[mosh-devel] JuiceSSH STPClient Resuming

[Keith Winstein]

Hi Tom,

(1) Running mosh-client as a subprocess at arms length sounds fine to me.
Just wanted to make sure we don't have to worry about it, e.g. if you were
linking or doing a closer binding than that.

(2) Yes, you would be able to repeat the operation of saving and restoring
a session as many times as you like -- each time you save, you would create
a new saved state. Each such state could only be restored once.

(3) My guess of the way we would enforce this "use once" property is as
follows. To resume mosh-client from a saved state, JuiceSSH would give it a
filename where a different mosh-client had previously written out its saved
state. mosh-client will open() this filename, check that the open
succeeded, unlink() the filename, check that the unlink() succeeded, and
then read and use the saved state. We should check to make sure this really
does eliminate a race condition where two mosh-clients get started at
nearly the same time with the same stored state.

(4) Re: your ideas, once you start talking about copying the saved state
around to different machines I get nervous! :-) We really do not have the
crypto support to do this robustly, i.e. to prevent the same nonce from
getting sent twice with different data. We may have to think about protocol
modifications that allow the key to rotate if you are serious about wanting
this. Otherwise it makes me uncomfortable.

Having the server detect this and deny one of the clients updates doesn't
help -- once there are two different ciphertexts out there with the same
key, same nonce, and different plaintext, it's basically game over. And the
server may not be able to detect it if an adversary can prevent one set of
datagrams from reaching the server.

Cheers,
Keith

On Sun, Aug 4, 2013 at 6:10 AM, Tom Maddox <tom at sonelli.com> wrote:

> Hi Keith,
>
> Brilliant, it looks like we're gonna be able to get this sussed out then.
>
> So, the licensing stuff. We're building mosh-client from source on a
> dedicated build server and then including that binary with our app to run
> as a subprocess. We've also included (as of this release) an About page in
> our Settings Menu which displays information and licenses of all open
> source projects used, including the GPL notice.
> Our application isn't open source as that would rather quickly make our
> in-app purchase worthless however, mosh and other open source dependent
> features are included within JuiceSSH's core functionality and will never
> require a purchase. Whilst we don't want or expect to ever make a huge sum
> of money through pro-pack purchases, we do have some hosting and test
> device costs we'd like to cover.
> If you feel that we're not meeting the requirements of mosh's license,
> we'll be happy to do our best to make changes to that end.
>
> I think I understand what you mean by only allowing a restore to happen
> once from a serialised state. But just to check, if a session had been
> restored in a new process successfully, would we then be able to repeat the
> save state and resume later procedure?
>
> The kill signal solution with the state printed stdout should definitely
> be workable. It'll take a bit of work to intercept the io streams before it
> reaches the terminal but it's certainly not impossible.
>
> A couple of ideas that come to mind with this functionality:
>
>    1. JuiceSSH has a pro feature called CloudSync which keeps devices in
>    sync with AES-256 encrypted backups. There's the potential to use this or
>    NFC to add some "Resume on tablet" functionality.
>    2. Is there anything server side that would prevent a state being
>    reused more than once? For example, if a connection is made where the
>    client's state is older than that of the last recorded client state, then
>    the new client (in the older state) is denied updates.
>
> Thanks again,
> Tom
>
>
> Tom Maddox
> *Co-founder, Sonelli Ltd*
> tom at sonelli.com | https://sonelli.com
> JuiceSSH - Free SSH client for Android<https://play.google.com/store/apps/details?id=com.sonelli.juicessh>
>
>
> On 4 August 2013 04:57, Keith Winstein <keithw at mit.edu> wrote:
>
>> Hi Tom,
>>
>> Thanks for getting in touch. We can work with you to serialize the state
>> of an STMClient object and restore it later. We are eager to see an Android
>> Mosh client in the Play Store.
>>
>> The major major constraint here is that you can only restore from a
>> serialized state *once*. We will want mosh-client to erase the serialized
>> state before using it to make sure it can't be reused. The reason is that
>> if you reuse a crypto sequence number (the nonce), that blows everything.
>>
>> How would you like to communicate with mosh-client that you want it to
>> quit and dump state? You could just send us a SIGUSR1 or something and we
>> could write it to stdout bracketed with something like BEGIN MOSH SAVED
>> STATE if that works for you. And then if you give us a filename on startup
>> (that we can erase), that would work fine to restore.
>>
>> I should ask -- are you running mosh-client as a separate binary or are
>> you linking against it? (If linking against it, just to check, is your app
>> under the GPL too?)
>>
>> Also, what sort of timeframe are you looking at for your release?
>>
>> Cheers,
>> Keith
>>
>> On Sat, Aug 3, 2013 at 1:34 PM, Tom Maddox <tom at sonelli.com> wrote:
>>
>>> Hi,
>>>
>>> We're currently beta testing MOSH integration with our Android SSH
>>> client, JuiceSSH, of which the progress can be followed in our G+
>>> community<https://plus.google.com/u/0/communities/110428419162168502506>
>>> .
>>>
>>> One issue that has been raised so far is battery usage. Currently when
>>> JuiceSSH has any active connections, there is a service running which holds
>>> a device wake lock and polls the connections for failures. Seeing as Mosh
>>> sessions should always be resumable, and as Keith pointed out, this
>>> shouldn't be necessary in the case of Mosh.
>>>
>>> Keith implied that he may be able to help us save the state of a
>>> mosh-client process, allowing for it to be resumed in the future.
>>>
>>> I've planned the majority of how to exclude Mosh sessions from wake
>>> locks and connection polling, and I'm confident that we'll be able to catch
>>> the point that the state should be saved and then finally I know how we
>>> could implement an "if-process-not-running-attempt-resume"-esque session.
>>>
>>> But the bit I'm not sure about is how to get the state, what form it
>>> will be in, and then how to reuse it.
>>>
>>> Having looked through the research paper and checking out the
>>> presentation, it would appear that this functionality is not yet in place.
>>> If so, and this functionality is new, then one solution I can think of
>>> would be the ability to run "mosh-client <IP> <Port> --resume-from-state
>>> [<State-Related-Params>|<State-File>]" to resume the process and perhaps a
>>> certain kill signal could result in mosh-client printing it's state just
>>> before it finishes.
>>>
>>> Any thoughts or help would be really appreciated. We're both very
>>> excited here about how convenient and nice this tool will be. As a couple
>>> of SysAdmins that wrote JuiceSSH mostly during our commutes on trains, we
>>> certainly appreciate the benefits!
>>>
>>> Thanks and regards,
>>> Tom
>>>
>>> Tom Maddox
>>> *Co-founder, Sonelli Ltd*
>>> tom at sonelli.com | https://sonelli.com
>>> JuiceSSH - Free SSH client for Android<https://play.google.com/store/apps/details?id=com.sonelli.juicessh>
>>>
>>> _______________________________________________
>>> mosh-devel mailing list
>>> mosh-devel at mit.edu
>>> http://mailman.mit.edu/mailman/listinfo/mosh-devel
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20130806/ecf594c9/attachment.html