From EverybodyWiki Bios & Wiki

Developer(s)Manfred Kaiser
Initial releaseJune 11, 2020 (2020-06-11)
Stable release
0.4.0[1] / 12 February 2021; 15 months ago (2021-02-12)
Written inPython
    Operating systemMulti-platform
    LicenseLGPL-3.0 Logo.png Search SSH-MITM on Amazon.

    SSH-MITM is a man in the middle SSH Server for security audits and malware analysis. Unlike other ssh servers, SSH-MITM is used to forward a ssh session to another server and log the complete session and file transfers.


    SSH-MITM uses Python Paramiko as ssh library which implements version 2 of the Secure Shell (SSH) protocol. [2]

    SSH version 1 is not supported. Due to this limitations, SSH-MITM is not able to do a downgrade attack on a ssh session.


    SSH-MITM is used to analyze ssh sessions during security audits and malware analysis. To intercept the session, SSH-MITM has to act as a man in the middle server and supports password and public key authentication.

    If the ssh client uses password for authentication, the credentials can be reused to authenticate against the remote server. Intercepting public key authentication is possible, but has some limitations, which can be circumvented, if the clients forwards the ssh-agent. If the ssh-agent is forwarded to SSH-MITM, the agent can be used to authenticate against remote servers.

    After the client has connected to SSH-MITM, the terminal session is hijacked and it is possible to interact with the shell on the remote server. It is also possible to store or modify files during SCP and SFTP file transfers.

    Security Audits[edit]

    SSH-MITM can be used for security audits and has checks for some known vulnerabilities like an information leak in OpenSSH up to Version 8.4.


    In cases, where the OpenSSH client has knowledge about the remote servers fingerprint, SSH-MITM is able to detect that the client will abort the connection with a man in the middle attack attempt. This is possible because some clients have an Information leakage, when connecting to a ssh server. If the client connects for the first time, a list of crypto algorithms are sent in a predefined order, but when the client has knowledge about the remotes fingerprint, the algorithms are sent in a different order.

    NIST and MITRE references SSH-MITM as a tool to check if a client is affected against CVE-2020-14145. [3] [4]

    Security implications[edit]

    SSH-MITM is a man in the middle tool and should only used for security audits or malware analysis.

    Due to the fact, that known exploits for ssh clients are implemented [5] and used to intercept the clients, SSH-MITM should be treated as a security risk and must not be used as jump server.


    SSH-MITM is written in Python, which allows the server to run on different platforms like Linux, Microsoft Windows and MacOS.

    The main development platform is Linux, because the server supports the Tproxy kernel feature, which is used for transparent proxy support.


    SSH-MITM is open source, licensed under the LGPL-3.0 [6]

    See also[edit]

    Other articles of the topic Free and open-source software : Zig (programming language), Moleculer, Arrow (software), Tiny-Wiki,, Angular, Shampoo (software)
    Some use of "" in your query was not closed by a matching "".Some use of "" in your query was not closed by a matching "".

    • Secure Shell
    • OpenSSH
    • Teleport Server
    • Comparison of SSH servers


    1. "SSH-MITM Releasea". Retrieved 1 March 2021.
    2. "Python Paramiko".
    3. "NIST - CVE-2020-14145".
    4. "MITRE - CVE-2020-14145".
    5. "SSH-MITM Implementation of CVE-2020-14145".
    6. "SSH-MITM license".

    External links[edit]

    This article "SSH-MITM" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:SSH-MITM. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.