[mosh-devel] Fwd: thoughts on mosh

Keith Winstein keithw at MIT.EDU
Tue May 15 16:00:36 EDT 2012 

FYI


---------- Forwarded message ----------
From: Jacob Appelbaum <jacob at appelbaum.net>
Date: Tue, May 15, 2012 at 9:55 AM
Subject: thoughts on mosh
To: harig at mit.edu, keithw at mit.edu
Cc: Roger Dingledine <arma at mit.edu>


Hi guys,

I'm some guy who found your project, mosh, and I was really happy to
find a great example of how to make a project. I think I'll use it as an
example of inventing something awesome, punting to other tools that do
specific jobs you're not interested in solving, and generally doing a
great job at encouraging peer review. I especially enjoy your mockery of
startup culture while actually being a shining example of Free Software!
I rather enjoyed the mosh paper as well.

I have a few thoughts about mosh - they mostly come from my interest as
a Tor developer ( https://www.torproject.org/ ) but I also just wanted
to say thanks for your smart work.

First up - I was really happy with how easy mosh is to setup - I was
able to get started in less than five minutes on two different platforms
after reading half a man page. That's pretty great!

I was a bit surprised by a few things - the first is that mosh binds to
a range of high ports, I'd like it if by default it tries to bind to
5353, 53, 0 or even an ICMP socket; there's a good chance that those
first two ports won't be blocked, the third requires some hacking and
the fourth obviously requires some caps. I think it should be possible
to get the caps required without being setuid but it's obviously a
violation of your 'no special privileges' rule of thumb.

I have set my mosh client to request port 5353 (mdns) and I've found
that even on networks that tamper with DNS (transparent proxies), they
don't seem to tamper with (!) mosh traffic.

The second thing that surprised me was that mosh doesn't actually
provide total confidentiality. In some very basic packet captures on my
own laptop traffic, I saw a lot of zeros and some incrementing fields.
If nothing else, I was surprised that this allows for trivial traffic
analysis - watching a single server would allow you to correlate all of
a given user's sessions across time and locations. I might be wrong
about that but I suspect that is correct as the plaintext is all, well,
plaintext. :(

I suspect that this is going to cause mosh to be trivially filtered in
places like China or Iran, places where I very much expect to use mosh
because of latency issues.

What do you think about actually providing confidentiality for
everything? The packet lengths are already variable and the setup can
happen indirectly, so once a session is up - the rest of the protocol
could be a lot harder to classify, if you want... I'd sure like it!

The third thing is that mosh is basically the perfect thing for Tor
users with one tiny exception: UDP (!)

Tor is for TCP connections and so UDP traffic will just leak or be
dropped entirely - it depends on how the user configures things. I
generally SSH to a given host and then attach to a screen session. Gah,
if you thought SSH was slow directly, ha! It's not really very usable,
as you can imagine. The trade off is location privacy and that is worth
the cost in a lot of cases. If I had a single feature request, I'd be
able to ssh over Tor, setup a mosh session and then have the remote mosh
listener open a TCP receiver on the other end - this would allow me to
Torify the mosh client entirely - something that would make my ssh + Tor
+ screen + irssi + mutt + bash experience really usable.

What do you think of that? Is that something that might be possible as
an addition in the future? I understand from the paper that REX is close
to what I'd like but _only_ for the TCP transport. mosh is clearly
better in every single way - from ease of setup to ease of use for the
_other_ things I'd like to do, such as using my terminal!

Sadly the lack of a TCP fall-back or proxy-able operation and the
exposure of session information is something that would be worth
discussing, I think. I feel like Tor is the perfect "worst case" network
to try to work over...

I've also cc'ed Roger, the creator of Tor as I bet he'd love to see Tor
and mosh work together; I bet he'll have something interesting to say too.

All the best,
Jacob

More information about the mosh-devel mailing list