sshmitm.forwarders.agent module
- class sshmitm.forwarders.agent.AgentBaseForwarder(session)
Bases:
SSHMITMBaseModuleSpecifies the interface for managing SSH agent forwarding and optional agent breakin.
- Parameters:
session (
Session)
- __init__(session)
- Parameters:
session (
Session)
- request(existing_agent=None)
- Parameters:
existing_agent (
AgentProxy|None, default:None)- Return type:
AgentProxy|None
- class sshmitm.forwarders.agent.AgentForwarder(session)
Bases:
AgentBaseForwarderForwards the SSH agent from the client, with optional agent breakin and socket exposure.
This is the default agent forwarder. When the intercepted client forwards its SSH agent, this plugin proxies it so the agent remains available for authentication to the remote host.
Optionally, it can actively request the agent from the client even if the client did not initiate forwarding (agent breakin), and expose the forwarded agent as a local Unix socket for direct use by the operator.
Usage example
ssh-mitm server --agent-forwarder base
Request the agent even if the client did not forward it:
ssh-mitm server --request-agent-breakin
Expose the forwarded agent as a local Unix socket:
ssh-mitm server --expose-agent-socket
Notes
Agent breakin attempts to request the agent channel from the client; not all clients permit this.
With
--expose-agent-socket, SSH-MITM logs ready-to-useSSH_AUTH_SOCK=...commands so the operator can use the client’s agent directly in their shell.
- Parameters:
session (
Session)
- classmethod parser_arguments()
- Return type:
None
- request(existing_agent=None)
- Parameters:
existing_agent (
AgentProxy|None, default:None)- Return type:
AgentProxy|None
- class sshmitm.forwarders.agent.AgentLocalSocket(transport)
Bases:
objectExposes the client’s forwarded SSH agent as a local Unix domain socket.
Opens a server socket under
/tmpand, for each incoming connection, opens a fresh agent-forwarding channel through the SSH transport. The two sides are bridged at the raw byte level so any standard agent client (ssh-add, ssh-keygen, …) can use it by pointing SSH_AUTH_SOCK at the path.- Parameters:
transport (
Transport)
- __init__(transport)
- Parameters:
transport (
Transport)
- close()
- Return type:
None
- class sshmitm.forwarders.agent.AgentProxy(transport)
Bases:
object- Parameters:
transport (
Transport)
- __init__(transport)
- Parameters:
transport (
Transport)
- close()
- Return type:
None
- forward_agent(client_channel)
- Parameters:
client_channel (
Channel)- Return type:
bool
- get_keys()
- Return type:
tuple[AgentKey,...]