SSH-MITM
 | This page in a nutshell: Sometimes it's simply just too soon for some topics to have an article. |
| Developer(s) | Manfred Kaiser |
|---|---|
| Initial release | June 11, 2020 |
| Stable release | 0.4.0[1]
/ 12 February 2021 |
| Written in | Python |
| Engine | |
| Operating system | Multi-platform |
| License | LGPL-3.0 |
| Website | ssh-mitm |
Search SSH-MITM on Amazon.
SSH-MITM is a man in the middle SSH Server for security audits and malware analysis. Unlike other SSH servers, SSH-MITM is used to forward a SSH session to another server and log the complete session and file transfers.
Technology
SSH-MITM uses Python Paramiko as its SSH library, which implements version 2 of the Secure Shell (SSH) protocol. [2]
SSH version 1 is not supported. Due to this limitation, SSH-MITM is not able to perform a downgrade attack on a SSH session.
Features
SSH-MITM is used to analyze SSH sessions during security audits and malware analysis. To intercept the session, SSH-MITM has to act as a man in the middle server and supports password and public key authentication.
If the SSH client uses a password for authentication, the credentials can be reused to authenticate against the remote server. Intercepting public key authentication is possible, but has some limitations, which can be circumvented if the client forwards the ssh-agent. If the SSH-agent is forwarded to SSH-MITM, the agent can be used to authenticate against remote servers.
After the client has connected to SSH-MITM, the terminal session is hijacked and it is possible to interact with the shell on the remote server. It is also possible to store or modify files during SCP and SFTP file transfers.
Security Audits
SSH-MITM can be used for security audits and has checks for some known vulnerabilities, like an information leak in OpenSSH up to Version 8.4.
CVE-2020-14145
In cases where the OpenSSH client has knowledge about the remote server’s fingerprint, SSH-MITM is able to detect that the client will abort the connection with a man in the middle attack attempt. This is possible because some clients have an Information leakage when connecting to a SSH server. If the client connects for the first time, a list of crypto algorithms are sent in a predefined order, but when the client has knowledge about the remote’s fingerprint, the algorithms are sent in a different order.
NIST and MITRE reference SSH-MITM as a tool to check if a client is affected by CVE-2020-14145. [3] [4]
Security implications
SSH-MITM is a man in the middle tool and should only be used for security audits or malware analysis.
Due to the fact that known exploits for SSH clients are implemented [5] and used to intercept clients, SSH-MITM should be treated as a security risk and must not be used as a jump server.
Platforms
SSH-MITM is written in Python, which allows the server to run on different platforms like Linux, Microsoft Windows and MacOS.
The main development platform is Linux, because the server supports the Tproxy kernel feature, which is used for transparent proxy support.
Licensing
SSH-MITM is open source, licensed under the LGPL-3.0 [6]
See also
References
- ↑ "SSH-MITM Releases". Retrieved 1 March 2021.
- ↑ "Python Paramiko".
- ↑ "NIST - CVE-2020-14145".
- ↑ "MITRE - CVE-2020-14145".
- ↑ "SSH-MITM Implementation of CVE-2020-14145".
- ↑ "SSH-MITM license".
External links
- SSH-MITM Homepage
- SSH-MITM Source on Github
- Linuxnews.de - SSH MITM Proxy Server für Security Audits einsetzen (german)
| Email clients | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Secure communication |
| ||||||||||||||
| Disk encryption (Comparison) | |||||||||||||||
| Anonymity | |||||||||||||||
| File systems (List) | |||||||||||||||
| Service providers | |||||||||||||||
| Educational | |||||||||||||||
| Related topics | |||||||||||||||
This article "SSH-MITM" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:SSH-MITM. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
