SSH-MITM - ssh audits made simple

Made for Security Audits

Created to help you to secure your network

Source is available

This project is open source and the source code is distributed on GitHub. This allows you to review the code and implement your own features.

Linux TProxy support

The Linux TProxy feature is supported to create a transparent intercepting ssh mitm server

Public Key authentication

SSH-MITM supports public key authentication and can use agent forwarding for remote authentication

Session hijacking

ssh terminal sessions can be hijacked to inject commands or get full access to the terminal

Checkout on GitHub

How Does It Work

You're only a few simple steps away

1Install SSH-MITM

get SSH-MITM

To install SSH-MITM, simply run this command in your terminal of choice:
$ chmod +x ssh-mitm*.AppImage

2Connect to the network

To start an intercepting mitm-ssh server on Port 10022, all you have to do is run a single command.
$ ./ssh-mitm*.AppImage --remote-host 192.168.0.x

Now let's try to connect to the ssh-mitm server.
$ ssh -p 10022 user@proxyserver

3Hijack SSH sessions

When a client connects, the ssh-mitm starts a new server, which is used for session hijacking.
[INFO] created injector shell on port 34463

To hijack this session, you can use your favorite ssh client. All you have to do is to connect to the hijacked session.
$ ssh -p 34463 127.0.0.1

Frequently Asked Questions

Why have you created SSH-MITM?

During an audit, you will find various protocols. For example there are many tools, which allows to intercept HTTP and even HTTPS traffic. There are some tools, which allows to intercept ssh sessions, but none of them allows to manipulate the data. This is the reason, why SSH-MITM was created.

Does this tool break the encryption of SSH and does this mean that SSH is insecure?

SSH is secure!
SSH-MITM does not break the encryption. SSH is secure, as long, as you verify the fingerprint. SSH-MITM is only able to intercept a session if the fingerprint was accepted. If a user does not accept the fingerprint, SSH-MITM is not able to read or modify any data, except the plain text parts of the protocol.

Requesting extra features

Open an issue ticket or vote for an existing one. This probably won't have very much effect; if a huge number of people vote for something then it may make a difference, but one or two extra votes for a particular feature are unlikely to change our priority list immediately. Offering a new and compelling justification might help.
Offer us money if we do the work sooner rather than later. This sometimes works, but not always. The SSH-MITM team all have full-time jobs and we're doing all of this work in our free time; we may sometimes be willing to give up some more of our free time in exchange for some money, but if you try to bribe us for a big feature it's entirely possible that we simply won't have the time to spare - whether you pay us or not. (Also, we don't accept bribes to add bad features, because our desire to provide high-quality software to the users comes first.)
Offer to help us write the code. This is probably the only way to get a feature implemented quickly, if it's a big one that we don't have time to do ourselves.

Have more questions?

Check our docs or open an issue ticket. We're more than happy to help.