You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SSH MITM is currently based on OpenSSH 7.5p1. This was intentionally frozen due to the fact that several old algorithms were fully removed in 7.6 and later; these algorithms are needed in order to MITM old servers, which are surprisingly still present in corporate environments (like in networking equipment and embedded devices).
However, OpenSSH 7.5p1 is dependent on OpenSSL 1.0.2, which is no longer supported. While the AppArmor profiles may reduce its exploitable surface, depending on it in the long term may not be a good strategy. Therefore, we may need to create a new branch of SSH MITM to use new versions of OpenSSH & OpenSSL, and let users decide if they want to use the current branch with a higher security risk but better compatibility.
Upgrading the OpenSSH version is likely to be a major undertaking. Help from the community would be much appreciated!
The text was updated successfully, but these errors were encountered:
SSH MITM is currently based on OpenSSH 7.5p1. This was intentionally frozen due to the fact that several old algorithms were fully removed in 7.6 and later; these algorithms are needed in order to MITM old servers, which are surprisingly still present in corporate environments (like in networking equipment and embedded devices).
However, OpenSSH 7.5p1 is dependent on OpenSSL 1.0.2, which is no longer supported. While the AppArmor profiles may reduce its exploitable surface, depending on it in the long term may not be a good strategy. Therefore, we may need to create a new branch of SSH MITM to use new versions of OpenSSH & OpenSSL, and let users decide if they want to use the current branch with a higher security risk but better compatibility.
Upgrading the OpenSSH version is likely to be a major undertaking. Help from the community would be much appreciated!
The text was updated successfully, but these errors were encountered: