ΒΆ
sshuttle Security Hardening
Use key-based SSH auth and disable password login on tunnel endpoints.
Restrict tunnel users to dedicated least-privilege accounts.
Limit routed subnets to required destinations only.
Log tunnel session start/stop and command execution.