Richard Bucker

Mosh is a bit of a pit

Posted at — Apr 10, 2012

[Update 2012-12-07] Thanks to Curtis for bringing me back to this post. For a second I thought that maybe I was overly critical of Mosh as it was a while ago when I wrote this article. So I revisited the Mosh site and it’s pretty much the same as I remember it. They might be supporting a few more operating systems or environments but it is close. For me the news is that it is the same product as I originally reviewed. The underlying implementation is the same. That SSH is not IP locked is actually a security risk I had not considered originally and as one of the attendees asked… how many ports do I need to open in my firewall? To which the answer was “as many as the number of connections”. Roaming is a hard problem. It’s probably the reason Google’s apps are implemented the way they are.I was enticed by the mosh project homepage. After I started the install on my OSX box I realized it was a mistake and against my user admin principles and best practices.(a) the port command required that I do a selfupdate.This should have been the first and only warning. There were going to be many more upgrades after this… and there were. It was painful and it currently risky. Not that anything bad has happened yet. I’m just a little concerned.(b) once I got things compiled… I tried to connect to my favorite servers. That was a mistake too. My remote servers did not have the mosh server installed and quite frankly I’m not going to either.(c) userspace my ass. The homepage suggests that mosh can be installed in userspace. This is not the case when you install via port.So this was a waste of time.I do not care much about the bugs in ssh. Besides mosh uses ssh to tunnel. So where is the real benefit. I was drawn in my slick marketing. sigh. Anyway, ssh+tmux or screen is more than satisfactory. In hindsight… how plausable is UDP for ssh’ing? The last thing I want is my keypresses broadcasted around the planet. Not a very good security plan.