Configuration
- [SSH-MITM]
[SSH-MITM] debug = False paramiko-log-level = warning disable-workarounds = False
- Options:
debug (boolean) – True False
Enables SSH-MITM’s debug modeparamiko-log-level (string) – debug info warning
Set log level for paramiko (ssh library)disable-workarounds (boolean) – True False
Disable workarrounds, which are needed for some special clients
- [SSH-Server-Modules]
[SSH-Server-Modules] ssh-interface = mirrorshell scp-interface = store_file sftp-interface = base sftp-handler = store_file server-tunnel-interface = inject client-tunnel-interface = socks auth-interface = base authenticator = passthrough session-class = base
- [SSH-Server-Options]
[SSH-Server-Options] listen-port = 10022 transparent = False host-key = host-key-algorithm = rsa host-key-length = 2048 request-agent-breakin = False banner-name =
- Options:
listen-port (integer) – 10022
Port which is used to listen for incoming ssh connections.
Wehn using a port <=1024, SSH-MITM must be started with root privileges.transparent (boolean) – True False
Starts SSH-MITM in a transparent mode, which uses Linux TProxy for incoming connections. Tansparent mode requires root privileges.host-key (string) –
Optional private ssh key, which is used as SSH-MITM’s host key.|br| When no host-key was provided, a random host key will be generated.host-key-algorithm (string) – dss rsa ecdsa ed25519
Algorithm, which is used to generate the random host-key.host-key-length (integer) – 2048
The length for the random host key.request-agent-breakin (boolean) – True False
SSH-MITM tries to request the ssh agent, even if the client does not forward the agent.banner-name (string) –
Custom ssh banner name, which is presented the client on the first connection attempt.|br| If no banner name is configured, the default banner name isSSH-2.0-SSHMITM_3.0.1
- [Session]
[Session] session-log-dir =
Authentication-Plugins
- [AuthenticatorPassThrough]
[AuthenticatorPassThrough] remote-host = remote-port = 22 auth-username = auth-password = auth-hide-credentials = False enable-auth-fallback = False fallback-host = fallback-port = 22 fallback-username = fallback-password =
- [ServerInterface]
[ServerInterface] disable-ssh = False disable-scp = False disable-password-auth = False disable-pubkey-auth = False accept-first-publickey = False disallow-publickey-auth = False enable-none-auth = False enable-trivial-auth = False enable-keyboard-interactive-auth = False disable-keyboard-interactive-prompts = False extra-auth-methods = disable-auth-method-lookup = False
Terminal-Session-Plugins
- [SSHMirrorForwarder]
[SSHMirrorForwarder] ssh-mirrorshell-net = 127.0.0.1 ssh-mirrorshell-key = store-ssh-session = False
SCP-Plugins
- [CVE202229154]
[CVE202229154] rsync-inject-file =
- [SCPReplaceFile]
[SCPReplaceFile] scp_replace_file =
- [SCPRewriteCommand]
[SCPRewriteCommand] scp-append-string = scp-replace-string =
- [SCPStorageForwarder]
[SCPStorageForwarder] store-scp-files = False
SFTP-Plugins
- [SFTPHandlerStoragePlugin]
[SFTPHandlerStoragePlugin] store-sftp-files = False
- [SFTPProxyReplaceHandler]
[SFTPProxyReplaceHandler] sftp-replace-file =
Port-Forwarding-Plugins
- [InjectableRemotePortForwardingForwarder]
[InjectableRemotePortForwardingForwarder] server-tunnel-net = 127.0.0.1
- [SOCKSTunnelForwarder]
[SOCKSTunnelForwarder] socks-listen-address = 127.0.0.1
- [SOCKS4TunnelForwarder]
[SOCKS4TunnelForwarder] socks-listen-address = 127.0.0.1
- [SOCKS5TunnelForwarder]
[SOCKS5TunnelForwarder] socks-listen-address = 127.0.0.1