[SSH-MITM] debug = False paramiko-log-level = warning disable-workarounds = False
debug (boolean) – True False
Enables SSH-MITM’s debug mode
paramiko-log-level (string) – debug info warning
Set log level for paramiko (ssh library)
disable-workarounds (boolean) – True False
Disable workarrounds, which are needed for some special clients
[SSH-Server-Modules] ssh-interface = mirrorshell scp-interface = store_file sftp-interface = base sftp-handler = store_file server-tunnel-interface = inject client-tunnel-interface = socks auth-interface = base authenticator = passthrough session-class = base
[SSH-Server-Options] listen-port = 10022 transparent = False host-key = host-key-algorithm = rsa host-key-length = 2048 request-agent-breakin = False banner-name =
listen-port (integer) – 10022
Port which is used to listen for incoming ssh connections.
Wehn using a port <=1024, SSH-MITM must be started with root privileges.
transparent (boolean) – True False
Starts SSH-MITM in a transparent mode, which uses Linux TProxy for incoming connections. Tansparent mode requires root privileges.
host-key (string) –
Optional private ssh key, which is used as SSH-MITM’s host key.|br| When no host-key was provided, a random host key will be generated.
host-key-algorithm (string) – dss rsa ecdsa ed25519
Algorithm, which is used to generate the random host-key.
host-key-length (integer) – 2048
The length for the random host key.
request-agent-breakin (boolean) – True False
SSH-MITM tries to request the ssh agent, even if the client does not forward the agent.
banner-name (string) –
Custom ssh banner name, which is presented the client on the first connection attempt.|br| If no banner name is configured, the default banner name is
[Session] session-log-dir =
[AuthenticatorPassThrough] remote-host = remote-port = 22 auth-username = auth-password = auth-hide-credentials = False enable-auth-fallback = False fallback-host = fallback-port = 22 fallback-username = fallback-password =
[ServerInterface] disable-ssh = False disable-scp = False disable-password-auth = False disable-pubkey-auth = False accept-first-publickey = False disallow-publickey-auth = False enable-none-auth = False enable-trivial-auth = False enable-keyboard-interactive-auth = False disable-keyboard-interactive-prompts = False extra-auth-methods = disable-auth-method-lookup = False
[SSHMirrorForwarder] ssh-mirrorshell-net = 127.0.0.1 ssh-mirrorshell-key = store-ssh-session = False
[CVE202229154] rsync-inject-file =
[SCPReplaceFile] scp_replace_file =
[SCPRewriteCommand] scp-append-string = scp-replace-string =
[SCPStorageForwarder] store-scp-files = False
[SFTPHandlerStoragePlugin] store-sftp-files = False
[SFTPProxyReplaceHandler] sftp-replace-file =
[InjectableRemotePortForwardingForwarder] server-tunnel-net = 127.0.0.1
[SOCKSTunnelForwarder] socks-listen-address = 127.0.0.1
[SOCKS4TunnelForwarder] socks-listen-address = 127.0.0.1
[SOCKS5TunnelForwarder] socks-listen-address = 127.0.0.1