[mosh-devel] MOSH Ideas List 2013
Quentin Smith
quentin at MIT.EDU
Thu Dec 26 15:16:06 EST 2013
On Thu, 19 Dec 2013, Tim Watts wrote:
> With respect to the suggestion of "proxy all network connections to the
> server" - I'm not sure if I fully understand this.
>
> Not having actually worked with containers is probably limiting my
> understanding, so I must apologise if the following seems stupid...
>
>
> If it makes the container behave like it's on a VPN where *all* traffic
> is routed to the server, then this may not actually match my particular
> usage - and quite possible other folk.
Yes. Network containers on Linux are basically an extension of chroot -
instead of having / be a different filesystem, you have sockets in a
different network namespace.
> An example:
>
> This is my work ssh tunnel
>
> ssh -X -L10023:guardian:22 -L10001:vmcentre1:3389 -L10002:vcenter:3389
> -L10003:vclient1:3389 -L10010:vmbackup:3389 -L10011:vmmon:3389
> -L15432:db-admin:5432 -D10000 me at mypc.work
>
> There, I have several MS RemoteDesktop tunnels (the 3389 ports), a
> postgresql tunnel, one ssh tunnel to a firewalled machine and of course
> X-forwarding.
>
> There's also a general SOCKS5 proxy which I use in conjunction with a
> selective proxy switcher in Chrome and Firefox (FoxyProxy and similar)
> to access certain firewalled webservers.
>
> What I'm trying to work out is how straightforward it would be to have
> some programs running inside the tunnelled container (MySql Workbench,
> PgAdmin, redesktop) whilst keeping most of my session outside of the
> container - reason being I don't actually want *all* my traffic routed
> via the server. If I did, I'd use work's VPN, but selective control with
> SSH tunnels seems to fit better.
It's just like chroot, so you could run pgadmin/mysqlworkbench/etc. inside
the container by running them from a shell inside the container. This is
harder with web browsers, since they like to have a single set of
processes per user.
>
>
> So I guess I'd have to ask: How hard would it be to actually have two
> utilities:
>
> 1) One to offer a network proxied container - which does sound interesting;
>
> 2) Another which offered the more traditional "whole namespace
> visibility" of 'ssh -L' and hopefully could be easily ported to other OSes?
>
> Do you think it may be possible to share a common "slosh" transport
> protocol and a common library to handle both utilities, at least at the
> lower levels?
I haven't spoken to Keith about these ideas, but yes, I would hope that
slosh would support both modes of operation - and the latter would
probably be much more portable to other operating systems. Hopefully
there will also be a way to launch slosh and mosh together (maybe even
sharing the same UDP port?) so the ssh-like usecase can be supported.
--Quentin
>
>
> Just some random thoughts -
>
> Kind regards,
>
> Tim
>
> --
> Tim Watts Tel (VOIP): +44 (0)1580 848360
> Systems Manager Digital Humanities, King's College London
>
> Systems Messages and Notifications: https://systemsblog.cch.kcl.ac.uk/
> Personal Blog: http://squiddy.blog.dionic.net/
>
> http://www.sensorly.com/ Crowd mapping of 2G/3G/4G mobile signal coverage
> _______________________________________________
> mosh-devel mailing list
> mosh-devel at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mosh-devel
>
More information about the mosh-devel
mailing list