[mosh-users] Mosh & firewall

Keith Winstein keithw at MIT.EDU
Wed Apr 11 15:47:15 EDT 2012


Hello Rayson,

The problem with UDP hole-punching approaches is that they need to
work even after roaming to a new (client) IP address -- the existing
approaches generally don't out of the box.

Probably not impossible, but it will require some new development and
testing on our end and would complicate the roaming story, which right
now is very nice and stateless and doesn't even require the client to
know that it has roamed! (And for the approaches that require a
third-party helper, I dunno if we would need to set up our own or how
it works.) It's definitely on our radar though.

Best regards, and thanks for reading the paper!

Keith

On Wed, Apr 11, 2012 at 3:17 PM, Rayson Ho <raysonlogin at gmail.com> wrote:
> I'm reading the "Mosh: An Interactive Remote Shell for Mobile Clients"
> paper, which says, "To bootstrap an SSP connection, the user first
> logs in to the remote host using conventional means, such as SSH or
> Kerberos. From there, the user or her script runs the server: an
> unprivileged process that chooses a random shared encryption key and
> begins listening on a UDP port."
>
> Seems like this means that the firewall needs to be configured to
> allow this, and for NAT connections, port forwarding needs to be
> configured to handle this??
>
> I *think* UDP hole punching should be able to handle this, but then we
> need a public server for the initial connection handshake...
>
> Rayson
>
> =================================
> Open Grid Scheduler / Grid Engine
> http://gridscheduler.sourceforge.net/
>
> Scalable Grid Engine Support Program
> http://www.scalablelogic.com/
> _______________________________________________
> mosh-users mailing list
> mosh-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mosh-users


More information about the mosh-users mailing list