littlebear2
commented
2 years ago This server is only able to intercept password authentication. There is a branch with public key authentication, but both authentication methods does not work together :disappointed:
There is another @ssh-mitm project which is able to intercept public key authentication: https://github.com/ssh-mitm/ssh-mitm
With the other project, I was able to successfully intercept publickey and password authentication.
I don't know how this works, but the recommended project is able to use the same authentication method as the remote server. This means, if you want to login with publickey authentication it only accepts the same key as the remote server. If logging in with publickey authentication is not possible, because you have no publickeys which are allowed to login to the remote server, the mitm server falls back to password authentication. That's how magic works :smiley:
Note on publickey authentication: The other server is able to fully intercept publickey authentication, but only when an agent was forwarded. If no agent was forwarded, the session will be closed. This can be avoided if you use a honeypot as fallback.
ssh-mitm --remote-host 1.2.3.4:22 --fallback-host user:password@honeypot:22The fallback host is only used, when the client is allowed to login with publickey authentication on the remote server but no agent was forwarded! If the client is not allowed to login with publickey authentication on the remote server, authentication against the mitm server also fails.
jtesta
Can you modify this program to record only correct passwords? Can you also add session hijack when public key authentication is used?