sshmitm.plugins.ssh.mirrorshell module

class sshmitm.plugins.ssh.mirrorshell.InjectServer(server_channel)

Bases: ServerInterface

Parameters:: server_channel (Channel)

check_auth_none(username)

Determine if a client may open channels with no (further) authentication.

Return AUTH_FAILED if the client must authenticate, or AUTH_SUCCESSFUL if it’s okay for the client to not authenticate.

The default implementation always returns AUTH_FAILED.

Parameters:

username (str) – the username of the client.
username

Returns:

AUTH_FAILED if the authentication fails; AUTH_SUCCESSFUL if it succeeds.

Return type:

int

check_channel_pty_request(channel, term, width, height, pixelwidth, pixelheight, modes)

Determine if a pseudo-terminal of the given dimensions (usually requested for shell access) can be provided on the given channel.

The default implementation always returns False.

Parameters:

channel (Channel) – the .Channel the pty request arrived on.
term (bytes) – type of terminal requested (for example, "vt100").
width (int) – width of screen in characters.
height (int) – height of screen in characters.
pixelwidth (int) – width of screen in pixels, if known (may be 0 if unknown).
pixelheight (int) – height of screen in pixels, if known (may be 0 if unknown).
channel
term
width
height
pixelwidth
pixelheight
modes (bytes)

Return type:

bool

Returns:

True if the pseudo-terminal has been allocated; False otherwise.

check_channel_request(kind, chanid)

Determine if a channel request of a given type will be granted, and return OPEN_SUCCEEDED or an error code. This method is called in server mode when the client requests a channel, after authentication is complete.

If you allow channel requests (and an ssh server that didn’t would be useless), you should also override some of the channel request methods below, which are used to determine which services will be allowed on a given channel:

check_channel_pty_request

check_channel_shell_request

check_channel_subsystem_request

check_channel_window_change_request

check_channel_x11_request

check_channel_forward_agent_request

The chanid parameter is a small number that uniquely identifies the channel within a .Transport. A .Channel object is not created unless this method returns OPEN_SUCCEEDED – once a .Channel object is created, you can call .Channel.get_id to retrieve the channel ID.

The return value should either be OPEN_SUCCEEDED (or 0) to allow the channel request, or one of the following error codes to reject it:

OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED

OPEN_FAILED_CONNECT_FAILED

OPEN_FAILED_UNKNOWN_CHANNEL_TYPE

OPEN_FAILED_RESOURCE_SHORTAGE

The default implementation always returns OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED.

Parameters:

kind (str) – the kind of channel the client would like to open (usually "session").
chanid (int) – ID of the channel
kind
chanid

Return type:

int

Returns:

an int success or failure code (listed above)

check_channel_shell_request(channel)

Determine if a shell will be provided to the client on the given channel. If this method returns True, the channel should be connected to the stdin/stdout of a shell (or something that acts like a shell).

The default implementation always returns False.

Parameters:

channel (Channel) – the .Channel the request arrived on.
channel

Return type:

bool

Returns:

True if this channel is now hooked up to a shell; False if a shell can’t or won’t be provided.

class sshmitm.plugins.ssh.mirrorshell.SSHMirrorForwarder(session)

Bases: SSHForwarder

Mirrors the shell to another client

Parameters:: session (Session)

HOST_KEY_LENGTH = 2048

close_session(channel)

Parameters:: channel (Channel)
Return type:: None

injector_connect()

Return type:: None

classmethod parser_arguments()

Return type:: None

stderr(text)

Parameters:: text (bytes)
Return type:: bytes

stdin(text)

Parameters:: text (bytes)
Return type:: bytes

stdout(text)

Parameters:: text (bytes)
Return type:: bytes