> Mosh doesn't listen on network ports or authenticate users. The mosh client logs in to the server via SSH
> Unlike SSH, mosh's UDP-based protocol handles packet loss gracefully
So it's not a replacement for SSH, but instead sits on top. Not only that, but it has some separate self-designed protocol that it uses to implement its ju-ju, presumably heavily peer reviewed for security design defects considering the claims of being an SSH replacement that are being made. :)
That said, I think the single biggest annoyance for me with ssh is the connection setup latencies (something like ... 9 round trips and a by-default-rdns-lookup I think?). This thing can only be worse in that respect.
But yes, it can't help with the initial connection, which has to be bootstrapped over ssh.
# Multiplex connections if there is more than one
* Security product written in C++, leveraging 2 huge libraries (Google protocolbuffers, Boost)
* One man band by the looks of it
* Includes its own private crypto code (has rijndael-alg-fst.cc been vetted for timing issues?)
* Implements its own private crypto protocol (has it been vetted for replay attacks? padding attacks? [insert 20 years of perplexing bugs confounding the greatest minds in computer science]?)
And besides all that, this page is begging you to download it. It ticks every box: sexy Bootstrap design, prepackaged installers for every OS, and not one mention of a single downside! That raises the question: what is the author's agenda? (At a guess, school cred, but still, this isn't reason enough for me to swap out something as critical as SSH)
Regarding the Web site, I think Hacker News is able to take a little ribbing. You guys are always throwing up these twee Web sites; surely the free software community can have a little fun with the genre. :-)
Will definitely give this a whirl at some stage, as the feature set is quite compelling, and assuming it gets healthy reviews from the talented crypto folk on HN. :) Good luck!
The quote from the homepage tells me they get it:
Why you should trust Mosh with your remote terminal needs: we worry about details so obscure, even USENIX reviewers don't want to hear about them.
> Includes its own private crypto code (has
rijndael-alg-fst.cc been vetted for timing issues?)
The crypto/aes/aes_x86core.c implementation from OpenSSL uses pre-fetching as a countermeasure.
[Edit: Better formulated as a question? :-)]
Since OpenSSL is a long tested and optimized library, why did you decide to ship an own aes implementation?
Down the road we may end up making a shim to use GnuTLS or figuring out how to ship as GPL+OpenSSL exception.
The practical exposure to information leakage via timing attacks is pretty controlled, since we just ignore any datagram that fails the authenticity check and we generally only send outgoing packets per a timer (whose smallest value is 1/50 second).
If you have the freedom to invent your own encrypted network protocol, instead of having to be backwards-compatible with SSL or SSH, you should seriously consider NaCl as an alternative.
Protocol buffers is heavily scrutinized and as for Boost, the way it's designed means that it only pulls in what you use. The project seem to only use very little of Boost anyway, so I wouldn't bother too much about it.
More surprising, I can see it does not use Boost.Asio for networking (strange ?). It seems to use Boost for things like Boost.Lambda (deprecated with C++11) and typeof.
I think the project could benefit from leveraging the Boost libraries more or just not use them at all.
Examples: use Boost.Spirit for Base64 and replace the custom made parser. Don't use malloc to allocate raw pointers but use strings, vectors or smart pointers. Replace the networking code with Boost.Asio (which is portable). etc.
I just installed the mosh client, and replacing ssh with mosh command alone doesn't work. By not working, I meant the error message is "/opt/local/bin/mosh: Did not find mosh server startup message."
I encourage people to uninstall mosh
on Ubuntu, sudo apt-get autoremove mosh
on Mac with MacPort, sudo port uninstall mosh
Since it uses ssh for authentication, it has eliminated some of its peer-review problems.