[mosh-devel] mosh without ssh?

[Weiwu Zhang]

Thanks all of you for answering my posts, and especially Keith who
listed almost all possible methods. I don't usually reply email in
half a year, except when caught in busines for too long, like now.


2013/7/2 Keith Winstein <keithw at mit.edu>:
> Pretty much _any_ means of getting the server to start a mosh-server
> process and convey the session key back to you would work. That's why
> I think writing our own authenticating daemon on top of all the
> existing ones is probably unnecessary.

Then this should also work:

Server:

1. store my public key (ssh public key for example) on the server --
while it is already on the server, in ~/.ssh/authorized_key
2. wrap mosh-server in inetd, and emit the session key encrypted with
the public key.

Client:

1. get an encrypted session key from given port.
2. decrypte it and with it establish mosh client.

Both server and client can be done with one line command, if properly
pipe the session key to cipher tools, which I don't know how to. Few
would elaborately reinvent ssh authentication using this homebrew
workaround to prevent the connection being detected as ssh, but in the
worst times in Beijing, during political events, housing area network
outgoing ssh connection attempts can get your ssh server graylisted
for days. In these critical eventful days, not a single clue should be
given to the big brother sensorship that somebody is doing ssh.

The thick Kerberos admin manual always daunts me. However it also
daunts big brother sensorship, who, I feel sure, doesn't bother to
detect Kerberos, except the version wrapped in other products like
ActiveDirectory. If somebody offers Kerberos authentication server as
an inexpesive online service like DNS, backed by his own reputation or
two cents of bitcoins, I would consider buying it just to free myself
from the manuals - my security requirement is only that it should
stand against botnet membership recruitment, not that it stands
against targeted attempts.