Mosh: Modernizing SSH With IP Roaming, Instant Local Echo

An anonymous reader writes "Launched in 1995, SSH quickly became the king of network login tools, supplanting the old insecure mainstays TELNET and RLOGIN. But 17 years later, a group of MIT hackers have come out with "mosh", which claims to modernize the most annoying parts of SSH. Mosh keeps its connection alive when clients roam among WiFi networks or switch to 3G, and gives instant feedback on typing (and deleting). No more annoying network lag on typing, the MIT boffins say, citing Bufferbloat, which has been increasing latencies." The folks involved have a pre-press research paper with the gritty details (to be presented at USENIX later this year). Mosh itself is not particularly exciting; the new State Synchronization Protocol it is based upon might be: "This is accomplished using a new protocol called the State Synchronization Protocol, for which Mosh is the first application. SSP runs over UDP, synchronizing the state of any object from one host to another. Datagrams are encrypted and authenticated using AES-128 in OCB mode. While SSP takes care of the networking protocol, it is the implementation of the object being synchronized that defines the ultimate semantics of the protocol."

First they invented telnet, which had...

[ArsenneLupin]

... a negotiable LOCAL_ECHO mode. Then they invented ssh, and left away that LOCAL_ECHO and linebuffered flags, considered to be archaic.

And 15 years later, LOCAL_ECHO is back in mosh!

Re:First they invented telnet, which had...

[Animats]

.. a negotiable LOCAL_ECHO mode. Then they invented ssh, and left away that LOCAL_ECHO and linebuffered flags, considered to be archaic. And 15 years later, LOCAL_ECHO is back in mosh!

Right. Breaking local echo in Telnet was a Berkeley misfeature. It was in 3COM's UNET, which predated Berkley networking in UNIX. (Berkeley did not introduce networking in UNIX. Theirs was the third or fourth implementation, after ones from BBN, 3COM, and Phil Karn.) With UNET, circa 1983, Telnet had local echo until you used something like VI or the RAND full screen editor, at which point the server noticed the stty call which switched to "raw mode" and switched to remote echo.

Seamless transition from local echo to remote echo is even older. It was in Tymnet, which used markers called a "red ball" and a "green ball" to do the switch seamlessly.

Pass on the local echo please!

[Anrego]

and gives instant feedback on typing (and deleting).

That sounds like a step backwards to me. Any utility in that is lost when something doesn’t sync up properly. When I hit a key, I want to know it has been sent and received and see the result.. not see the result as my shell predicts it. Maybe I’m just having local echo flashbacks from past telnet experiences.

Everything else sounds really neat though. I don’t jump wifi often enough for re-connecting and re-attaching to screen to be a big deal.. but I can see the utility for those who do.

Re:Pass on the local echo please!

It's not like you aren't used to passing a bunch of obscure flags to Linux commands anyway. I'm sure there will be one for this, as well as a ssh_config option.

Re:Pass on the local echo please!

From their website:

Disable instant echo

$ mosh --predict=never niennunb

The -n switch is a synonym. By contrast, passing --predict=always or -a will enable instant local echo even on low-delay links.

Sounds like it tries to be smart about this, but not so smart as to not allow a human to force things the way he wants them.

Re:Pass on the local echo please!

[Anrego]

Hmm, I missed that bit. I assumed there would be a feature to disable it, but didn't realize it would only come on in low latency ..

Re:Pass on the local echo please!

According to their website, locally echoed but not yet synced input is visually distinct from synced content, so you'll always know what has been sent and what hasn't.

Re:Pass on the local echo please!

I've been using it for a few days now, and I find the local echo to be quite a useful feature. Many of the machines I remotely use are on different continents, and waiting for my keypress to make a round trip can be frustrating at times.

Mosh also makes it clear which characters have been successfully transmitted by underlining those that are still finding their way through the tubes... i've never been unsure what has or has not been received.

After a few days of using mosh, I don't see myself going back to plain old ssh anytime soon.

Re:Pass on the local echo please!

[gstrickler]

Sounds like a great solution. Responsiveness is critical for user interaction, therefore, local echo is vital for high latency links. Knowing that the remote end has received the same thing you see locally (and if it's performing character-by-character filtering, seeing those results) is also important. Local echo, with remote echo verification.

Re:Pass on the local echo please!

[Jeremi]

That sounds like a step backwards to me. Any utility in that is lost when something doesnâ(TM)t sync up properly. When I hit a key, I want to know it has been sent and received and see the result.. not see the result as my shell predicts it.

Easy to say until you are (attempting to) type in a longish shell command into a server across an overloaded Internet connection. In that situation, you have two choices: either wait 1 second after each character, to make sure you typed it correctly, or blindly type a bunch of characters at once and hope you didn't make any typos. And if you did make a typo, then you're really in the sh*t, because now you have to figure out how many characters you actually since then, and press backspace EXACTLY that number of times, plus one, and then retype the mistyped character and the newer ones. And if you get THAT wrong, then you're completely hosed, and all you can do is wait the necessary 15-30 seconds for everything to (presumably) sync up, and then figure out what you need to do next.

Either method is infuriating, and unnecessary. Since your shell command is only valid as a whole, and will only be executed after you press return, there is no point in sync'ing with the server except at the point where you press return.

Instant local echo

[Ed+Avis]

So mosh has brought back the ages-old idea of local echo on the terminal. It disappeared as soon as terminal connections became faster than the old teletype links. I have often wished for such a feature in ssh, some kind of 'cooked mode'. However I usually run a 'screen' session on the other end of ssh, with emacs inside that, and finally a shell-mode under Emacs! Mosh would need to do something quite clever to enable local editing in that.

I stopped reading after this

"To bootstrap an SSP connection, the user rst logs in to the remote host using conventional means, such as SSH or Kerberos."

Re:I stopped reading after this

[isama]

So that means it's just like GNU Screen? ctrl+a d on one connection, hop wifi, ssh and screen -x. wow. Really?

Re:I stopped reading after this

Are people still using screen instead of tmux?

Re:I stopped reading after this

[Imagix]

I think the point this has is that it will automatically do the reconnect for you. What I'm not sold on is that this now requires an arbitrary port to be open on the server side in order to connect to the mosh server, and how irritated are the security guys who control the edge firewalls on your corporate network going to get?

Re:I stopped reading after this

[David_W]

Yes, until I can figure out how to get it to stop ringing the bell when it starts and sending ^? instead of ^H for backspace, I'm still using screen.

Re:I stopped reading after this

[eldorel]

Yup. screen is already available on everything I use (and has been for a decade), from the crappy residential grade router at my mothers to the servers at client shops. Tmux, not so much.

Re:I stopped reading after this

[Junta]

Tmux's biggest claim is one of idealogy (BSD vs GPL) rather than any real technical merit.

Actually, tmux defaults at least are nice. When I 'tmux a' to share a session with someone else, our multi-window view is synced. Fit-to-terminal is a bit more sane too.

Screen developer/advocates really need to provide a guide on how to make screen behave like tmux default, if possible. Ctrl-A default bind is annoying as anything too.

Re:I stopped reading after this

[phoenix_rizzen]

And many (most?) SSH clients support auto-reconnect on short network drops. And many even support reconnect on IP change (like when switching wireless networks or to 3G). And you can even configure your tmux (way better than screen) session to connect on login.

Thus, many SSH clients already do everything that MOSH does, but without having to install any new software anywhere.

Re:I stopped reading after this

[skids]

Ctrl-A default bind is annoying as anything too.

Yeah, always had issues with that. I always set to CTRL-G, since the only thing I ever use that key for is bailing out of thinkos in emacs, and double-pumping that in non-screen mode is pretty harmless.

Plus, being an alarm key, it's more semantically correct.

Re:I stopped reading after this

[skids]

This. My guess is fixups for automatically opening pinholes for Cisco gear will be a long time coming for this new protocol. Really this needs to be integrated into the SSH server and run on the SSH port to be useful in a modern enterprise environment.

Re:I stopped reading after this

[jgrahn]

"To bootstrap an SSP connection, the user rst logs in to the remote host using conventional means, such as SSH or Kerberos."

I stopped reading where it said they use UDP. People who say "I can outperform TCP" are almost always wrong, and I'm quite fed up with badly behaved UDP-based protocols. Citing the "bufferbloat" theory is also a bad sign, but that may be just a misleading summary.

Re:I stopped reading after this

[jgrahn]

And many (most?) SSH clients support auto-reconnect on short network drops.

It's not even a case of reconnect. A TCP connection lasts forever or until one side says "stop"; all the client has to do is *not* explicitly time out after N seconds. Misconfigured NAT devices tend to fuck this up though; one of many reasons NAT is evil.

Re:I stopped reading after this

[jgrahn]

So that means it's just like GNU Screen? ctrl+a d on one connection, hop wifi, ssh and screen -x. wow. Really?

Except the feature will be there even if you don't want it, I guess. Who cleans up the dead sessions, I wonder? It's already a problem with screen in some setups I've seen; people create sessions and then forget about them.

(Screen or similar software. I don't care what's the latest and greatest is; we're discussing the general feature of attached/detached terminal sessions.)

Obsolete within five years

[mikael_j]

While neat for those who are currently in areas with spotty wireless coverage it is a neat idea but for most users I don't think it's that much of an issue, even at the moment.

Fast forward five years and I just don't see this software being all that useful. Sure, there's always gonna be that handful of people who will scream that this is extremely useful because they're always hopping between wifi hotspots but most users are using 3G/4G when they're on the move and coverage for those is already "good enough" in most civilized places and steadily improving. I've taken 5+ hour train trips several times and only had ssh connections drop once or twice on those trips (due to spotty coverage in what would quality as the middle of nowhere in northern Sweden).

This is like "solving" the IPv4 address exhaustion problem with NAT, it's a neat workaround but doesn't actually solve the problem.

Re:Obsolete within five years

So, once again, just because you cannot see a benefit, everyone shouldn't either? Try this in your perfect network world: Passenger in a car, logging on to remote boxen, car is moving in and out building, not fucking straight lines on a railway track). Get the picture?

Re:Obsolete within five years

My phone prefers wifi over 3g, I often hop between the two even with good coverage.

Re:Obsolete within five years

It's a pain in the butt if you jump between wired & wireless connections, or your work has "dead zones" in the Wifi coverage. It was one of the main reasons I switched from X11 over SSH to VNC: VNC let me reconnect and resume my session while SSH just conked out.

Re:Obsolete within five years

[ArsenneLupin]

you manage to concoct an edge case

Sorry, this is about 3G/4G, not EDGE.

how often do you ssh while in a moving car

As the passenger, of course. Only fools drive and text *wink* wink*.

that's going in and out of buildings?

Parking garages. Tunnels. Toll plazas. Petrol Stations. Or just between two tall buildings blocking out the signal.

Re:Obsolete within five years

[gstrickler]

Satellite links, network congestion/delays, and other sources of high latency aren't going to magically disappear in 5 years, nor 10, 15, or 20 years. Until you can bypass the speed of light (in x transmission medium) as the limiting factor, this is useful.

Re:Obsolete within five years

[TeknoHog]

Fast forward five years and I just don't see this software being all that useful. Sure, there's always gonna be that handful of people who will scream that this is extremely useful because they're always hopping between wifi hotspots but most users are using 3G/4G when they're on the move

Dunno about 4G, but 3G has enough latency to make ssh annoying, so Mosh would definitely be an improvement.

Re:Obsolete within five years

[A+nonymous+Coward]

Wow you're dull and unimaginative. Imagine a cell phone constantly keeping in touch, and WiFi is faster than cell.

Imagine any number of things which are unimaginable. Stretch that brain!

Re:Obsolete within five years

[Kidbro]

I just started using it (after seeing this article) to connect from my laptop which I suspend and carry in my backpack from work to home. Opened the lid, and the session is still seemingly intact after the few seconds it takes to find my home wifi.
No 4G connection in the world is gonna help a device that's effectively turned off.

I don't think this is a very unusual use case.

Re:Obsolete within five years

[the_B0fh]

And people still don't know how to use authorized_keys? WTF?

Re:Obsolete within five years

[silanea]

If we only ever built technology that appeared immediately useful for at least 95% of the population we would still be trying to figure out how to transport messages across long distances without using a horse.

Re:Obsolete within five years

[franciscohs]

So we should just skip using any technology that will be obsolete in five years? (and I won't even discuss if that's actually true in this case)

Re:Obsolete within five years

[myrdos2]

I work with tele-operated robots, and I must say this is an amazingly useful feature. The robots can establish a connection with either WiFi or 3G, and are meant to navigate in indoor environments. With WiFi, you can go a short distance before losing signal. With 3G, you can go a short distance before losing signal.

People with laptops or mobiles seldom notice the dead zones - they don't suddenly stop walking whenever they hit one.

Re:Obsolete within five years

[pnutjam]

try screen for ssh

Re:Obsolete within five years

Or byobu, but I don't think either will help him if he is forwarding X over ssh using screen. Sure, he'll get his terminal history back when he logs in again, but his GUI program will be long dead, negating any benefit this would have for him.

But if he's not using X forwarding, then you are correct.

Re:Obsolete within five years

[thegarbz]

This is like "solving" the IPv4 address exhaustion problem with NAT, it's a neat workaround but doesn't actually solve the problem.

I think you're not focusing on what the actual "problem" is. NAT really is a bandaid solution for a lack of IP addresses. NAT does solve the issue of multiple devices sharing an common WAN address.

Mosh addresses the issues of connections essentially being treated as static routes no more no less. The problem is the proliferation of different protocols and networks and devices which attempt to seemlessly hop between them to remain in a coverage area. While the hopping bit works quite well (as soon as I am near my house my device switches to WiFi) any persistent connections would be lost. This was not a problem with for instance 3G / 4G coverage as the underlying network protocols will seemlessly transition from one tower to the next, however it fails where you start bouncing from one technology to another.

This is only going to get worse as more WiFi hotspots appear, cities run their own WiFi networks, different mobile phone technologies emerge, and we become more and more mobile. Unlike using NAT for lack of IPv4 as a bandaid which essentially breaks some services, the idea of creating a protocol that can pick up from where it left off is really a well thought out solution to a specific problem.

Re:Obsolete within five years

[asdf7890]

For that though, I and many others already use screen similar. Though mosh sounds interesting enough a collection of features to warrant me having a play.

Re:Obsolete within five years

[Kidbro]

The "problem" with screen is that it requires manual intervention to resume. FWIW I've been using screen for this for the past ten years or so (well, tmux the last one or two...), but it's still annoying to have to reconnect and attach. mosh handles the reconnection transparently.

Re:Obsolete within five years

[asdf7890]

You can easily automate reattaching or restarting screen/byobu (and presumably tmux too using similar incantations) using something like this sample: http://fransdejonge.com/2011/06/more-fun-with-screen-and-ssh-with-byobu-automatic-reattaching/

Re:Obsolete within five years

[hobarrera]

Not all the world has 4G. Heck, my mom live in a 300k population city (and one of the largest in this country), and there's not even 3G coverage there.

I've only one or twice picked up 3G coverage myself as well.
While I agree it 10 years this will be useless, it *is* usefull now.

Re:Obsolete within five years

[Lorens]

As the passenger, of course. Only fools drive and text *wink* wink*.

Walk and text and you might get eaten by a grue. Or at least by a bear: http://www.youtube.com/watch?v=WmhvdtX72eQ

Why would I want this compatibility break?

Let's see...

I get reconnectability (which I already have, either by using a VPN or by using screen on the server), but now it's built-in.

I get local echo so I have no clue whether my connection has been dropped -- but OTOH, this is great if you have the brain of a goldfish and so can't remember what you just typed for a couple seconds till it gets echoed back. I presume this is optional, so non-goldfish-brains can tell it to 'degrade' to be as useful as ssh.

I get better unicode support -- well, that one's cool, anyway.

And it needs ssh for login, but also needs a mosh server -- so I can ssh into every server, but only mosh into a few.

Am I missing some really great thing about it? It seems like a major hassle for a minor improvement.

Re:Why would I want this compatibility break?

why is unicode a minor improvment. Not everyone wants to use english.

Re:Why would I want this compatibility break?

[pipatron]

I've never had a problem with crazy characters with plain olde SSH. what's the problem?

Re:Why would I want this compatibility break?

[Hes+Nikke]

You, now:

so I can ssh into every server, but only mosh into a few.

You, 1995:

so I can telnet into every server, but only ssh into a few.

Re:Why would I want this compatibility break?

[jellomizer]

For the most part if you are connecting via a Command Line you are using "An Older" (I am using this lightly, as a lot of new system still have command line and even new version of windows is expanding it command line) System designed for ASCII or VT100 transmission of data. Adding Unicode is a minor improvement, because for the bulk of us whatever language we speak, ls -l is still ls -l.

Unicode will be handy for newer systems that may have a more human language interface to it.

Re:Why would I want this compatibility break?

[jellomizer]

unicode isn't insecure, it is how it is used that could cause security problems. There are letters that are different then from the ASCII but look almost the same, if not the same. Which means too wide support of unicode could allow people to trick people to go to trusted names to an untrustworthy file/location.

Re:Why would I want this compatibility break?

[A+nonymous+Coward]

Let's see...

I get reconnectability (which I already have, either by using a VPN or by using screen on the server), but now it's built-in.

But now it's automatic.

I get local echo so I have no clue whether my connection has been dropped -- but OTOH, this is great if you have the brain of a goldfish and so can't remember what you just typed for a couple seconds till it gets echoed back. I presume this is optional, so non-goldfish-brains can tell it to 'degrade' to be as useful as ssh.

It also is automatic and shows what hasn't been echoed. Further, typing while lagging by a character or two is incredibly frustrating to almost all brains in existence. It's like listening to headphones which have a half second delay in what you said. Your brain simply freezes.

I get better unicode support -- well, that one's cool, anyway.

And it needs ssh for login, but also needs a mosh server -- so I can ssh into every server, but only mosh into a few.

Am I missing some really great thing about it? It seems like a major hassle for a minor improvement.

What a pessimist.

Re:Why would I want this compatibility break?

Security is a huge feature. Resurrecting local echo to screw with people's heads is not.

Plus, you don't even seem to get what I was saying; perhaps I rushed over that point a little too fast.

mosh requires ssh. There CANNOT be a mosh-only host which would require me to have a mosh client or have no remote access, unless it's by deliberate brain-dead policy -- so when mosh gets, say, 5% uptake server-side, there's still no good reason for people to get a mosh client, and so there's no good reason for the other 95% to add it. This is the OS/2 thing, where it (allegedly) died largely because it ran Windows apps so well, nobody bothered coding OS/2-specific apps.

ssh does NOT require telnet. It's quite possible (and, these days, incredibly common) to have ssh and not have telnet, if only for password security. And once you have 5% ssh-only servers, everyone needs both ssh and telnet clients; once they have them, other servers can be upgraded at leisure. It breaks the chicken-and-egg problem.

So ssh has a worthwhile feature, and a workable upgrade scheme.
mosh has no worthwhile (to me, YMMV) features, and a self-frustrating upgrade scheme.

The similarity you think you saw just isn't there in reality.

Re:Why would I want this compatibility break?

[Kidbro]

I'm sorry, but that is simply not true. At least not outside the English only speaking world.

ls -l may still be ls -l, but its man page, and the filenames it spits out on stdout are localized, with non US-ASCII characters. The files we view with cat and less are filled with non US-ASCII characters.

Re:Why would I want this compatibility break?

[Jesus_666]

On the other hand that's also an argument for why HTML5 video is pointless: We already have Flash and it has a near-100% install base. HTML5 video doesn't add killer features; Flash already does pretty much everything we want in embedded video.

Oh, wait. Flash doesn't play well with mobile browsers. Just like ssh, really, since everytime you switch from one wireless cell to another you may get a new IP address, which would kick you out of your ssh session with no indication that it happened. Which is exactly what Mosh is designed to avoid. The local echo is not the primary feature here.

As for requiring ssh: You could suggest a completely standalone version to the developers. Perhaps Mosh v2 won't need ssh for setup then.

Re:Why would I want this compatibility break?

[hobarrera]

Except the fact that this only solves a problem that exists today (bad 4G coverage, for example), instead of a permanent one (insecure).

Re:UDP for a connection which has to -reliably- se

[ZorinLynx]

If they implement their own TCP-like layer over UDP, there's no reason it can't be just as reliable.

It's kind of hard to do things like roaming using TCP because endpoint IPs can change.

OCB Mode is Toxic.

[TechyImmigrant]

We tried to put OCB mode in 802.11i. So IBM sent a guy to explain the 'licensing terms' for their patents on OCB mode. The next vote in 802.11i after that presentation was to replace OCB mode with CCM.

Until the patents expire or are freely licensed, OCB mode should be considered off limits for free and open projects.

Re:OCB Mode is Toxic.

according to Wikipedia:

Two U.S. patents have been issued for OCB mode. [1] However, a special exemption has been granted so that OCB mode can be used in software licensed under the GNU General Public License without cost, as well as for any non-commercial, non-governmental application. Since the authors have only applied for patent protection in the U.S., the algorithm is free to use in software not developed and not sold inside the U.S. [2].

Re:OCB Mode is Toxic.

[mikechant]

The patents are freely licensed for any GPL software; see link for details.
http://www.cs.ucdavis.edu/~rogaway/ocb/offer.htm

Mosh appears to be GPL:
https://github.com/keithw/mosh/blob/master/COPYING

Re:OCB Mode is Toxic.

[vlm]

It would be an interesting battle. I read the Rogaway original paper years ago and he was granting free use to anything GPL licensed. For a more modern view you can also see"

http://www.cs.ucdavis.edu/~rogaway/ocb/license.htm

I've looked into MOSH recently, and it is GPL. The battle would be, does mosh live under Rogaway's OCB patents which makes it free, or IBMs patents, which makes it unclear... From a "money is justice" perspective, I donno if ucdavis would win against IBM, but they'd have better odds than "just a bunch of random hackers" vs IBM.

To burn an informative couple hours on the topic, simply google for "rogaway OCB" and start reading.

Re:OCB Mode is Toxic.

[snadrus]

Is this a joke? Have you noticed how much Apple approves of patents, the ultimate anti-freedom license?

Other improvements ?

[redelm]

IP roaming looks nice & ought to be secure with the right steps (no reply from old IP:port, correct cryto negotiation with new IP:port).

But LOCAL ECHO is a big problem -- applications have to be aware of it. On CLI, many keystrokes are commands, not text to be entered. On vi in command-mode, G goes to the last line.

Personally, a bigger thing is traffic reduction, particularly keystoke combining. Nagel's algorithm is a start, but I've modded ssh to delay and buffer likely-text keystrokes for a short time (400ms) while letting likely commands through immediately to retain responsiveness. The delays aren't irksome, and I reduce outbound traffic by ~80%.

Re:Other improvements ?

[Arathon]

It looks like local echo can be turned off with a runtime flag. Additionally, my few experiements with it indicate that it somehow is intelligent enough to properly interpret command keystrokes as such.

Missed from summary

mosh is not made to replace ssh but to work with its aid. from page 3 i'm not exactly sure how could user remotely login using Kerberos (in contrast to ssh), but it essentially is a user process started over ssh, wrapping a shell like screen on server.

only problem i can see is the firewall/portforwarding bypassing; if all UDP packets are encrypted and from/to random ports there's no way your iptables is going to pick that one up.

i can't see any idle traffic or re-keying being specified, though i guess it's easy to add later on. i'll definetly try this out, once i can get it through NATs.

Re:Missed from summary

[vlm]

i can't see any idle traffic ... being specified

I looked into MOSH in detail a little while ago and the keepalive packet is every 3 seconds or 3 packets per second can't remember which.

It was often enough to make me pause... that's a lot of traffic if you're metered and paying by the K and/or powered by battery...

Re:Missed from summary

[kangsterizer]

note that ssh does that too and you can configure the amount of time, and/or turn it off entirely (which has its advantages, if connection breaks and comes back you don't lose the session at all. if you change ip, it takes however forever to figure that out)

Why was a fork necessary?

[batrick]

I see no rationale for not helping to improve SSH. This shit shouldn't be encouraged.

Re:Why was a fork necessary?

[TeknoHog]

Moreover, I regard Mosh as solving a higher-level problem, and it is simply good Unix style to use another application on top of ssh. There are also many use cases where ssh does not need these improvements, so it is better to keep the core protocol simple.

Re:Why was a fork necessary?

[Anrego]

Once something becomes widely used and stable, making drastic changes becomes next to impossible.

That's why we went CVS -> SVN -> git. Too many people were using CVS to make the changes made in SVN. Too many people are using SVN now to fix the (very old and oft complained about) problems with SVN.

See also NFS. There are issues with NFS that people have complained about for years.. and they will never be fixed for the same reason.

Re:Why was a fork necessary?

[batrick]

Because writing a new RFC for the SSH protocol and then improving the current ubiquitous OpenSSH is an unheard of undertaking.

Re:Why was a fork necessary?

[Arathon]

It's not a fork no matter how you slice it, and it runs over SSH. Mosh will wrap other comms systems as well. Hate to say it, but.... RTFA.

Re:Why was a fork necessary?

[batrick]

From the article:

> Mosh is a replacement for SSH.

It might not fork the code but it forks the concept.

> Hate to say it, but.... RTFA.

Not an article.

Nothing in that page for mosh did I get the impression it could not be ported to OpenSSH.

Re:Why was a fork necessary?

[WuphonsReach]

Yes and no. SVN is a lot younger and thus can more easily adapt. For instance, in 1.7, they changed from having those .svn folders in every single directory in your working copy and moved it all into a central .svn folder for the entire working copy. Which opens up some possibilities (now that the code is cleaner) that it might get some "git-like" features.

SVN isn't as fossilized as CVS, but it's still a server-centric architecture, not a distributed version control system. Which has its benefits and drawbacks, just like DCS.

(Mostly, if you have less-then-perfect employees, a central repository system is better - because you can back everything up from a central location. With a DCS, you have to trust that the important bits get pushed into a repository that does get backed up.)

Younger coders usually think they know best..

[Viol8]

Then they discover there was usually a good reason for something being done the way it was in the past. Eg local echo was very useful for line buffered programs such as MUDs and chat servers or even talking to SENDMAIL or an FTP server directly. It was easier to write the server to cope with just line by line rather than character by character and it used up less network resources in the process.

Re:Younger coders usually think they know best..

[Malties]

These younger coders don't know what network lag is. In my day I had a connection that was so slow I could type faster than my 150 baud modem could send the keystrokes.

Re:Younger coders usually think they know best..

[Lawrence_Bird]

Hmmm.. I think you are fibbing.. the next step up from 110 baud was 300... and I surely date myself with that knowledge. I miss my LA-120.

Re:Younger coders usually think they know best..

[mbadolato]

When I had my Atari 800, I got an MPP-100C modem. It was a 300, but could go to 450. So if I dialed into a BBS that had a 1200 baud line, WOOHOO!

Re:Younger coders usually think they know best..

[gregben]

My first computer experience (1972) was at 110 baud, banging away
on an ASR-33 Teletype connected via leased line to a DEC PDP-8 running Dartmouth Basic.

I'd get up and run a lap around the building for fresh air while printing
a program listing. Data rate in/out was 10 CPS (Characters Per Second).

I recall proudly showing my dad the program listing at home, unrolled on the living room floor at about 10 or 12 feet long...

Re:Younger coders usually think they know best..

[Drishmung]

150bps backchannel on a 1200bps modem. I.e. 1200/150 so typing (uplink) would certainly be 150bps.

Here is a data sheet for such a modem

Re:Younger coders usually think they know best..

http://en.wikipedia.org/wiki/V.23

1200bps/75bps was common for the German Bildschirmtext.

Re:Younger coders usually think they know best..

[Lorens]

Until about 1996 I regularly used a Minitel (v23, http://en.wikipedia.org/wiki/Minitel) 75 bps upload, no chance of it keeping up even with a crappy keyboard!

Firewalls

[Alarash]

Reading the linked research paper a bit, and something strikes me.

We use the existing infrastructure for authenticating hosts and users. To bootstrap an SSP connection, the user ïrst logs in to the remote host using conventional means, such as SSH or Kerberos. From there, the user or her script runs the server: an unprivileged process that chooses a random shared encryption key and begins listening on a UDP port. The server conveys the port number and key over the initial connection back to the client, which uses the information to start talking to the server over UDP.

You open a SSH connection (client->server:22). This port is allowed on the firewall, it lets you through. But then the server decides to listen on UDP:(random port) and tells the client, back through the (encrypted) initial connection, which UDP port to contact. So you initiate a SSP UDP session on that port. How does the firewall knows it should let you through? Since the port number is communicated on an encrypted session, it doesn't have access to that information. So how does this work in a secure environment? The paper doesn't mention any mean for the server to communicate with the network which port its listening on.

Re:Firewalls

[jimicus]

Welcome to Yet Another Protocol Devised By Academics Who Have Not Been Near a Real Network in Twenty Years, If Ever.

Or YAPDBAWHNBNARNITYIE for short.

Re:Firewalls

[jochem_m]

Not having read TFA and going purely by the quote in the parent, I would assume that the key is random ("chooses a random shared encryption key") but the port is not ("begins listening on a UDP port").

Re:Firewalls

[inject_hotmail.com]

You open a SSH connection (client->server:22). This port is allowed on the firewall, it lets you through. But then the server decides to listen on UDP:(random port) and tells the client, back through the (encrypted) initial connection, which UDP port to contact. So you initiate a SSP UDP session on that port. How does the firewall knows it should let you through? Since the port number is communicated on an encrypted session, it doesn't have access to that information. So how does this work in a secure environment? The paper doesn't mention any mean for the server to communicate with the network which port its listening on.

My guess is as good as anyone else's, but I surmise it does a bit of packet trickery. Once device A (behind firewall) is connected to device B (may/may not be behind firewall, but at least one port is open, 22 by default in this case), device A can create an SSH tunnel...they really are rather neat and VERY useful as a means of security. For example, I have webmin running on a server, but its port (10 000) is blocked by the firewall. Once I connect to SSH I can redirect packets to a certain IP:Port combo (device A's IP:Random Port#) to the servers local address (127.0.0.1) and new UDP port, and voila: hidden/secure/direct connection. One can even make a tunnel in the other direction, so that the server can connect to a remote device in the same manner, and any application won't realize that it's even connecting to anything outside of its network.

Whomever thought of and implemented SSH tunnels is a master genius. I would shake his/her hand if I ever saw them.

Re:Firewalls

you just open the whole range UDP 60000:61000
Needless to say "woot".

Now you could add an iptables module for example, that detect inbound SSH (SSH banner is cleartext), then allow 60000:61000 UDP for the same IP and keep it open until timeout.. now of course this break mosh's reconnect feature if you let your laptop sleep more than 5minutes. Well, fuck mosh then.

ssh can auto reconnect (autossh, kitty.exe) and with screen or tmux you keep state.
ssh can local echo (not open ssh, but android's connectbot does for example - even if its not as neatly implemented)

what you're missing is the streaming of SSP which means, scrolling, ^C, etc, are an issue on SSH (try cat /var/log/messages and ^C on a non-local connection)
those are the only real things mosh/SSP bring to the table

Re:Firewalls

[kangsterizer]

no it is not. security is made of layers.
you let UDP out (and actually for mosh you need UDP in, because unlike you, I tried), and anyone can use this to get a remote shell among other things.
udp in makes this easier than that of course

but hey that ok, lets remove all firewalls, AC said its better.

Re:Firewalls

[DarkOx]

So how does this work in a secure environment?

I would say for the most part it work just like every other protocol that requires inspection by the gateway/firewall device. It will look inside the data stream and fish out the port / address numbers, then store them for later use; it might even change them suit its needs going out. "It can't do that if its encrypted!" you say.
  Get with the times if your gateway device does not intercept and MTIM tls/ssl/ssh traffic that you otherwise allow out you are not in a "secure environment".

In this case the server you are connecting to would be in the security zone and behind the MTIM proxy which you have to trust. If you are also in a security zone controlled by someone you don't trust that is MTIMing you like any other protocol you cannont use it to connect to secure services.

Re:Firewalls

[kangsterizer]

Does not make sense tho.
They use UDP to bypass the buffering delays of TCP
If you tunnel UDP in TCP, well.. while you get local echo and state saving.. you might as well type ssh blah.com screen -rd. autossh also auto reconnect 'n stuff. kitty.exe on windows.

Re:Firewalls

[tzot]

> Since the port number is communicated on an encrypted session, it doesn't have access to that information. So how does this work in a secure environment? The paper doesn't mention any mean for the server to communicate with the network which port its listening on.

I assume that mosh relies on stateful firewalls allowing outbound UDP packets. So, given that the ssh channel allows handshaking, here's what I guess happens:

- Client C connects to Server S through ssh.
- Server S picks a port P, and sends a dummy UDP packet to C:P. This packet won't reach C, but any stateful S-protecting firewalls make note of the packet S:P to C:P and know that a packet C:P to S:P should be allowed.
- Client C starts exchanging packets with S, both using port P. After the first C:P to S:P UDP packet, any stateful C-protecting firewalls now will allow S:P to C:P packets.

Of course, I might be completely mistaken :)

After all, a connection is defined as the (local ip, local port, remote ip, remote port) tuple.

Re:Firewalls

[Alarash]

That was the point of my OP. The paper doesn't describe what you said. It says the client initiates the Mosh UDP session once it got the destination UDP port (the port the server listens on) from the SSH session. A firewall would never allow that. Also, opening a wide range of ports is a... let's say... challenging idea. This goes against all rules of network security known to network administrators.

Re:Less is More

[phantomfive]

As with TLS, I'd like to see any future revisions of these secure protocols trim more fat.

Dude, SSH is half a meg. Calm down.

Re:Less is More

[phantomfive]

When you're operating on a slow wireless connection with an already high amount of traffic on it, every bit counts.

Um, then don't download SSH over a slow wireless connection? Download over a high-speed wired connection and side-load it onto your device.

Re:UDP for a connection which has to -reliably- se

[batrick]

> It's kind of hard to do things like roaming using TCP because endpoint IPs can change.

Bullshit. With UDP you have to abstract the connection so that the source IP can change. With TCP you can do the exact same fucking thing. Close the old socket when you get a connection attempt from a new client with the right handshake.

Re:iMosh

[vlm]

Is there a mosh iOS app?

They're promising a droid app soon, for the Daft Punk fans...

Red ball, Green ball

[hedronist]

Oh God! The flashbacks are killing me! Back in the mid-70's I worked for Tymshare (sister company/parent/?? of Tymnet) doing load testing on a project called OnTyme (commercial email). I was hip-deep in the Tymnet protocol trying to record and then re-create realistic pseudo-user-loads from different points in the country. Massive PITA.

Re:Less is More

[inject_hotmail.com]

When you're operating on a slow wireless connection with an already high amount of traffic on it, every bit counts.

Aw man! Nerdiest double-entendre ever! I'm jealous.

Re:Less is More

[vlm]

As with TLS, I'd like to see any future revisions of these secure protocols trim more fat.

Dude, SSH is half a meg. Calm down.

The problem with "Arcane ciphers, modes, etc" is not executable size at all, but security.

For example, MD2 finally go the axe from openssl back in '09, not because md2 took up too much executable space, but because it was obsolete small / psuedo-broken. I call it psuedo-broken because they crypto guys would call it broken, cracked wide open, but its not totally broken like DRM or copy-protection schemes. Its still has got about 50 bits or so of security, and for many apps that's more than enough, as long as you go in eyes wide open that its a "50 bit hash" not a "128 bit hash". Anyway in '97 md2 was looking shaky, and in '04 it was psuedo-broken, so it should have gotten the axe around 97 to 04, not wait until '09....

You don't want the "ssh of a new decade" to support all kinds of cruft that can be used to exploit it later on. Using md2 in mosh, for example, would be a bug not a feature, or merely a waste of executable code size.

Re:Less is More

[inject_hotmail.com]

As with TLS, I'd like to see any future revisions of these secure protocols trim more fat.

Dude, SSH is half a meg. Calm down.

I think buddy's point is that SSH should deprecate support for old crypto libs because no one uses them anymore, and they are sort of an Achilles Heal...look at how easily GSM can be subverted because it supports old cypher protocols (and even one that is "No Encryption" encryption!)...anyway, point is: get rid of the stuff no one uses anymore, use only strong crypto with no option for in-the-clear, to reduce the potential for security issues. Our good friend AC just isn't so verbose about his idea...

Roaming is not needed in mom's basement.

[Medievalist]

I see the need for this all the time. It's a commonplace in large enterprises like hospitals, factories, and financial services corporations.

Example: I'm working on my hospital laptop. I get called urgently to do something elsewhere in the hospital so somebody won't die right now. I grab the lappie and run, then when I get to the theatre I plug into the malfing imager and fix it. Meanwhile all my SSH connections died because I crossed three wireless boundaries at high speed.

Example 2: I'm on the line debugging the tension loader robot while a human continuously manually corrects the tension downthread. I find the upstream data to the robot is bad and I have to backtrack all the way across the building to find the malfunctioning sensor, then come back and double-check the robot again. All my SSH connections into the DCS keep failing because the factory floor's high RFI means we have to have lots of small loud wireless zones, and I have to keep moving among them.

Example 3: I'm in a conference room lecturing junior banksters on how to fleece grandmothers and the CEO throws us out so his pet congressman can use the room to tongue-polish his shoes for him. The next conference room is two wireless zones away, so my secure SSH tunnel into Dr. Evil's antarctic lair fails and I have to sacrifice another day trader to get the blood I need for our in-house key transfer protocol.

OK, that last example was a bit contrived but I was starting to get bored.

Re:Roaming is not needed in mom's basement.

[isama]

I'd still go with screen or tmux.

Port Forwarding?

[QuantumRiff]

Does this do things like Port Forwarding? or is this not a replacement for SSH, but almost an extension of it?

I use SSH port forwarding (both directions) compression, and stuff all the time.

Object synchronization is not new...

[Roogna]

Heck, people have done that with Objective-C remote proxies have basically been doing that as a form of RPC since NeXT days. Not to mention any other usages of it.

Re:UDP for a connection which has to -reliably- se

[agrif]

Bullshit. With UDP you have to abstract the connection so that the source IP can change. With TCP you can do the exact same fucking thing. Close the old socket when you get a connection attempt from a new client with the right handshake.

I'm a little out of my depth here, but I'd imagine it'd be much easier with UDP because UDP is connectionless. With this sort of roaming, the server isn't expected to change addresses, but the client is. So, have the client sign everything with a negotiated public key, and the server doesn't even have to care where each packet is coming from, or even open any new connections when the client moves across IPs.

Since this is an SSH replacement, I'd expect the key signing to be done already, so once you build an ordering and reliability protocol on top of UDP you essentially get the roaming for free.

Smooth scrolling terminal

[jones_supa]

As we're talking about things related to terminals, the one thing I'm still anxiously missing is a terminal emulator which implements smooth scrolling of new text, a feature that was also present in some hardware terminals a million years ago. I guess some smart guy could modify an existing terminal to support this. Heck, if I had a bit more skills, I'd roll up my sleeves and do it myself. It would be sweet.

Re:Hold on

[profplump]

Because the sequence number is part of the encrypted payload, and already-seen sequences do not update the state.

Maybe not so good with completion

Modern shells have completion, and mosh is not going to predict that.

It seems to me that for my typical usage it is going to have limited utility - I'm either in a shell where I'm leaning heavily on the tab for completion, or in vi where it would need to secondguess what vi is going to display.

Re:Maybe not so good with completion

[Lorens]

IIRC in the original telnet protocol the list of keys that prompt synchronization with the server is negotiable. Normally that would be carriage return, and going to a full-screen editor would disable local echo, but adding tab to the list when in a shell should be trivial.

So, why can't it...

[Whip]

Why can't they add local echo, predictive typing, and resumable sessions to ssh or another TCP-based protocol? Yes, TCP can *possibly* take longer to recover from network errors, but this isn't something where you can just drop some missing packets (like some audio streaming things) to keep things flowing.

It's implemented over UDP, which means you *still* have to basically do all the functions of TCP, but now you get to do them with code that hasn't been tried and tested over the past several decades. Plus a new crypto implementation on top of that. And for what? Slightly better response time during network loss, which you shouldn't notice anyhow because of the predictive typing?

UDP just seems to solve no real problems, yet *adds* a lot of problems -- the firewall problem, for one. Fresh new daemon with unknown security issues.

I see no reason why you couldn't just tunnel this over ssh and get the vast majority of the benefits -- or better yet, patch the predictive typing/session resume/etc into ssh directly. Then you get to take advantage of the decades of work and bugfixing that's already been done for the majority of your protocol stack.

(And I don't buy for a minute that it's significantly more difficult to handle session resume when it's a TCP connection...)

Re:UDP for a connection which has to -reliably- se

[smellotron]

I'm a little out of my depth here, but I'd imagine it'd be much easier with UDP because UDP is connectionless. With this sort of roaming, the server isn't expected to change addresses, but the client is. So, have the client sign everything with a negotiated public key, and the server doesn't even have to care where each packet is coming from, or even open any new connections when the client moves across IPs.

In the context of persistent logical connections, you have to consider that the TCP connection will get severed and must be re-established. It's not enough to have an open connection sitting around; if bits aren't coming from the other side, the open connection may have been physically severed by some dead networking gear or a backhoe. So you end up coding some application-level heartbeat-and-reconnect logic with logic to securely resume a session (forgive the hand-waving here).

At this point, if the "securely resume a session" bit is sufficiently compact, you are free to do the exact same logic per-packet, and you don't need to maintain a TCP connection. You lose TCP's reliable-ordering support, but the automatic-reconnect logic is typically sufficient to do without reliable-ordering. You also lose TCP's congestion control, so you'll probably need to add some application-level throttling mechanism to avoid DoSing yourself.

This is why TCP vs. UDP is irrelevant in the topic at hand. Neither is sufficient to maintain a persistent connection, and the extra logic required on top of one can typically be ported to the other.

Re:iMosh

[kyhwana]

No, because mosh is GPLed, and you can't have GPL stuff in the iphone store.
(This doesn't stop someone from reading the protocol spec and writing their own from scratch, of course)

Re:Less is More

[phantomfive]

That makes sense. My point was, it doesn't matter. If you don't want to use those protocols, don't use them.

Re:Less is More

[phantomfive]

I've never used MD2. If you don't want to use it, then don't. It doesn't hurt to have it in there.

Re:Less is More

[phantomfive]

because you trust something that you shouldn't.

Then don't trust it. I don't know why you're having trouble with this.

Can we not better

[bytesex]

Leave the roaming bit to the layer below it (TCP), or even better - below that (IP) ? It seems more appropriate to not just be able to roam ssh. Not everything is http, you know.

Re:Less is More

[tzot]

> psuedo
Us nuerotic cleuless ueropeans prefer to type "pseudo" in liue of "psuedo". I believe the game "Cleudo" is at blame for your mistake.

A brief and peculiar review

[userw014]

Mosh looked like an interesting solution to my own roaming issues - and most of my "roaming" is in-town between home and work and occasionally a public library or cafe. That, and when AT&T DSL drops my PPPoE connection and renegotiates my hope IP address at random times, sometimes several times an hour. (I live in the US - a kind of banana republic of residential networking.)

I've already got a reverse-roaming solution involving using OpenVPN to connect my laptop back to my home fileserver & printer and private IMAP server - but that's for my own convenience and my co-workers are amused.

I'm partially responsible for my own work environment - and it isn't a conventional Linux distribution (it's based on an early version of LFS). Which means that in some ways it's more secure because it doesn't include features we don't want or need (i.e.: reduced exposure surface.) But is a real pain to maintain. I've picked up the reins of other talented people - but the environment is old.

So I built Mosh. After upgrading the compiler. Patching /usr/include/endian.h. Upgrading Boost. Installing the Google Protocol thing. Installing libutempter. It took all afternoon! (I wanted to be able to share my work with other groups in our organization.)

And then I discovered Mosh wants a UTF-8 environment. Getting around that took the rest of the evening, and it depends on your shell. You can do it with "csh" - but "bash" is tricky. Then I had to patch libutempter. And patch libutempter. And patch libutempter. And patch libutempter. (My "ptsname()" call doesn't work - but neither does FreeBSD or MacOSX's.)

Anyway - mosh is SLOW. I can feel the buffer bloat it introduces.

It's interesting still. But I think a combination of OpenVPN, private networks, ssh, and even screen would work as well or even better.

Re:Less is More

[inject_hotmail.com]

The thing is, there's no way to 'untrust' those protocols. With my GSM example, A5/0 is classed as an 'encryption level', but in fact is in-the-clear. With TLS, and a man-in-the-middle attack, there's no way to know if the MITM has renegotiated the encryption to be in-the-clear. There's no way to turn off support for in-the-clear. The worry about SSH is that with older crypto protocols, a weakness may be found, and that protocol will still exist in all versions off SSH. If the attacker/MITM can force a reneg of the protocol to use the compromised version, then it's as good as not using encryption at all. None of the above offer an option to disable all older protocols. This is a problem in my and the AC's eyes.

It could be that you mean to say "just use another program that supports only fresh crypto"...that is a viable option, but less attractive to one who has used SSH and finds its features very useful.