Mosh, or “Mobile Shell”, is designed to replace SSH, especially for mobile devices or laptops on slow connections. Mosh works on UDP and will keep your connection alive, even if you change your WiFi network or if the cellular signal fluctuates.
What is Mosh?
Mosh’s UDP-based forwarding system makes it more stable than traditional SSH, as it handles packet loss much more efficiently. If your connection goes down a bit, Mosh will reconnect you as soon as it comes back, leaving your controls in place while you type.
It also greatly reduces latency; if you’ve ever tried SSH on a slow server, you’ll notice that even your keystrokes become slow and unresponsive. In fact, the SSH client waits for a TCP response from the server before displaying your entry, in case the server intercepts it for any reason. Mosh is smarter and will display your input in real time. It even gives underlined typing predictions, which is also handy.
If long term persistence is all you are looking for, you can use tmux on your server over SSH instead. Tmux divides your terminal into several panes, each with several tabs, all of which persist on the server through SSH sessions. The advantage here is that if your SSH session is disconnected, it does not affect what is happening on the server, in the same way as Mosh.
But Mosh and tmux also work well together, because Mosh will automatically reconnect you to your tmux session if your connection ends, without having to run ssh and tmux -a t [name] once again.
How secure is Mosh?
Mosh establishes the initial connection via SSH, so authentication is about as secure as SSH. It uses AES-128 encryption for traffic sent via UDP, so that your traffic cannot be sniffed.
The main problem with Mosh is that it requires the opening of many ports. Mosh can use any port between 60000 and 61000, depending on the IP address of the connection. And although you generally use the same port for the duration of the connection, this is not guaranteed. This is not a major problem, but opening 1000 ports is not really a good security practice.
If you are running a firewall like iptables, you will need to open these ports manually:
sudo iptables -I INPUT 1 -p udp –dport 60000: 61000 -j ACCEPT
And if you’re running a server on a service like AWS, you’ll also need to open ports through their firewalls. If you wanted it to be more secure, you can use striking port to close these addresses and open them only when Mosh strikes, but this is also not ideal if the port changes during your session.
In the end, if you’re using Mosh and you’re concerned about security, you should probably have it listened to on your private network and use a VPN.
Install the Mosh server and get a Mosh client
For Mosh to work, the server must have installed Mosh binaries. This does not run a daemon like sshd; it is rather the first command executed by your Mosh client when connecting via SSH. When the connection closes, the server terminates the running Mosh server.
Installation is quite simple, as it is available on most package managers. For Debian-based systems like Ubuntu, it would be:
sudo apt-get install mosh
This installs the client and the server, so you will install the same package on both. Server-oriented installations will simply ask you to substitute apt-get for your distribution’s package manager.
For Windows, you will need to install client for Chrome. There is no binary for Windows yet.
For macOS, you can install the pack directlyor install it using Homebrew:
brew install mosh
In any case, you will connect as you would with SSH:
mosh user @ server
This connects with a username and password. If that doesn’t suit you, you can also manually specify new SSH options with the –ssh parameter:
mosh –ssh = “~ / bin / ssh -i ~ / ssh / id_rsa” user @ port
This command will use your private key rather than a password. Note that the server must be configured to accept this private key, especially if it is a news from a phone or other device.