sshmitm.session module
Session Class
The Session class provides the ability to start, manage, and close an interactive session between a client and a server. It provides a convenient and exception-safe way to handle sessions in your application.
try:
with Session(self, client, addr, self.authenticator, remoteaddr) as session:
if session.start():
while session.running:
# session is running
pass
else:
logging.warning("(%s) session not started", session)
except Exception:
logging.exception("error handling session creation")
This code creates a session object using the session_class method, and wraps it in a with statement. The start method is then called on the session object. If the start method returns True, the session is considered running and the running property of the session is checked in a while loop. If the start method returns False, a warning message is logged indicating that the session was not started. If any exceptions are raised during session creation, they are logged using the logging.exception method.
- class sshmitm.session.AuthState(username='', username_provided=None, password=None, password_provided=None, remote_key=None, accepted_key=None, agent=None, kbdint_responses=<factory>)
Bases:
object- Parameters:
username (
str, default:'')username_provided (
str|None, default:None)password (
str|None, default:None)password_provided (
str|None, default:None)remote_key (
PKey|None, default:None)accepted_key (
PKey|None, default:None)agent (
AgentProxy|None, default:None)kbdint_responses (
list[tuple[str,str]], default:<factory>)
- __init__(username='', username_provided=None, password=None, password_provided=None, remote_key=None, accepted_key=None, agent=None, kbdint_responses=<factory>)
- Parameters:
username (
str, default:'')username_provided (
str|None, default:None)password (
str|None, default:None)password_provided (
str|None, default:None)remote_key (
PKey|None, default:None)accepted_key (
PKey|None, default:None)agent (
AgentProxy|None, default:None)kbdint_responses (
list[tuple[str,str]], default:<factory>)
- accepted_key: PKey | None = None
- agent: AgentProxy | None = None
- kbdint_responses: list[tuple[str, str]]
- password: str | None = None
- password_provided: str | None = None
- remote_key: PKey | None = None
- username: str = ''
- username_provided: str | None = None
- class sshmitm.session.BaseSession
Bases:
SSHMITMBaseModuleSets the custom session class for SSH-MITM, controlling session behavior, logging, and interaction handling.
- __init__()
- register_session_thread()
- Return type:
None
- class sshmitm.session.NetconfState(requested=False, command=b'', client=None, client_ready=<factory>, server_capabilities=<factory>, client_capabilities=<factory>, use_chunked=False)
Bases:
object- Parameters:
requested (
bool, default:False)command (
bytes, default:b'')client (
NetconfClient|None, default:None)client_ready (
Event, default:<factory>)server_capabilities (
frozenset[str], default:<factory>)client_capabilities (
frozenset[str], default:<factory>)use_chunked (
bool, default:False)
- __init__(requested=False, command=b'', client=None, client_ready=<factory>, server_capabilities=<factory>, client_capabilities=<factory>, use_chunked=False)
- Parameters:
requested (
bool, default:False)command (
bytes, default:b'')client (
NetconfClient|None, default:None)client_ready (
Event, default:<factory>)server_capabilities (
frozenset[str], default:<factory>)client_capabilities (
frozenset[str], default:<factory>)use_chunked (
bool, default:False)
- client: NetconfClient | None = None
- client_capabilities: frozenset[str]
Capabilities advertised by the client in its <hello>.
- client_ready: Event
- command: bytes = b''
- requested: bool = False
- server_capabilities: frozenset[str]
Capabilities advertised by the remote NETCONF server in its <hello>.
- use_chunked: bool = False
1.1 (RFC 6242 chunked framing).
- Type:
True when both sides negotiated
- Type:
base
- class sshmitm.session.PowerShellState(requested=False, command=b'', client=None, client_ready=<factory>)
Bases:
object- Parameters:
requested (
bool, default:False)command (
bytes, default:b'')client (
PowerShellClient|None, default:None)client_ready (
Event, default:<factory>)
- __init__(requested=False, command=b'', client=None, client_ready=<factory>)
- Parameters:
requested (
bool, default:False)command (
bytes, default:b'')client (
PowerShellClient|None, default:None)client_ready (
Event, default:<factory>)
- client: PowerShellClient | None = None
- client_ready: Event
- command: bytes = b''
- requested: bool = False
- class sshmitm.session.RemoteState(socket_address, address=<factory>, address_reachable=True)
Bases:
object- Parameters:
socket_address (
tuple[str,int] |tuple[str,int,int,int])address (
tuple[str|None,int|None], default:<factory>)address_reachable (
bool, default:True)
- __init__(socket_address, address=<factory>, address_reachable=True)
- Parameters:
socket_address (
tuple[str,int] |tuple[str,int,int,int])address (
tuple[str|None,int|None], default:<factory>)address_reachable (
bool, default:True)
- address: tuple[str | None, int | None]
- address_reachable: bool = True
- socket_address: tuple[str, int] | tuple[str, int, int, int]
- class sshmitm.session.SCPState(requested=False, command=b'', handler_entry=None)
Bases:
object- Parameters:
requested (
bool, default:False)command (
bytes, default:b'')handler_entry (
ExecHandlerEntry|None, default:None)
- __init__(requested=False, command=b'', handler_entry=None)
- Parameters:
requested (
bool, default:False)command (
bytes, default:b'')handler_entry (
ExecHandlerEntry|None, default:None)
- command: bytes = b''
- handler_entry: ExecHandlerEntry | None = None
- requested: bool = False
- class sshmitm.session.SFTPState(requested=False, channel=None, client=None, client_ready=<factory>)
Bases:
object- Parameters:
requested (
bool, default:False)channel (
Channel|None, default:None)client (
SFTPClient|None, default:None)client_ready (
Event, default:<factory>)
- __init__(requested=False, channel=None, client=None, client_ready=<factory>)
- Parameters:
requested (
bool, default:False)channel (
Channel|None, default:None)client (
SFTPClient|None, default:None)client_ready (
Event, default:<factory>)
- channel: Channel | None = None
- client: SFTPClient | None = None
- client_ready: Event
- requested: bool = False
- class sshmitm.session.SSHState(requested=False, client=None, client_auth_finished=False, client_created=<factory>, pty_kwargs=None, remote_channel=None)
Bases:
object- Parameters:
requested (
bool, default:False)client (
SSHClient|None, default:None)client_auth_finished (
bool, default:False)client_created (
Condition, default:<factory>)pty_kwargs (
dict[str,Any] |None, default:None)remote_channel (
Channel|None, default:None)
- __init__(requested=False, client=None, client_auth_finished=False, client_created=<factory>, pty_kwargs=None, remote_channel=None)
- Parameters:
requested (
bool, default:False)client (
SSHClient|None, default:None)client_auth_finished (
bool, default:False)client_created (
Condition, default:<factory>)pty_kwargs (
dict[str,Any] |None, default:None)remote_channel (
Channel|None, default:None)
- client: SSHClient | None = None
- client_auth_finished: bool = False
- client_created: Condition
- pty_kwargs: dict[str, Any] | None = None
- remote_channel: Channel | None = None
- requested: bool = False
- class sshmitm.session.Session(proxyserver, client_socket, client_address, authenticator, remoteaddr, banner_name=None)
Bases:
BaseSessionManages an intercepted SSH session from handshake to teardown.
This is the default session class. It tracks all state for a single client connection — authentication credentials, transport, active channels, and protocol-specific state for SSH, SCP, SFTP, NETCONF, and PowerShell.
A session log directory can be configured with
--session-log-dir; plugins use this path to store captured data under<log-dir>/<session-id>/.Usage example
ssh-mitm server --session-class base
Notes
This is the default session class; no explicit flag is needed unless using a custom session implementation.
The maximum number of concurrent connections can be capped with
--max-connections(default: 100; 0 = unlimited).
- Parameters:
proxyserver (
SSHProxyServer)client_socket (
socket)client_address (
tuple[str,int] |tuple[str,int,int,int])authenticator (
type[Authenticator])remoteaddr (
tuple[str,int] |tuple[str,int,int,int])banner_name (
str|None, default:None)
- CIPHERS = None
- __init__(proxyserver, client_socket, client_address, authenticator, remoteaddr, banner_name=None)
- Parameters:
proxyserver (
SSHProxyServer) – the proxy server instance managing this session.client_socket (
socket) – the socket representing the incoming client connection.client_address (
tuple[str,int] |tuple[str,int,int,int]) – address information of the connecting client.authenticator (
type[Authenticator]) – the authenticator class to use for this session.remoteaddr (
tuple[str,int] |tuple[str,int,int,int]) – the remote address to connect to.banner_name (
str|None, default:None) – optional custom SSH banner name sent to the client.
- agent_requested: Event
- authenticator: Authenticator
- channel: Channel | None
- close()
Close the session and release the underlying resources.
- Return type:
None
- env_requests: dict[bytes, bytes]
- finalize_upstream_transport()
- Return type:
None
- get_session_log_dir()
Returns the directory where the ssh session logs will be stored.
- Return type:
str|None- Returns:
The directory path where the ssh session logs will be stored, or None if the directory is not specified.
- property netconf_channel: Channel | None
- classmethod parser_arguments()
Add an argument to the command line parser for session plugin.
- Return type:
None
- property powershell_channel: Channel | None
- proxyserver: SSHProxyServer
- property running: bool
Returns the running state of the current session.
- Returns:
A boolean indicating whether the session is running or not
- property scp_channel: Channel | None
- session_log_dir: str | None
- property ssh_channel: Channel | None
- start()
Start the session and initialize the underlying transport.
- Return type:
bool
- property transport: Transport
Returns the type of transport being used by the current session.
- Returns:
A string representing the transport type