brew install sshuttle`
51 | 
52 | # Contribution
53 | Feel free to contribute on this project.


--------------------------------------------------------------------------------
/remove-ssh-key.sh:
--------------------------------------------------------------------------------
1 | rm -f ./config/key
2 | rm -f ./config/key.pub
3 | 


--------------------------------------------------------------------------------
/retry.sh:
--------------------------------------------------------------------------------
1 | until $1; do
2 |     echo "diconnected. connecting ..." >&2
3 |     sleep 1
4 | done
5 | 


--------------------------------------------------------------------------------
/setup.sh:
--------------------------------------------------------------------------------
 1 | mkdir -p config
 2 | 
 3 | echo "Enter server config: (example: user-name@sever-ip)"
 4 | read server_config
 5 | echo $server_config > ./config/ip
 6 | 
 7 | echo "Enter password:"
 8 | read password
 9 | echo $password > ./config/pass
10 | 
11 | echo "Enter port: (default: 22)"
12 | read port
13 | echo "${port:-22}" > ./config/port
14 | 
15 | echo "8090" > ./config/local-port
16 | 
17 | ./generate-ssh-key.sh && ./install-ssh-key.sh
18 | 


--------------------------------------------------------------------------------
/socks5.sh:
--------------------------------------------------------------------------------
 1 | if [ $(uname -s) = "Darwin" ] 
 2 | then
 3 |   network_ip=$(ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d\  -f2)
 4 | else
 5 |   network_ip=$(ifconfig eth0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')
 6 | fi
 7 | 
 8 | local_port=${1:-$(cat ./config/local-port)}
 9 | echo "socks5://127.0.0.1:$local_port"
10 | echo "socks5://$network_ip:$local_port"
11 | 
12 | if [ -f "./config/key" ]; then
13 |   echo "Login using ssh key"
14 |   ssh -C -p $(cat ./config/port) -i ./config/key -N -D 0.0.0.0:$local_port $(cat ./config/ip)
15 | else
16 |   echo "Login using password"
17 |   ./sshpass.sh $(cat ./config/pass) ssh -C -p $(cat ./config/port) -N -D 0.0.0.0:$local_port $(cat ./config/ip)
18 | fi
19 | 


--------------------------------------------------------------------------------
/speed-test.sh:
--------------------------------------------------------------------------------
1 | curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python3 -
2 | 


--------------------------------------------------------------------------------
/ssh.sh:
--------------------------------------------------------------------------------
1 | if [ -f "./config/key" ]; then
2 |   echo "Login using ssh key"
3 |   ssh -i ./config/key -p $(cat ./config/port) $(cat ./config/ip)
4 | else
5 |   echo "Login using password"
6 |   ./sshpass.sh $(cat ./config/pass) ssh -p $(cat ./config/port) $(cat ./config/ip)
7 | fi
8 | 


--------------------------------------------------------------------------------
/sshpass.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/expect
 2 | 
 3 | set timeout 20
 4 | 
 5 | set cmd [lrange $argv 1 end]
 6 | set password [lindex $argv 0]
 7 | 
 8 | eval spawn $cmd
 9 | expect "password:"
10 | send "$password\r";
11 | interact
12 | 


--------------------------------------------------------------------------------
/tunnel-terminal.sh:
--------------------------------------------------------------------------------
 1 | if [ $ALL_PROXY ]; then
 2 |   echo "Proxy is active: $ALL_PROXY"
 3 |   echo "\n- Run this command to disable proxy:"
 4 |   echo "unset ALL_PROXY"
 5 | else
 6 |   echo "Proxy is deactive"
 7 |   echo "\n- Run this command to enable proxy on terminal:"
 8 |   echo "export ALL_PROXY=socks5h://localhost:$(cat ./config/local-port)"
 9 | fi
10 | 


--------------------------------------------------------------------------------
/vpn.sh:
--------------------------------------------------------------------------------
1 | # --no-latency-control
2 | sshuttle --dns -v --remote $(cat ./config/ip):$(cat ./config/port) 0/0 --ssh-cmd 'ssh -i ./config/key'
3 | 


--------------------------------------------------------------------------------