By
April 27, 2018

MOSH IS THE NEW SSH

  MOSH SSH

Overview

As a seasoned Linux Administrator, SSH has been your best friend for years. Times have changed, you are no longer constrained to a desktop in a windowless room surrounded by server racks. You are on the move and it is time you moved to the next generation in remote shell. This article talks about MOSH (Mobile Shell) and how you can install it on your servers for seamless server management

MOSH – Mobile Shell

Released in 2012, MOSH was created to provide a way for SSH connections to remote servers to be persistent across networks. You could connect to a session and move across networks (home WiFi to mobile 4G) without skipping a beat. MOSH uses UDP vs TCP, which SSH uses, allowing sessions to remain active. It is built to withstand packet loss using State-Synchronization Protocol (SSP). So much so that it even saved a man stuck in an elevator with barely sufficient phone network to moshinto the SDF MetaArray and email his way to a rescue. In a nutshell, MOSH works by synchronizing the “screen” at the server and the “client”. SSP operates via datagrams over UDP and MOSH has the distinction of being the first application out in the wild that implements SSP.

MOSH attempts to overcome the vulnerabilities that are present in SSH as each datagram is encrypted using AES-128 in the Offset Codebook mode. Authentication of each datagram is based on an incrementing sequence at client and server end. This prevents any attacker from closing a terminal as the next packet from the client will reconnect the end-points. The MOSH protocol also has a smaller attack surface (it uses SSH only for the initial connection and then hands-off connectivity to the mosh-server over UDP)

MOSH also features the ability to predict user strokes allowing the user to see his/her input on the screen almost instantly. MOSH also goes a step further and predicts what the effect of a key sequence would be and makes the change on the screen. The authors of MOSH say this brings down the median keystroke time by a factor of 100

Getting Started

Mosh is available for a wide variety of platforms and must be installed both at the client and server side. On the server side, install it using one of the following commands

sudo apt-get install mosh # Ubuntu/Debian

sudo yum install mosh # Centos

sudo dnf install mosh # Fedora

sudo zypper in mosh # OpenSUSE

For the client, use one of the following

Homebrew:

brew install mosh

Windows:

Install the MOSH chrome extension from the Chrome store

Since MOSH is built to handle slow & laggy connections, you can install these clients on your smartphone

Android:

JuiceSSH or Termux

iOS:

Blink Shell

You are all set, invoke MOSH from your client as

mosh user@servername

You will initially be asked for the password used for SSH and then the connection begins. To exit, use logoutor exit. To force close a connection, use the Ctrl-^escape sequence.

If your server is running a firewall, you may need to open the ports 60000-61000 for

UDP traffic. If you are using iptables, here is how to do this

sudo iptables -I INPUT 1 -p udp –dport 60000:61000 -j ACCEPT

Note that iptablesis not persistent across server reboots which means you need to save the rule via the iptables-savecommand

iptables-restore < /etc/iptables/rules.v4 # Ubuntu/Debian

iptables-restore < /etc/sysconfig/iptables # Centos

If you are using firewalld, you can add the port range as below

sudo firewall-cmd –zone=public –permanent –add-port=60000-61000/udp

Alternate Options

By default, when starting the connection, MOSH uses port 22 to SSH to the server. If you are running SSH on a different port, you can specify this when invoking the command

mosh user@servername –ssh=”ssh -p 4022”

You can also connect to a specific UDP port while starting mosh

mosh –p 60237 user@servername

Troubleshooting

Here are some common errors you may face

Nothing received from the server on UDP port 60004

This is usually a firewall problem. The initial SSH worked and mosh-server is running, but the firewall on the server is preventing UDP packets transmission. See the steps above to add UDP connectivity for mosh

mosh requires a UTF-8 locale

MOSH requires that both the client & server use UTF-8 locale. Run localecommand at the client end and SSH to the server and run the same command. Both commands must show something like this LC_CTYPE=”en_US.UTF-8”

mosh server not found

MOSH server is required to be on the server’s default PATH. If the mosh-server is in a different location, connect to the server with the location of the mosh-server binary like so

mosh –server=/path/to/mosh/bin/mosh-server servername

If you are still facing an issue, you can join the developers in the #moshchannel on Freenode IRC

DRAWBACKS

MOSH is a great tool to have on your machine, but no post would be complete without playing the devil’s advocate. Compared to SSH, MOSH has the following downsides

i. Installation of additional software:

MOSH works by running a terminal emulator on your server. This means that you need to install mosh(as we described above) on both your server and as a client. There is no direct Windows support (only a Chrome Extension), which might discourage a number of users.

ii. Opening a wide range of ports for mosh access:

MOSH uses the first available free port in the range 60001-60999. This means you need to open you firewall to a wider range than the typical port 22 (or the random port you choose in your sshd_configfile)

iii. No scrollback feature

Because MOSH works by synchronizing visible screen datagrams, you can’t scrollback to view output from previous commands or from a single command that displays pages of output. The creators are tracking this issue and looking for a way to implement scrollback, in the meanwhile, the recommendation is to use screenor tmux

We hope you give mosha spin and write back to us with your thoughts and feedback.

References:

https://mosh.org/

https://security.stackexchange.com/questions/13714/dangers-of-opening-up-a- wide-range-of-ports-mosh

https://www.linux.com/learn/mosh-pit-mobile-shell-replacement-ssh

Popular Stories

RELAX & RECOVER
NETWORK DEBUGGING
FLAT FILE CMS
STOP BRUTE FORCE ATTACKS
ADDING NEW USERS
UNDERSTANDING LINUX PARTITIONS

Subscribe Email