[mosh-devel] MOSH Ideas List 2013

Tim Watts tim.j.watts at kcl.ac.uk
Thu Dec 19 01:14:47 EST 2013 

On 18/12/13 18:52, Keith Winstein wrote:
> Thanks, Tim. Our tentative thoughts on this are to create "slosh" as a
> separate program that will fork a lightweight Linux container (with
> unshare()) in a new network namespace with a TUN device, and gracefully
> proxy all the network connections initiated from within the container to
> the server, doing the right thing in the presence of roaming,
> intermittent connectivity, or multihoming.
>
> We've been doing some testing of this strategy and looks like it will be
> pretty slick, and we'll be able to support X11 forwarding, SOCKS
> forwarding, ssh-agent forwarding, etc., without trying to bolt
> everything onto a remote terminal program. The downside is that it would
> be Linux-only unless we can figure out how to make similar containers on
> BSD or OS X. What do you think?
>
> Cheers,
> Keith

Hi Keith,

Sounds great! I agree - openssh is rather functionally fat, and 
following the unix way of "simple and specific purpose utilities" seems 
eminently sensible.

With respect to the suggestion of "proxy all network connections to the 
server" - I'm not sure if I fully understand this.

Not having actually worked with containers is probably limiting my 
understanding, so I must apologise if the following seems stupid...


If it makes the container behave like it's on a VPN where *all* traffic 
is routed to the server, then this may not actually match my particular 
usage - and quite possible other folk.

An example:

This is my work ssh tunnel

ssh -X -L10023:guardian:22 -L10001:vmcentre1:3389 -L10002:vcenter:3389 
-L10003:vclient1:3389 -L10010:vmbackup:3389 -L10011:vmmon:3389 
-L15432:db-admin:5432 -D10000 me at mypc.work

There, I have several MS RemoteDesktop tunnels (the 3389 ports), a 
postgresql tunnel, one ssh tunnel to a firewalled machine and of course 
X-forwarding.

There's also a general SOCKS5 proxy which I use in conjunction with a 
selective proxy switcher in Chrome and Firefox (FoxyProxy and similar) 
to access certain firewalled webservers.

What I'm trying to work out is how straightforward it would be to have 
some programs running inside the tunnelled container (MySql Workbench, 
PgAdmin, redesktop) whilst keeping most of my session outside of the 
container - reason being I don't actually want *all* my traffic routed 
via the server. If I did, I'd use work's VPN, but selective control with 
SSH tunnels seems to fit better.


So I guess I'd have to ask: How hard would it be to actually have two 
utilities:

1) One to offer a network proxied container - which does sound interesting;

2) Another which offered the more traditional "whole namespace 
visibility" of 'ssh -L' and hopefully could be easily ported to other OSes?

Do you think it may be possible to share a common "slosh" transport 
protocol and a common library to handle both utilities, at least at the 
lower levels?


Just some random thoughts -

Kind regards,

Tim

-- 
Tim Watts                               Tel (VOIP): +44 (0)1580 848360
Systems Manager              Digital Humanities, King's College London

Systems Messages and Notifications: https://systemsblog.cch.kcl.ac.uk/
Personal Blog:                         http://squiddy.blog.dionic.net/

http://www.sensorly.com/ Crowd mapping of 2G/3G/4G mobile signal coverage

More information about the mosh-devel mailing list