[mosh-devel] MOSH Ideas List 2013

Quentin Smith quentin at MIT.EDU
Thu Dec 26 15:16:06 EST 2013 

On Thu, 19 Dec 2013, Tim Watts wrote:

> With respect to the suggestion of "proxy all network connections to the
> server" - I'm not sure if I fully understand this.
>
> Not having actually worked with containers is probably limiting my
> understanding, so I must apologise if the following seems stupid...
>
>
> If it makes the container behave like it's on a VPN where *all* traffic
> is routed to the server, then this may not actually match my particular
> usage - and quite possible other folk.

Yes. Network containers on Linux are basically an extension of chroot - 
instead of having / be a different filesystem, you have sockets in a 
different network namespace.

> An example:
>
> This is my work ssh tunnel
>
> ssh -X -L10023:guardian:22 -L10001:vmcentre1:3389 -L10002:vcenter:3389
> -L10003:vclient1:3389 -L10010:vmbackup:3389 -L10011:vmmon:3389
> -L15432:db-admin:5432 -D10000 me at mypc.work
>
> There, I have several MS RemoteDesktop tunnels (the 3389 ports), a
> postgresql tunnel, one ssh tunnel to a firewalled machine and of course
> X-forwarding.
>
> There's also a general SOCKS5 proxy which I use in conjunction with a
> selective proxy switcher in Chrome and Firefox (FoxyProxy and similar)
> to access certain firewalled webservers.
>
> What I'm trying to work out is how straightforward it would be to have
> some programs running inside the tunnelled container (MySql Workbench,
> PgAdmin, redesktop) whilst keeping most of my session outside of the
> container - reason being I don't actually want *all* my traffic routed
> via the server. If I did, I'd use work's VPN, but selective control with
> SSH tunnels seems to fit better.

It's just like chroot, so you could run pgadmin/mysqlworkbench/etc. inside 
the container by running them from a shell inside the container. This is 
harder with web browsers, since they like to have a single set of 
processes per user.

>
>
> So I guess I'd have to ask: How hard would it be to actually have two
> utilities:
>
> 1) One to offer a network proxied container - which does sound interesting;
>
> 2) Another which offered the more traditional "whole namespace
> visibility" of 'ssh -L' and hopefully could be easily ported to other OSes?
>
> Do you think it may be possible to share a common "slosh" transport
> protocol and a common library to handle both utilities, at least at the
> lower levels?

I haven't spoken to Keith about these ideas, but yes, I would hope that 
slosh would support both modes of operation - and the latter would 
probably be much more portable to other operating systems. Hopefully 
there will also be a way to launch slosh and mosh together (maybe even 
sharing the same UDP port?) so the ssh-like usecase can be supported.

--Quentin

>
>
> Just some random thoughts -
>
> Kind regards,
>
> Tim
>
> -- 
> Tim Watts                               Tel (VOIP): +44 (0)1580 848360
> Systems Manager              Digital Humanities, King's College London
>
> Systems Messages and Notifications: https://systemsblog.cch.kcl.ac.uk/
> Personal Blog:                         http://squiddy.blog.dionic.net/
>
> http://www.sensorly.com/ Crowd mapping of 2G/3G/4G mobile signal coverage
> _______________________________________________
> mosh-devel mailing list
> mosh-devel at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mosh-devel
>

More information about the mosh-devel mailing list