SSH-MITM is a man-in-the-middle SSH server designed for security audits, enabling interception, session hijacking, and file manipulation during SSH connections.
SSH-MITM - ssh audits made simple
This tool is primarily used by penetration testers and red teamers to audit SSH connections by intercepting authentication attempts and sessions, including publickey and password authentication. It helps assess SSH client and server security by enabling session hijacking, phishing of FIDO tokens, and file transfer manipulation, making it valuable for security audits and malware analysis.
SSH-MITM requires a forwarded SSH agent for publickey authentication to the remote server; if no agent is forwarded, it can redirect sessions to a honeypot. Users should ensure legal authorization before deploying this tool, as it performs active man-in-the-middle attacks. The tool supports advanced features like MOSH interception and plugin extensibility, making it suitable for comprehensive SSH security assessments.
Download the latest AppImage from https://github.com/ssh-mitm/ssh-mitm/releases/latest/download/ssh-mitm-x86_64.AppImage
Alternatively, install via Flathub from https://flathub.org/apps/at.ssh_mitm.server
Or install via Snap Store using snap install ssh-mitm
Refer to the official documentation at https://docs.ssh-mitm.at for detailed installation and configuration guidancessh-mitm
Starts the SSH-MITM server to intercept SSH connections
ssh-mitm --help
Displays help information and available command options
ssh-mitm --session-hijack
Enables hijacking and logging of terminal sessions
ssh-mitm --phish-fido
Activates phishing of FIDO tokens during authentication
ssh-mitm --port-forwarding
Enables port forwarding with SOCKS 4/5 support