ssh-mitm
SSH-MITM is a Python-based tool for intercepting and auditing SSH connections in real time. It sits between SSH clients and servers, capturing credentials, manipulating file transfers, monitoring sessions, and testing SSH client vulnerabilities—designed for authorized penetration testing and security research only.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | ssh-mitm/ssh-mitm |
| Owner | ssh-mitm |
| Primary language | Python |
| License | GPL-3.0 — OSI-approved |
| Stars | 1.5k |
| Forks | 155 |
| Open issues | 6 |
| Latest release | 5.0.1 (2025-01-22) |
| Last updated | 2026-06-26 |
| Source | https://github.com/ssh-mitm/ssh-mitm |
What ssh-mitm is
SSH-MITM terminates both SSH client and server sides independently, forwarding traffic while logging authentication, intercepting SCP/SFTP, enabling command injection via mirror shells, and detecting SSH client vulnerabilities through key negotiation analysis. It supports MOSH, PowerShell remoting, port forwarding interception, and plugin extensibility.
Get the ssh-mitm source
Clone the repository and explore it locally.
git clone https://github.com/ssh-mitm/ssh-mitm.gitcd ssh-mitm# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires network position between client and server (routing/DNS control or physical network access); transparent proxy setup requires Linux iptables or equivalent routing.
- Latest version (5.0.1, Jan 2025) available via AppImage, pip, Flatpak, or Snap; for cutting-edge features, install directly from GitHub (pip install git+https://github.com/ssh-mitm/ssh-mitm.git).
- Interactive tutorial accessible via `ssh-mitm tutorial` command; mirrors sessions on dynamic local ports; auditors must monitor logs and web UI simultaneously.
- Plugin system allows custom authentication handlers, file transfer hooks, and session monitoring; requires Python development knowledge to extend.
- Depends on Python runtime and standard SSH/cryptography libraries; no database or external services required for basic operation.
When to avoid it — and what to weigh
- Production SSH traffic interception without explicit written authorization — Unauthorized SSH interception may be illegal. Deploy only on systems you own or have explicit written permission to test; monitor all use to remain compliant.
- Reliance on SSH-MITM for continuous network monitoring — Designed for short-term audits and interactive investigation, not long-running traffic mirroring. For persistent monitoring, consider dedicated network analysis tools.
- Expectation of seamless integration with existing security infrastructure — SSH-MITM is a standalone audit tool. Integration with SIEM, alerting, or authentication systems requires custom development via its plugin API.
- Scenarios requiring passive-only, non-invasive observation — SSH-MITM is an active MITM proxy that terminates both sides. It cannot observe without becoming visible in the connection path and will affect latency and reliability.
License & commercial use
Licensed under GPL-3.0 (GNU General Public License v3.0). This is a copyleft license requiring any modifications or distributions to remain open-source under GPL-3.0.
GPL-3.0 is a copyleft license. Commercial use of SSH-MITM as-is is permitted, but: (1) distributing modified versions requires source code release under GPL-3.0; (2) linking or bundling with proprietary code requires legal review. Consult legal counsel before commercial deployment or integration. The project is open-source and not affiliated with a commercial vendor offering indemnification or support contracts.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
SSH-MITM is a penetration testing tool designed to intercept SSH traffic and credentials. Operational security considerations: (1) restrict network access to the MITM host and mirror shell ports to authorized auditors only; (2) log and audit all intercepted credentials and file transfers; (3) run in isolated lab environments unless explicitly authorized; (4) be aware that the MITM position introduces a latency/reliability risk—client and server may detect unusual delays; (5) obtained credentials and session data must be handled securely (encrypted storage, restricted access, timely deletion post-audit). No claim of cryptographic strength or vulnerability-free implementation can be made from the data; review threat model for your specific use case.
Alternatives to consider
Proxyman / mitmproxy (generic HTTPS/HTTP proxy)
General-purpose proxy for HTTP/HTTPS, not SSH-specific. Lacks SSH credential interception, file transfer manipulation, and SSH client vulnerability detection.
Teleport (gravitational) or Bastion hosts
Session logging and access control for SSH, but not MITM-based. Does not intercept credentials or manipulate file transfers; focuses on authorized access management.
OpenSSH with GSSAPI/certificate auth + syslog/auditd
Native SSH logging and audit trails. Does not enable active interception, command injection, or file transfer manipulation. Better for compliance and passive monitoring.
Build on ssh-mitm with DEV.co software developers
SSH-MITM is available as a free, open-source download. Start with the interactive tutorial to learn session interception, then deploy in your authorized test environment. For commercial integration or custom extensions, consult our development team.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
ssh-mitm FAQ
Is SSH-MITM legal to use?
Can SSH-MITM be detected by the SSH client or server?
Does SSH-MITM log to a central server or database?
Can I use SSH-MITM to audit my own infrastructure?
Work with a software development agency
DEV.co helps companies turn open-source tools like ssh-mitm into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.
Ready to audit your SSH infrastructure?
SSH-MITM is available as a free, open-source download. Start with the interactive tutorial to learn session interception, then deploy in your authorized test environment. For commercial integration or custom extensions, consult our development team.