[mosh-users] How can I mosh over multiple hops (for example, via tunnel or ProxyCommand)?

[Mark Stillwell]

> I like the idea of a relay or proxy -- the problem I've been having is that
> it's hard for the relay to let the client roam securely unless it can verify
> that datagrams coming in from a new source address are authentic. But it
> can't verify that unless it has the plaintext session key, which (1) ideally
> it would not have (2) even if you did give it to the proxy, how would you
> set up the UX to do that in a sane way?
>
> Perhaps in a protocol revision, we should thing about using an Ed25519
> signature so that a chain of proxies along the way can authenticate the
> datagram without also needing to be able to decrypt.

I don't think we need the proxy to do verification/validation. We just
need something that will easily set up the udp/tcp tunnels over ssh
and respawn the ssh connection when it goes down (assuming that
password-less ssh logins are configured correctly, and for the mosh
client/server to be tested in this environment to figure out what can
be done to avoid the packet tampering errors.

-- 
Mark Lee Stillwell
marklee at fortawesome.org