[mosh-users] Using Mosh for Multi-Hop scenarios

Keith Winstein keithw at MIT.EDU
Fri Apr 27 23:46:11 EDT 2012 

Hello Julian,

We are planning to support mosh-over-SSH in the future, which may help
you out here.

In the mean time, why not just run mosh on the intermediary box?

Cheers,
Keith

On Mon, Apr 23, 2012 at 12:42 PM, Julian Pawlowski <mail at loredo.me> wrote:
> Hi all,
>
> I am flashed since I got to know Mosh - this new concept is not only
> great, it actually works!
> Thanks for this guys, also for the ongoing keen development in such a
> short time.
>
> Now that I know of the benefits using Mosh, I would like to use it
> also for some automatic multi-hop scenarios. It seems this is not
> possible yet but let me describe what I have been trying.
>
> Currently I am running a central SSH gateway to proxy incoming and
> outgoing SSH connections through our firewall which in short looks
> like this:
>
> ----------snip---------
>
> Workstation ------- SSH GW -------- Server
> |----1st SSH Tunnel------|
> |----------------2nd SSH Tunnel----------------|
>
> [~/.ssh/config on client]
> Host int-serv.domain.tld int-serv
>        HostName int-serv.domain.tld
>        User root
>        ProxyCommand ssh -q -A -e none connect at ssh-gw.domain.tld %h 2>/dev/null
>
> [/home/connect/.ssh/authorized_keys on ssh-gw]
> no-port-forwarding,no-X11-forwarding,no-pty,command="/bin/netcat -q1
> -w5 ${SSH_ORIGINAL_COMMAND#* } 22 2>/dev/null" ssh-rsa AAAAB[.....]==
> user at workstation
>
> ----------snap---------
>
> Using this setup I can simply type "ssh int-serv" to connect to my
> internal server.
> (I know there is option "-w" in SSH client but as I don't want to
> allow general port forwarding through the gateway I'm still using
> netcat)
>
> Also benefit: As SSH-gw is dual-homed, I can connect to my IPv6-only
> hosts via normal IPv4 when I don't have an IPv6 connection available.
>
> Now I was thinking about how to add mosh to this setup. Unfortunately
> Mosh seems not to work together with ProxyCommand as of now ("is SSH
> ProxyCommand disabled?).
> Although running "mosh root at ssh-gw.domain.tld -- netcat
> int-serv.domain.tld 22" directly at least gives the OpenSSH server
> welcome text it does not work as a ProxyCommand.
> Not sure if this is related to the missing (but planned) port
> forwarding feature or if it's because we would be tunneling TCP via
> UDP...
>
> An alternative way would be something like this:
>
> "mosh root at ssh-gw.domain.tld -- ssh -A int-serv.domain.tld"
>
> which actually works for general shell access but would not allow all
> the features a direct connection (or the SSH double tunnel) would
> provide.
> What's not working here of course is single sign via SSH-agent
> (because of lacking port forwarding feature) or or at least usage of
> ssh key (at least as I don't want to install it on the gateway
> machine).
>
> So here comes the one million dollar question: Do you already have a
> future plan for such scenarios? :-)
>
>
> Cheers,
> Julian
> _______________________________________________
> mosh-users mailing list
> mosh-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mosh-users

More information about the mosh-users mailing list