Automic VaultAutomic Vault

brew

Install ssh-mitm with Homebrew, Nix

SSH server for security audits and malware analysis. Version 5.0.1 via Homebrew; verified 2026-04-21.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install ssh-mitm

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#ssh-mitm

nixpkgs package indexes · pkgs/by-name/ss/ssh-mitm/package.nix · source: api.github.com

overview

Package summary

SSH server for security audits and malware analysis

Commands and aliases

  • ssh-mitm
  • ssh-mitm-askpass

history

Project history and usage

SSH-MITM is an interactive SSH interception tool for authorized security audits, penetration testing, training labs, and malware-analysis environments. Its package-manager relevance comes from making a specialized man-in-the-middle SSH audit workflow installable as a normal CLI rather than as a one-off lab script.

Project history

The project presents itself as an active security research tool rather than a general-purpose SSH server. Its documentation says it was originally developed to study SSH client behavior and authentication weaknesses, especially the ambiguity around FIDO2 hardware-token confirmations in man-in-the-middle scenarios.

Adoption history

The official README advertises multiple distribution channels, including AppImage, Flatpak, Snap, pip, and direct installation from GitHub. Homebrew and Nix packaging in the input show that it also entered package-manager catalogs used by security engineers who want reproducible CLI installs.

How it is used

Typical use places SSH-MITM between a client and a target SSH server, then runs commands such as `ssh-mitm server --remote-host <target-host>` and has a test client connect through the interception port. The tool can capture authentication, mirror live sessions, inspect or alter SFTP/SCP transfers, intercept port forwarding, and run audit plugins.

Why package nerds care

Package nerds care because SSH-MITM turns SSH protocol research into an installable command with extras such as tutorials, plugins, AppImage and desktop packaging, and documented CVE-driven audit workflows. It sits at the edge of package-manager culture where offensive security labs, training images, and repeatable toolchains meet.

Timeline

  • 2021: SSH-MITM research documented trivial-authentication CVEs affecting multiple SSH clients.
  • 2022: The project documented follow-up CVEs related to the same SSH authentication research area.
  • 2025: The changelog documents expansion into tutorials, plugin browsing, MOSH and PowerShell remoting interception, persistent host keys, and Terrapin detection improvements.

Related projects

  • SSH-MITM is closely related to OpenSSH, Paramiko, MOSH, SCP/SFTP clients, and SSH client vulnerability research. It is complementary to scanners and audit tools because it observes and manipulates live SSH sessions rather than only checking static configuration.

security posture

Risk level: red

broad file, network, media, or database tool signal. escape, surveillance, or offensive capability signal.

Risk classifier

red risk · medium confidence · escape-surveillance-offensive

Why

  • broad file, network, media, or database tool signal
  • escape, surveillance, or offensive capability signal

Signals

  • text:mitm
  • text:ssh,server

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 4 runtime dependencies.
  • Build metadata lists 2 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
ssh-mitmcliglobal executable
ssh-mitm-askpasscliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version5.0.1
manager updated2026-04-21
local dataok
upstreamnot checked
latest detectednot detected

https://docs.ssh-mitm.at

install metadata

Package metadata

Package keybrew:ssh-mitm
Version5.0.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/ssh-mitm
Homepagehttps://docs.ssh-mitm.at
Repositoryhttps://github.com/ssh-mitm/ssh-mitm
Upstream docshttps://docs.ssh-mitm.at/
LicenseGPL-3.0-only
Source archivehttps://files.pythonhosted.org/packages/f0/4e/c804d08c336bcff29fd665fdc3ff9d3698d529b1d75462b89bc53527862a/ssh_mitm-5.0.1.tar.gz
Last updated2026-04-21T12:10:04-07:00
Pulseupdated
Dependenciescryptography, libsodium, libyaml, python@3.14
Build dependenciespkgconf, rust
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namessh-mitm
Version Scheme0
Revision4
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

ssh-mitm

nix profile install nixpkgs#ssh-mitm
  • normalized package name match
  • Matched by: Ssh Mitm
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ss/ssh-mitm/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment