[mosh-devel] [#413] Re: JuiceSSH STPClient Resuming

[Sonelli]

 Hi Keith,   
 Apologies for the delayed reply. I've had a busy couple of days moving house. 
   
 We can certainly make sure that JuiceSSH will only ever use a saved state only once. I enquired about server-side checks as I thought this may be necessary if you were adding the save/resume functionality to the general public mosh client. 
   
 The send to other device idea was just a spitball idea. It certainly wouldn't need to be included any time soon, and definitely not with the first iteration of resumable processes. Apologies for making you uneasy about that. Paul and I are in the habit of shouting our ideas out to each other as we have them. That way they're written down and can be revisited if we want to. 
   
 So how would you like to proceed? Whilst we're not C++ developers, we are happy to contribute however you see fit. 
   
 Thanks, 
 Tom 
  Tom Maddox 
 Co-founder, Sonelli Ltd 
 
tom at sonelli.com | https://sonelli.com
 
 JuiceSSH - Free SSH client for Android 
   On Tue, Aug  6 at 11:10 PM , Keith Winstein<keithw at mit.edu> wrote: Hi Tom, 
   
 (1) Running mosh-client as a subprocess at arms length sounds fine to me. Just wanted to make sure we don't have to worry about it, e.g. if you were linking or doing a closer binding than that. 


   
 (2) Yes, you would be able to repeat the operation of saving and restoring a session as many times as you like -- each time you save, you would create a new saved state. Each such state could only be restored once. 


   
 (3) My guess of the way we would enforce this "use once" property is as follows. To resume mosh-client from a saved state, JuiceSSH would give it a filename where a different mosh-client had previously written out its saved state. mosh-client will open() this filename, check that the open succeeded, unlink() the filename, check that the unlink() succeeded, and then read and use the saved state. We should check to make sure this really does eliminate a race condition where two mosh-clients get started at nearly the same time with the same stored state. 


   
 (4) Re: your ideas, once you start talking about copying the saved state around to different machines I get nervous! :-) We really do not have the crypto support to do this robustly, i.e. to prevent the same nonce from getting sent twice with different data. We may have to think about protocol modifications that allow the key to rotate if you are serious about wanting this. Otherwise it makes me uncomfortable. 


   
 Having the server detect this and deny one of the clients updates doesn't help -- once there are two different ciphertexts out there with the same key, same nonce, and different plaintext, it's basically game over. And the server may not be able to detect it if an adversary can prevent one set of datagrams from reaching the server. 


   
 Cheers, 
 Keith   
 
  
 On Sun, Aug 4, 2013 at 6:10 AM, Tom Maddox <tom at sonelli.com> wrote:  
 
 
Hi Keith, 


  
 Brilliant, it looks like we're gonna be able to get this sussed out then. 
   
 So, the licensing stuff. We're building mosh-client from source on a dedicated build server and then including that binary with our app to run as a subprocess. We've also included (as of this release) an About page in our Settings Menu which displays information and licenses of all open source projects used, including the GPL notice. 



 Our application isn't open source as that would rather quickly make our in-app purchase worthless however, mosh and other open source dependent features are included within JuiceSSH's core functionality and will never require a purchase. Whilst we don't want or expect to ever make a huge sum of money through pro-pack purchases, we do have some hosting and test device costs we'd like to cover. 



 If you feel that we're not meeting the requirements of mosh's license, we'll be happy to do our best to make changes to that end. 
 



  
 I think I understand what you mean by only allowing a restore to happen once from a serialised state. But just to check, if a session had been restored in a new process successfully, would we then be able to repeat the save state and resume later procedure? 



   
 The kill signal solution with the state printed stdout should definitely be workable. It'll take a bit of work to intercept the io streams before it reaches the terminal but it's certainly not impossible. 



   
 A couple of ideas that come to mind with this functionality: 
 



  JuiceSSH has a pro feature called CloudSync which keeps devices in sync with AES-256 encrypted backups. There's the potential to use this or NFC to add some "Resume on tablet" functionality. 



 Is there anything server side that would prevent a state being reused more than once? For example, if a connection is made where the client's state is older than that of the last recorded client state, then the new client (in the older state) is denied updates. 



  Thanks again, 
 
 Tom 
 
 
 
   
 
  
 Tom Maddox 
 Co-founder, Sonelli Ltd 
 



tom at sonelli.com | https://sonelli.com
 



 JuiceSSH - Free SSH client for Android 



  
   
  
 On 4 August 2013 04:57, Keith Winstein <keithw at mit.edu> wrote:  



Hi Tom,  Thanks for getting in touch. We can work with you to serialize the state of an STMClient object and restore it later. We are eager to see an Android Mosh client in the Play Store.  The major major constraint here is that you can only restore from a serialized state *once*. We will want mosh-client to erase the serialized state before using it to make sure it can't be reused. The reason is that if you reuse a crypto sequence number (the nonce), that blows everything.  How would you like to communicate with mosh-client that you want it to quit and dump state? You could just send us a SIGUSR1 or something and we could write it to stdout bracketed with something like BEGIN MOSH SAVED STATE if that works for you. And then if you give us a filename on startup (that we can erase), that would work fine to restore.  I should ask -- are you running mosh-client as a separate binary or are you linking against it? (If linking against it, just to check, is your app under the GPL too?)  Also, what sort of timeframe are you looking at for your release?  Cheers, Keith   
  On Sat, Aug 3, 2013 at 1:34 PM, Tom Maddox <tom at sonelli.com> wrote:   
 
  

 
Hi,   
 We're currently beta testing MOSH integration with our Android SSH client, JuiceSSH, of which the progress can be followed in our G+ community. 






   
 One issue that has been raised so far is battery usage. Currently when JuiceSSH has any active connections, there is a service running which holds a device wake lock and polls the connections for failures. Seeing as Mosh sessions should always be resumable, and as Keith pointed out, this shouldn't be necessary in the case of Mosh. 






   
 Keith implied that he may be able to help us save the state of a mosh-client process, allowing for it to be resumed in the future. 






   
 I've planned the majority of how to exclude Mosh sessions from wake locks and connection polling, and I'm confident that we'll be able to catch the point that the state should be saved and then finally I know how we could implement an "if-process-not-running-attempt-resume"-esque session. 






   
 But the bit I'm not sure about is how to get the state, what form it will be in, and then how to reuse it. 






   
 Having looked through the research paper and checking out the presentation, it would appear that this functionality is not yet in place. If so, and this functionality is new, then one solution I can think of would be the ability to run "mosh-client <IP> <Port> --resume-from-state [<State-Related-Params>|<State-File>]" to resume the process and perhaps a certain kill signal could result in mosh-client printing it's state just before it finishes. 






   
 Any thoughts or help would be really appreciated. We're both very excited here about how convenient and nice this tool will be. As a couple of SysAdmins that wrote JuiceSSH mostly during our commutes on trains, we certainly appreciate the benefits! 






   
 Thanks and regards, 
 Tom 
 





 
   
 Tom Maddox 
 






Co-founder, Sonelli Ltd
 
 
tom at sonelli.com | https://sonelli.com
 






 JuiceSSH - Free SSH client for Android 






 
 

 
   
 _______________________________________________ 
mosh-devel mailing list mosh-devel at mit.edu http://mailman.mit.edu/mailman/listinfo/mosh-devel   
 
 
  
 
   
 
 

   
  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20130808/67a51359/attachment.html