[mosh-users] How can I mosh over multiple hops (for example, via tunnel or ProxyCommand)?

[Keith Winstein]

How would you propose to let the client roam, if the proxy is unable to
authenticate the client's datagrams?

One option is to just send replies to the source address of the most recent
datagram to arrive on the datagram socket -- authentic or not. But I'm
worried this will be too flaky, since it's pretty easy to have stray UDP
packets arrive (especially if there might be an old mosh client still
sending to the same port number...). And it certainly won't be secure
against a malintentioned adversary.

-Keith


On Mon, Mar 31, 2014 at 4:52 PM, Mark Stillwell <marklee at fortawesome.org>wrote:

> > I like the idea of a relay or proxy -- the problem I've been having is
> that
> > it's hard for the relay to let the client roam securely unless it can
> verify
> > that datagrams coming in from a new source address are authentic. But it
> > can't verify that unless it has the plaintext session key, which (1)
> ideally
> > it would not have (2) even if you did give it to the proxy, how would you
> > set up the UX to do that in a sane way?
> >
> > Perhaps in a protocol revision, we should thing about using an Ed25519
> > signature so that a chain of proxies along the way can authenticate the
> > datagram without also needing to be able to decrypt.
>
> I don't think we need the proxy to do verification/validation. We just
> need something that will easily set up the udp/tcp tunnels over ssh
> and respawn the ssh connection when it goes down (assuming that
> password-less ssh logins are configured correctly, and for the mosh
> client/server to be tested in this environment to figure out what can
> be done to avoid the packet tampering errors.
>
> --
> Mark Lee Stillwell
> marklee at fortawesome.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-users/attachments/20140331/a8674a4f/attachment.htm