EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSH Proxy

Posted: 07/31/2013 16:02:37
by Ken Payson (Basic support level)
Joined: 07/31/2013
Posts: 1


I'm investigating tools/.NET APIs to create an SSH proxy that would allow recording and possibly filtering everything a user typed in an SSH Session. The use case is that the companies we are developing this for need to record what happens during SSH sessions for security and auditing purposes.

Can SecureBlackbox help us to create such a proxy? The client that needs to be used is PuTTY and the server can be almost any SSH Server.

Any links to code samples and/or pointers on how architect this would be awesome!

Posted: 07/31/2013 17:19:43
by Ken Ivanov (Team)

Hello Ken,

Thank you for addressing us such an interesting question.

In general case the answer is no, there's no practical way of implementing such a proxy. SSH was designed with the goal of securing communications that run over insecure channels, so this protocol effectively protects the peers from being eavesdropped by third parties (whatever intentions, bad or good, they have). That is, it is technically impossible to build a generic proxy that will be intercepting SSH traffic and extracting plain material from it.

However, this rule is indeed applicable to *general case*, where a 'listener' (not to call them an 'attacker') is unaware of client's or server's implementation details and has no access to environment configuration. However, if you need to intercept traffic coming from a specific SSH client tool that is a part of specific environment, there are certain techniques you can use. Those techniques target not the protocol itself (what is hopeless), but try to utilize the specifics of the environment they are supposed to work in. Note that in most cases the techniques are not honest enough and require certain adjustment of the environment's configuration, but you should understand that what you are trying to do is trick a security system.

The first, and the most easy-to-implement technique, is to present your proxy tool as an SSH server to the clients and as an SSH client to the remote SSH servers. The clients will be connecting to your proxy's SSH server, which will be then relaying the traffic to the remote SSH servers, recording or intercepting it at the same time. This can be done either in public (the clients know that they are connecting to your SSH server and not the real one), or concealed (the clients believe they are connecting to the real server and not yours) ways.

The other idea is to alter the Putty's source code in certain way and deploy the modified Putty installation to the client's machines. The modified Putty will be using specific protocol parameter values to allow the proxy (which will be a pass-through one in this case) decrypt and possibly alter the data on-the-fly.



Topic viewed 1015 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!