Spawn a MITM SSH Server instance
- Each MITM SSH Server instance is associated with a container/honeypot (specified with the command line arguments).
- The MITM SSH Server software will be running on the host OS instead of the guest OS.
- This indicates that the MITM processes will show up in the Proxmox Host's processes list but it will not show inside the container's processes list. The container will thus not have access to the MITM SSH server processes.
For the MITM SSH server to be in the middle of an active SSH connection, the incoming SSH traffic from the Internet to the Honeypot's SSH server must instead be redirected to the MITM SSH server. The MITM SSH server will then establish an SSH connection to the Honeypot's SSH server.
Original SSH Connection:
With MITM:
A firewall rule is then required to redirect the incoming SSH traffic from the Internet to its respective MITM SSH server instance running on the Proxmox Host.
- Each MITM SSH Server instance must use a different port between 1024 and 65535.
node [full path to ./mitm.js] [options]
You can always use the --help option to see a full list of configuration options.
See this page to start a MITM SSH Server instance in the background