SSH MITM is currently based on OpenSSH 7.5p1. This was intentionally frozen due to the fact that several old algorithms were fully removed in 7.6 and later; these algorithms are needed in order to MITM old servers, which are surprisingly still present in corporate environments (like in networking equipment and embedded devices).
However, OpenSSH 7.5p1 is dependent on OpenSSL 1.0.2, which is no longer supported. While the AppArmor profiles may reduce its exploitable surface, depending on it in the long term may not be a good strategy. Therefore, we may need to create a new branch of SSH MITM to use new versions of OpenSSH & OpenSSL, and let users decide if they want to use the current branch with a higher security risk but better compatibility.
Upgrading the OpenSSH version is likely to be a major undertaking. Help from the community would be much appreciated!
SSH MITM is currently based on OpenSSH 7.5p1. This was intentionally frozen due to the fact that several old algorithms were fully removed in 7.6 and later; these algorithms are needed in order to MITM old servers, which are surprisingly still present in corporate environments (like in networking equipment and embedded devices).
However, OpenSSH 7.5p1 is dependent on OpenSSL 1.0.2, which is no longer supported. While the AppArmor profiles may reduce its exploitable surface, depending on it in the long term may not be a good strategy. Therefore, we may need to create a new branch of SSH MITM to use new versions of OpenSSH & OpenSSL, and let users decide if they want to use the current branch with a higher security risk but better compatibility.
Upgrading the OpenSSH version is likely to be a major undertaking. Help from the community would be much appreciated!