[mosh-devel] mosh without ssh?

Michael Weber michael at xmw.de
Mon Jul 1 12:02:38 EDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/01/2013 05:46 PM, Weiwu Zhang wrote:
> Hello. I believe many are attracted to mosh like me because they 
> cannot run ssh, and sad to realize, although advertised as a 
> replacement of ssh, mosh depends on ssh.

For starters, man mosh-server and man mosh-client.

On the server run:
  mosh-server new -p $randomport -- $shellprogram
you get an result like QzdRHbAWzL7eRobi75DCrz
On the client you run:
  MOSH_KEY=QzdRHbAWzL7eRobi75DCrz mosh-client $serverip $radomport
done.

Note that $serverip has to be an ip, no hostname resolution.

How you get the key from one side to the other is up to you.
Afaiks mosh-server does not allow to set the MOSH_KEY to a specific value.


> The reasons users prefer not to use ssh could be because it is
> plain out blocked. Like in Iran, or stemed, like in China†.
> 
> Nobody talked about it in email archive (at least I didn't find).
> So is there any plan to dæmonize mosh? Or to write an
> authenticating dæmon for mosh. I would write one, but my hands are
> full for the year.

> † If constant data transfer over a threshold is detected, our
> national firewall would sometimes "halt" ssh, like giving it a
> speed of 1 byte per minute. This is to maintain basic utility of
> ssh and prevent it being used as a proxy to access 'harmful
> content'.
So it doesn't block outbound port scans et al. *great*
I assume that this traffic limitiation is applied on all ports?
Setting up ssh server on non-standard ports would be too easy to
accomplish.

In general case, the ssh traffic is limited to an handshake and the
transmission of the MOSH_KEY token, not that much traffic.

But, ports hopping at a randomized, either pre-determined or as
counter-measure would be funny to have. Just like radio style
frequency hopping.

   Michael

- -- 
Michael Weber
web: https://xmw.de/
mailto: michael at xmw.de
mobile: +49 176 23754512
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHRqB4ACgkQ0rv6/C6Mk580IwCdET4aHefJIv6bv5knfkVHuYW/
7bAAn0qLa4WMxtzH6FqxSFS2Nj03X7JU
=Ay94
-----END PGP SIGNATURE-----

More information about the mosh-devel mailing list