[mosh-devel] mosh: how to resume after reboot?

Keith Winstein keithw at MIT.EDU
Tue Sep 11 17:33:40 EDT 2012

Hello Christoph,

We don't have the ability to resume sessions over a reboot of one of
the endpoints (neither does SSH). The Mosh client needs to keep around
session state (like the current sequence number, not to mention the
state of the terminal).

To do this, securitywise we would need some way for the client to
prove to the server that it is really the client, without reusing a
nonce that has already been used on the network. The "right way" is
probably to have one exchanged key that is only used for session
initialization (with a random nonce), which is used to agree on a
shared session secret used for a particular sesssion (with an
incrementing counter nonce).

Right now the Mosh security story is very simple -- there is only one
key and one incrementing counter nonce in each direction. That makes
it easy to analyze, and I believe makes us more secure than
SSL/TLS/SSH/DTLS (all of which have been security nightmares). But it
does mean we can't so easily implement features like the one you're

In practice, many users just use a screen or tmux session and use mosh
to reattach to that upon reboot. Of course that requires a new SSH and
a new round of authentication.


On Tue, Sep 11, 2012 at 6:23 AM, Christoph Thielecke
<christoph.thielecke at gmx.de> wrote:
> Hello Keith,
> first, mosh is a great solution which I'm missed for a long time.
> Now, its working but one piece I'm miss:
> The possibility to resume mosh sessions on reboot.
> I wrote a script (see below) which saves the mosh sessions (ip, port, key) and
> generate a shell script for starting mosh-client with the env vars, ip and
> port. But resume does not work. Could get it working? That would be great :)
> script for save mosh sessions:
> #!/bin/sh
> ########################
> INSTANCES_RUNNING=$(ps axu | egrep "^$USER" | grep mosh-client | grep -v grep)
> IFS=$'\n'
> echo > "# mosh state created at $(date)" > $MOSH_INSTANCE_STATE_FILE
>         INSTANCE_PID=$(echo "$INSTANCE" | awk {'print $1'})
>         INSTANCE_KEY=$(cat /proc/$INSTANCE_PID/environ | tr "\000" "\n" | grep
> MOSH_KEY | cut -f 2 -d '=')
>         INSTANCE_PREDICTION_DISPLAY=$(cat /proc/$INSTANCE_PID/environ |
> tr "\000" "\n" | grep MOSH_PREDICTION_DISPLAY | cut -f 2 -d '=')
>         INSTANCE_HOST=$(echo "$INSTANCE" | awk {'print $8'})
>         INSTANCE_PORT=$(echo "$INSTANCE" | awk {'print $9'})
>         INSTANCE_SSH_USER=$(echo "$INSTANCE" | awk {'print $6'})
>         echo "export MOSH_KEY="$INSTANCE_KEY""
>         echo "mosh-client $INSTANCE_HOST $INSTANCE_PORT" >>
> done
> unset MOSH_KEY
> Mit freundlichen Grüßen
> Christoph
> --
> Linux User Group Wernigerode
> http://www.lug-wr.de/
> _______________________________________________
> mosh-devel mailing list
> mosh-devel at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mosh-devel

More information about the mosh-devel mailing list