[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hi, is it possible to learn from which IP address the user logged in to my proxy server? #145

Closed
manfred-kaiser opened this issue Aug 18, 2023 · 3 comments
Closed

Hi, is it possible to learn from which IP address the user logged in to my proxy server? #145

manfred-kaiser opened this issue Aug 18, 2023 · 3 comments

Comments

@manfred-kaiser
Copy link
Member

Hi, is it possible to learn from which IP address the user logged in to my proxy server?

Originally posted by @nici22 in #144
@manfred-kaiser
Copy link
Member Author

@nici22 thanks for the suggestion. you are right and adding source ip to the output will be useful.

I will add client connection information in the logoutput it in the next release.

@nici22
Copy link
nici22 commented Aug 26, 2023
edited
Loading

Okay, thanks in advance

@manfred-kaiser
Copy link
Member Author

I have added more information to the log output.

If you are using the formated text output, the ip address will printed in following format:

INFO     ℹ client information:                                                                                                              
           - client version: ssh-2.0-openssh_8.4                                                                                            
           - product name: OpenSSH                                                                                                                        
           - vendor url:  https://www.openssh.com/                                                                                                        
          - client address: ip=::1 port=49702

If you need to parse the log output, you can use the json log format.
To use the log format, you must use the --log-format parameter: ssh-mitm --log-format=json server

The client info json has following format:

{
  "message": "client information:\n  - client version: ssh-2.0-openssh_8.4\n  - product name: OpenSSH\n  - vendor url:  https://www.openssh.com/\n - client address: ip=::1 port=56822\n client affected by CVEs:\n  * CVE-2021-28041: https://nvd.nist.gov/vuln/detail/CVE-2021-28041\n  * CVE-2020-14145: https://docs.ssh-mitm.at/vulnerabilities/CVE-2020-14145.html\n client audit tests:\n  * client connecting for the first time or using default key order!\n  * Preferred server host key algorithm: ecdsa-sha2-nistp256-cert-v01@openssh.com",
  "client_version": "ssh-2.0-openssh_8.4",
  "product_name": "OpenSSH",
  "vendor_url": "https://www.openssh.com/",
  "client_address": {
    "ip": "::1",
    "port": 56822
  },
  "tid": 32313,
  "module": "clientaudit",
  "sessionid": "0ae08089-89b3-4242-aeae-14f5bdd820ff",
  "timestamp": "2023-09-06T10:19:20.952746Z",
  "level": "INFO"
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manfred-kaiser @nici22