Configuration

[SSH-MITM]
[SSH-MITM]
debug = False
paramiko-log-level = warning
disable-workarounds = False
Options:

  • debug (boolean) – True False
    Enables SSH-MITM’s debug mode

  • paramiko-log-level (string) – debug info warning
    Set log level for paramiko (ssh library)

  • disable-workarounds (boolean) – True False
    Disable workarrounds, which are needed for some special clients

[SSH-Server-Modules]
[SSH-Server-Modules]
ssh-interface = mirrorshell
scp-interface = store_file
sftp-interface = base
sftp-handler = store_file
server-tunnel-interface = inject
client-tunnel-interface = socks
auth-interface = base
authenticator = passthrough
session-class = base
[SSH-Server-Options]
[SSH-Server-Options]
listen-port = 10022
transparent = False
host-key =
host-key-algorithm = rsa
host-key-length = 2048
request-agent-breakin = False
banner-name =
Options:

  • listen-port (integer) – 10022
    Port which is used to listen for incoming ssh connections.
    Wehn using a port <=1024, SSH-MITM must be started with root privileges.

  • transparent (boolean) – True False
    Starts SSH-MITM in a transparent mode, which uses Linux TProxy for incoming connections. Tansparent mode requires root privileges.

  • host-key (string) –
    Optional private ssh key, which is used as SSH-MITM’s host key.|br| When no host-key was provided, a random host key will be generated.

  • host-key-algorithm (string) – dss rsa ecdsa ed25519
    Algorithm, which is used to generate the random host-key.

  • host-key-length (integer) – 2048
    The length for the random host key.

  • request-agent-breakin (boolean) – True False
    SSH-MITM tries to request the ssh agent, even if the client does not forward the agent.

  • banner-name (string) –
    Custom ssh banner name, which is presented the client on the first connection attempt.|br| If no banner name is configured, the default banner name is SSH-2.0-SSHMITM_3.0.1

[Session]
[Session]
session-log-dir =

Authentication-Plugins

[AuthenticatorPassThrough]
[AuthenticatorPassThrough]
remote-host =
remote-port = 22
auth-username =
auth-password =
auth-hide-credentials = False
enable-auth-fallback = False
fallback-host =
fallback-port = 22
fallback-username =
fallback-password =
[ServerInterface]
[ServerInterface]
disable-ssh = False
disable-scp = False
disable-password-auth = False
disable-pubkey-auth = False
accept-first-publickey = False
disallow-publickey-auth = False
enable-none-auth = False
enable-trivial-auth = False
enable-keyboard-interactive-auth = False
disable-keyboard-interactive-prompts = False
extra-auth-methods =
disable-auth-method-lookup = False

Terminal-Session-Plugins

[SSHMirrorForwarder]
[SSHMirrorForwarder]
ssh-mirrorshell-net = 127.0.0.1
ssh-mirrorshell-key =
store-ssh-session = False

SCP-Plugins

[CVE202229154]
[CVE202229154]
rsync-inject-file =
[SCPReplaceFile]
[SCPReplaceFile]
scp_replace_file =
[SCPRewriteCommand]
[SCPRewriteCommand]
scp-append-string =
scp-replace-string =
[SCPStorageForwarder]
[SCPStorageForwarder]
store-scp-files = False

SFTP-Plugins

[SFTPHandlerStoragePlugin]
[SFTPHandlerStoragePlugin]
store-sftp-files = False
[SFTPProxyReplaceHandler]
[SFTPProxyReplaceHandler]
sftp-replace-file =

Port-Forwarding-Plugins

[InjectableRemotePortForwardingForwarder]
[InjectableRemotePortForwardingForwarder]
server-tunnel-net = 127.0.0.1
[SOCKSTunnelForwarder]
[SOCKSTunnelForwarder]
socks-listen-address = 127.0.0.1
[SOCKS4TunnelForwarder]
[SOCKS4TunnelForwarder]
socks-listen-address = 127.0.0.1
[SOCKS5TunnelForwarder]
[SOCKS5TunnelForwarder]
socks-listen-address = 127.0.0.1