Entering the mosh pit
Mosh has been around since 2011 or so; the 1.3 release came out in March. It appears to be under active development and to be reasonably widely used. Mosh runs on just about any type of operating system one can imagine, and binary packages are readily available. Setup is nearly zero-effort, with one small exception noted below. In short, if Mosh meets your needs, there is little excuse for not using it.
Calling Mosh an "SSH replacement" (as the project's web site does) is not quite correct, though, for a couple of reasons. The first of those is that you still need SSH around to set up a Mosh connection. Mosh doesn't bother with little details like listening for new connections or authentication; it relies on SSH for those. Typing "mosh remote-host" will set up a connection but, behind the scenes, SSH will be used to make the initial connection to the remote host. Thus, one still has to go through the usual authentication dance — entering passwords, distributing public keys, etc. — before using Mosh. The good news being, of course, that one's existing SSH authentication setup will work unchanged with Mosh.
Once an SSH connection is established, though, the only thing Mosh uses it for is to start a mosh-server process at the remote end and to exchange keys with that process. Once that's going, the SSH link is closed and discarded; the client and server talk directly using a UDP-based protocol thereafter. That is one place where one can encounter minor setup difficulties. Installing Mosh itself can be an entirely unprivileged operation, but that may not be true of the task of ensuring that its UDP packets make it through any firewalls between the local and remote systems.
Each UDP packet is separately encrypted (using the OpenSSL AES implementation) before sending and authenticated on receipt; if all works well, that should make it impossible for an attacker to eavesdrop on the connection or inject packets into it. In theory, encryption at this level is more robust than the TCP-based encryption used by SSH; only the latter is subject to TCP reset attacks, for example. The protocol is designed with its own flow control that, among other things, is designed to avoid filling up network buffers along the path between the systems. Any longtime SSH user knows the annoyance that comes from interrupting a verbose command with ^C and having to sit through a long wait while all of the already-transmitted output makes its way across the link. Mosh claims to avoid that behavior — and your editor's tests suggest that the claim is warranted.
The actual protocol is called "state synchronization protocol" (SSP); it is built on the idea that the endpoints are maintaining copies of the same objects and communicating changes to the state of those objects. One object, maintained primarily on the client side, represents the keystrokes that the user has typed. The server end, instead, owns an object describing the state of the screen. The two ends exchange packets whenever the state of one of those objects changes, allowing the other end to update its idea of their state.
"TELNET
", the project's web site proclaims, "had some
good things going for it
". One of those was local echo. Users
typing over an SSH connection will not see their keystrokes until they are
echoed by the remote end; on a flaky connection, that can make typing
painful. Mosh, instead, has some tricky-seeming code in the client that
can anticipate the changes in the state of the screen object and echo
keystrokes ahead of the remote end. "Tricky" because the client has to
figure out when not to echo — when a screen-mode application is
running, say, or when a password is being typed. Your editor did not have
access to a network slow enough to exercise this feature; it will be
interesting to give it a try the next time it's necessary to try to get
some work done over an airplane WiFi network.
Since UDP is connectionless, packets can come from anywhere. Mosh uses this feature to implement its reconnection mechanism. The Mosh "connection" exists for as long as the mosh-server process is running; the client, meanwhile, can disappear and reappear at will. So, for example, one's laptop can switch from one wireless network to another, getting a new IP address in the process. The Mosh server will notice that packets are now coming from a different address; if those packets authenticate properly, the server will start sending its own packets to that address. So the Mosh connection will persist, uninterrupted, possibly without the user even noticing.
Your editor ran some tests of this feature, switching the laptop between a local network and tethering via a phone handset. The Mosh client puts up a notification when connectivity goes away (it seems to notice before the laptop itself figures out that its WiFi access point has vanished); once the network returns, the Mosh connection is back up and running. If an output-producing command is running while the change happens, none of the output will be lost (modulo one detail).
Mosh tries to provide the best terminal experience it can. It seems that quite a bit of effort has, for example, gone into proper handling of UTF-8 character sequences and escape sequences. But there is an implication of the state synchronization protocol that affects the terminal experience in a significant way. Since Mosh models the entire state of the screen, it wants to be in control of that state, with the result that it overrides and changes the behavior of the terminal emulator that one might be running Mosh within.
This aspect of Mosh is perhaps most visible when it comes to scrolling back through the terminal output. The Mosh model of the screen encompasses the screen itself, but not anything that has scrolled off the top. When using gnome-terminal and SSH, for example, the mouse wheel can be used to move back through the output; that does not work with Mosh. Instead, the wheel moves through the command history. The gnome-terminal scrollbar becomes inoperable while Mosh is running as well. The problem was first reported in 2011 — it is issue #2 — but it remains unfixed. The workaround is to use a utility like tmux or screen.
Mosh's focus on the terminal experience also ties into the other reason why it is not truly an SSH replacement. It can be used to run an interactive shell on a remote system. It can also be used to run a command non-interactively, but only if the user doesn't care about seeing the result after Mosh exits and resets the screen. But it cannot be used for tasks like port forwarding. Those of us who use SSH as a sort of poor hacker's VPN will need to continue doing so.
Mosh, thus, is aimed at a fairly specific use case: users who engage in
interactive terminal sessions with remote hosts over variable and possibly
flaky network connections. That is a description that, for example, fits
many attendees of Linux-oriented conferences. But, if the truth be told,
Mosh is not a tool that will make a day-to-day difference in your editor's
life. In a world where many resources are local and the rest are accessed
via higher-level protocols, many of us probably do not need a highly
optimized, extra-robust remote terminal emulator. For those situations
where it is useful, though, it would seem that, as your editor has heard
for years, there is nothing better.
Posted May 17, 2017 1:29 UTC (Wed)
by ast (subscriber, #100277)
[Link]
Posted May 17, 2017 3:49 UTC (Wed)
by NightMonkey (subscriber, #23051)
[Link]
https://github.com/apenwarr/sshuttle
Thank you for the review. Fine as always. :)
Posted May 17, 2017 4:23 UTC (Wed)
by grahame (guest, #5823)
[Link]
Additionally, the lack of support for forwarding an SSH agent is a pain - I sometimes need to forward my agent to bounce through between hosts, or to access private git repos on a remote host.
These days I just try to minimise the amount of work I actually do on remote hosts, and for the work I do need to do SSH is adequate.
Discussion of the SSH forwarding / gateway host seems to be happening in this issue:
https://github.com/mobile-shell/mosh/issues/120
Posted May 17, 2017 4:44 UTC (Wed)
by hifi (guest, #109741)
[Link]
Also, my primary connection is mobile broadband and it's fairly easy to get huge amount of input lag with it if you do something else simultaneously and Mosh really helps to cope with that. No lost keystrokes when the round-trip time is 900ms.
For improved typing experience on said irssi session I have the client running with --predict=experimental which removes the requirement to check the server if echo is on so typing will always start immediately regardless of connection state. This, of course, does not work with anything that doesn't use line input (like vi command mode) as it would echo all your typed characters first on the screen and then the server would correct it when the application does something else. It would also not work well for password input as any typed characters would be briefly visible on the screen.
+1 for Mosh but it's definitely not a replacement for SSH but more like an extension.
Posted May 17, 2017 6:12 UTC (Wed)
by epa (subscriber, #39769)
[Link] (3 responses)
Posted May 17, 2017 9:00 UTC (Wed)
by smurf (subscriber, #17840)
[Link]
Also, all this terminal and line discipline code inside the kernel is rather old and there's no longer much of a reason why it should be in the kernel in the first place.
Posted May 17, 2017 20:00 UTC (Wed)
by cgull (guest, #115681)
[Link] (1 responses)
Posted May 18, 2017 6:04 UTC (Thu)
by epa (subscriber, #39769)
[Link]
None of this would help much if you are running some full-screen text program inside the mosh session (and perhaps your command prompt inside that, as Emacs's shell-mode). I guess the heuristic used by mosh is the best we can do -- and the older line disciplines, while cleaner in principle, are just too inflexible. It's like remote graphical sessions where (with the demise of X11) we no longer send primitives to draw individual lines and rectangles, or render a device-independent character glyph, but instead send the individual pixels with a moderately intelligent compression layer. A good example of "worse is better".
Posted May 17, 2017 6:51 UTC (Wed)
by ekacnet (guest, #55471)
[Link] (1 responses)
Posted May 17, 2017 15:32 UTC (Wed)
by MatejLach (guest, #84942)
[Link]
Posted May 17, 2017 7:46 UTC (Wed)
by shx (guest, #105604)
[Link]
Posted May 17, 2017 8:28 UTC (Wed)
by xyzzy (guest, #1984)
[Link]
Likewise, being able to have a bunch of terminal sessions open that remain persistent when you shut your laptop's lid, commute, and open it again, is brilliant. It means your remote terminal sessions are exactly where you were before -- and they work! The experience with SSH is going back to a terminal window with an SSH session that looks like it's still operative until you start typing, and it dies.
Posted May 17, 2017 9:28 UTC (Wed)
by paulj (subscriber, #341)
[Link] (12 responses)
That caught my eye.
Does that mean Mosh has hand-rolled its application crypto protocol (above the low-level encryption algorithm used)? Is it using some unchained, per-packet encryption? That could imply weaknesses, possibly significant.
That makes me want to read more about Mosh's security before trusting it...
Posted May 17, 2017 10:15 UTC (Wed)
by flussence (guest, #85566)
[Link] (2 responses)
Posted May 17, 2017 10:38 UTC (Wed)
by HenrikH (subscriber, #31152)
[Link]
Posted May 17, 2017 20:29 UTC (Wed)
by cgull (guest, #115681)
[Link]
There's nothing particularly special about OCB for interactive use, it has no particular advantage for that over any other AE mode.
Posted May 17, 2017 12:41 UTC (Wed)
by epa (subscriber, #39769)
[Link] (8 responses)
Or am I worrying too much about the latency imposed by AES?
Posted May 17, 2017 12:53 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (4 responses)
Bear in mind that modern CPUs have dedicated AES assist instructions - this set of slides suggests that you end up using around 2 clock cycles per byte with an optimal implementation, and a latency on the order of 10 clock cycles from first byte in to first byte out. Given the clock speeds on modern CPUs, I suspect that you're going to hit network limits before AES is too slow.
Posted May 17, 2017 15:59 UTC (Wed)
by epa (subscriber, #39769)
[Link] (3 responses)
Ten clock cycles (or even ten thousand) is plenty fast enough to display a keystroke instantly.
Posted May 17, 2017 16:07 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (1 responses)
Yeah - AES acceleration instructions mean that your latency is dominated by network latency, not compute latency, by a significant margin - a realistic implementation of AES decrypt using the acceleration instructions is going to add under a microsecond of latency, which is less than the minimum Ethernet latency you're going to see on a real 10G network.
Posted May 18, 2017 7:08 UTC (Thu)
by luto (guest, #39314)
[Link]
Posted May 18, 2017 15:30 UTC (Thu)
by flussence (guest, #85566)
[Link]
ChaCha20 is a bit faster than AES (4-15cpb), which is one of the reasons it's the default in OpenSSH now.
Posted May 17, 2017 15:25 UTC (Wed)
by itvirta (guest, #49997)
[Link] (1 responses)
Posted May 17, 2017 15:55 UTC (Wed)
by epa (subscriber, #39769)
[Link]
I suppose that if the UDP packets have a sequence number and a fixed length, you can still use the one-time pad to encrypt them (if a packet is lost, then that bit of the one-time pad is wasted too).
Others have pointed out how on modern CPUs AES is fast, so it may be a non-issue. (Although I would point out there is a difference between the average speed for decrypting a large block of data, and the speed if you are doing a single byte at a time. I doubt that decrypting just one byte on its own can be done in two clock cycles. But even if it takes a hundred thousand cycles that's still fast enough, on a modern CPU, to display the keystroke 'instantly' to a human user.)
Posted May 17, 2017 20:07 UTC (Wed)
by cgull (guest, #115681)
[Link]
Posted May 17, 2017 9:37 UTC (Wed)
by obonaventure (guest, #108715)
[Link] (10 responses)
Posted May 17, 2017 12:30 UTC (Wed)
by pabs (subscriber, #43278)
[Link]
Posted May 17, 2017 12:42 UTC (Wed)
by nix (subscriber, #2304)
[Link] (3 responses)
Posted May 17, 2017 13:03 UTC (Wed)
by corbet (editor, #1)
[Link]
Unfortunately, the work to upstream this code seems to have stalled completely.
Posted May 20, 2017 7:54 UTC (Sat)
by obonaventure (guest, #108715)
[Link] (1 responses)
Posted May 20, 2017 11:41 UTC (Sat)
by nix (subscriber, #2304)
[Link]
Posted May 17, 2017 17:24 UTC (Wed)
by shemminger (subscriber, #5739)
[Link] (4 responses)
Posted May 17, 2017 21:24 UTC (Wed)
by itvirta (guest, #49997)
[Link]
Perhaps, but it does have the advantage that it works without any kernel support.
In mosh's case, it also has the upside that it knows more about the underlying data
Posted May 17, 2017 22:42 UTC (Wed)
by renox (guest, #23785)
[Link]
Posted May 17, 2017 23:02 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
So it's much better to transmit the whole screen state anew if an update packet is lost rather than wait for TCP retries to deliver all the intermediary packets.
For the same reason voice/video conferences use UDP - it's better to simply drop a small update to compensate for it later rather than cause the whole screen to stutter while the stream recovers.
>"Those who do not understand TCP are doomed to reinvent it"
Posted May 20, 2017 7:28 UTC (Sat)
by niner (subscriber, #26151)
[Link]
Posted May 17, 2017 10:59 UTC (Wed)
by 1ace (subscriber, #103978)
[Link]
You can use Linux's `tc` (traffic control) to simulate any network condition, including latency, bandwidth, packet loss, etc.
Posted May 17, 2017 12:47 UTC (Wed)
by smadu2 (guest, #54943)
[Link]
Posted May 17, 2017 13:57 UTC (Wed)
by Felix.Braun (guest, #3032)
[Link] (1 responses)
Posted May 17, 2017 21:00 UTC (Wed)
by cgull (guest, #115681)
[Link]
Posted May 17, 2017 16:16 UTC (Wed)
by jengelh (guest, #33263)
[Link]
Easy enough to fix that, without waiting for an airplane:
tc qdisc add dev lo root netem delay .3s
Posted May 17, 2017 19:53 UTC (Wed)
by cgull (guest, #115681)
[Link]
Mosh is a virtual terminal emulator that runs on both server and client. It transmits terminal output from server to client by sending updates from a previous state of the terminal screen to a newer one. It fundamentally maintains a rectangle of character cells for you to look at, rather than sending the complete character stream to update a terminal emulator on the client. So an application can update the screen quickly between two client updates, and character output that would go into scrollback on a normal terminal is simply never sent by Mosh, only enough data to construct an accurate display as of the second update.
So that's the weakness and strength of Mosh-- you don't get the full stream of data that you would with SSH, but the state synchronization protocol allows Mosh to skip intermediate transmitted state and blithely function on astoundingly bad networks. The predictive local echo is also important here. I've used Mosh on wi-fi networks with 50% packet loss and it's been noticeable but entirely usable. (Of course, when a network is this bad, it's a pretty short and steep slope from there to a network that drops all packets. Not even Mosh can fix that.)
Posted May 18, 2017 9:09 UTC (Thu)
by swmike (guest, #57335)
[Link]
The only thing lacking is proper IPv4/IPv6 dual stack support, so one can switch between address families seamlessly.
Posted May 18, 2017 14:49 UTC (Thu)
by caliloo (subscriber, #50055)
[Link]
Posted May 18, 2017 16:37 UTC (Thu)
by falstaff (guest, #92469)
[Link]
Posted May 20, 2017 15:41 UTC (Sat)
by TRS-80 (guest, #1804)
[Link] (3 responses)
You may think this is a pretty ridiculous reason to stop using it, and I would agree with you, however when reading Twitter with oysttyer sadly emoji being silently removed has a significant impact on comprehension. Having to press up, enter, re-enter my password, then up and enter again (for screen -xU) is far less of a problem.
Posted May 22, 2017 1:55 UTC (Mon)
by flussence (guest, #85566)
[Link] (2 responses)
Posted May 22, 2017 3:36 UTC (Mon)
by mathstuf (subscriber, #69389)
[Link] (1 responses)
Posted May 22, 2017 11:36 UTC (Mon)
by flussence (guest, #85566)
[Link]
Posted May 22, 2017 2:18 UTC (Mon)
by rsidd (subscriber, #2582)
[Link]
Entering the mosh pit
https://github.com/4ast/mosh/commit/b642df68efe1b437ceeb6...
It's a hack, but it mostly works despite some issues. Unfortunately no expectations that
it will ever be merged upstream, since it removes most 'cool' features of mosh like full
terminal emulation that allows mosh to send only visible bits between client and server.
This hack encrypts and sends every byte as-is from server to client and back, just like ssh does.
Entering the mosh pit
Lack of forwarding support (SSH agent; hopping between hosts)
Entering the mosh pit
Instant update of typed characters
Instant update of typed characters
Instant update of typed characters
Instant update of typed characters
Entering the mosh pit
Not sure how it compares to mosh.
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
“Each UDP packet is separately encrypted (using the OpenSSL AES implementation)”
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
the useful use-cases is that of roaming or sleeping laptop clients. Besides, what would you do when your megabyte runs out?
As for the latency of AES, that's what your SSH connections are encrypted with, too.
Entering the mosh pit
Entering the mosh pit
Instead of changing the application to support mobility, another solution is to change the underlying transport protocol. When ssh is used over Multipath TCP, all the mobility features provided by mosh come for free thanks to the underlying Multipath TCP. All the features of ssh, including port forwarding, continue to work. If TCP reset attacks are a concern, Multipath TCP can cope with such attacks by recreating subflows and it would be possible to use ssh implementations to better interact with Multipath TCP.
Patches are available for various versions of the Linux kernel from http://www.multipath-tcp.org
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
MPTCP is rather carefully designed to sneak through middleboxes; that's where a lot of the complexity in the protocol comes from. Some details are in my 2013 article on the subject.
MPTCP
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
"Those who do not understand TCP are doomed to reinvent it"
Entering the mosh pit
Which helps a lot in getting your software to work across different operating systems.
than a general purpose stream transmission algorithm does. Namely, changes to the
screen can be mercilessly discarded when the client isn't looking.
Entering the mosh pit
For example I hate having to type sleep 30 to prevent me from trying "too soon" to restart an application which then fail because the TCP connection fail.
Entering the mosh pit
Nope. Mosh is essentially a media application - it transmits the live video of the remote terminal.
Those who think that TCP is The Answer are foolish in the extreme.
Entering the mosh pit
Entering the mosh pit
See https://wiki.archlinux.org/index.php/Advanced_traffic_con... and http://lartc.org/lartc.html#LARTC.QDISC ("9.2.2.2. Sample configuration" in particular) for instructions.
Entering the mosh pit
Entering the mosh pit
JuiceSSH is indeed fairly excellent, but there is an issue that causes screen corruption with a server running mosh 1.2.6 or 1.3.0. Fixed in Git master and the next release (coming soon), or you can fall back to mosh 1.2.5.
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
I gave up on mosh once I realised it was eating eomji. The relevant bug report is long, but the problem is mostly to do with mosh having to know the width of every character, which is hard when you compare the speed of unicode to update latency of system libraries.Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit
Entering the mosh pit