sshmitm.forwarders.agent module

class sshmitm.forwarders.agent.AgentBaseForwarder(session)

Bases: SSHMITMBaseModule

Specifies the interface for managing SSH agent forwarding and optional agent breakin.

Parameters:

session (Session)

__init__(session)
Parameters:

session (Session)

request(existing_agent=None)
Parameters:

existing_agent (AgentProxy | None, default: None)

Return type:

AgentProxy | None

class sshmitm.forwarders.agent.AgentForwarder(session)

Bases: AgentBaseForwarder

Forwards the SSH agent from the client, with optional agent breakin and socket exposure.

This is the default agent forwarder. When the intercepted client forwards its SSH agent, this plugin proxies it so the agent remains available for authentication to the remote host.

Optionally, it can actively request the agent from the client even if the client did not initiate forwarding (agent breakin), and expose the forwarded agent as a local Unix socket for direct use by the operator.

Usage example

ssh-mitm server --agent-forwarder base

Request the agent even if the client did not forward it:

ssh-mitm server --request-agent-breakin

Expose the forwarded agent as a local Unix socket:

ssh-mitm server --expose-agent-socket

Notes

  • Agent breakin attempts to request the agent channel from the client; not all clients permit this.

  • With --expose-agent-socket, SSH-MITM logs ready-to-use SSH_AUTH_SOCK=... commands so the operator can use the client’s agent directly in their shell.

Parameters:

session (Session)

classmethod parser_arguments()
Return type:

None

request(existing_agent=None)
Parameters:

existing_agent (AgentProxy | None, default: None)

Return type:

AgentProxy | None

class sshmitm.forwarders.agent.AgentLocalSocket(transport)

Bases: object

Exposes the client’s forwarded SSH agent as a local Unix domain socket.

Opens a server socket under /tmp and, for each incoming connection, opens a fresh agent-forwarding channel through the SSH transport. The two sides are bridged at the raw byte level so any standard agent client (ssh-add, ssh-keygen, …) can use it by pointing SSH_AUTH_SOCK at the path.

Parameters:

transport (Transport)

__init__(transport)
Parameters:

transport (Transport)

close()
Return type:

None

class sshmitm.forwarders.agent.AgentProxy(transport)

Bases: object

Parameters:

transport (Transport)

__init__(transport)
Parameters:

transport (Transport)

close()
Return type:

None

forward_agent(client_channel)
Parameters:

client_channel (Channel)

Return type:

bool

get_keys()
Return type:

tuple[AgentKey, ...]