However, I do concur that, perhaps, Mosh solves a deep problem on the
wrong level or, even, in the wrong domain. The feeling, already
expressed here, that "tmux oughta do it" never leaves me. Why is that?
Because I know that ssh, by itsself, can handle connection loss quite
well. Rather, I suspect, ssh can't deal with IP changes or the
destruction of the underlying interface.
So, here's the rub: Why is a stable, somehow-abstract, network interface
with a local IP, sitting on top of the actual network interfaces, be
they wired or wireless, not the answer? Over the years, on and off,
I tried to get the Linux ethernet bonding stack (ifenslave) to provide
me with just that solution, but was never able to.
Hence, I keep revisiting mosh, then revisiting ifenslave...
 On a machine that doesn't dynamically switch network interfaces on
demand, just unplug an ethernet cable, wait a while and plug it back
in: your ssh session will resume.
The other half of the problem remains: SSH transfers unmodified byte streams between client and server over TCP. On networks with high latency or high packet loss this design doesn't work. Mosh fixes this part of the problem by redefining the problem. Instead of transferring every byte in both directions it runs a terminal emulator on both sides and the problem turn into: keep the terminal emulator states in sync. The server sends patches from the last confirmed client state to the current server state to the last known client address:port pair via UDP. The client sends the user input (and pings) to the server via UDP. This design allows Mosh to skip over lost messages.
SSH, on the other hand, is stream-oriented, and will replay everything that has occurred, even if the resulting changes to the display in the end are minimal.
It's similar to how something like VNC functions compared to the X11 protocol. The VNC protocol is more efficient and tolerant of lossy or low-latency connections.
But -- mosh still can't do proper SSH agent forwarding, which is a real drag. Many of my common workflows become impossible. I hope it gets fixed!
Combining regular ssh with screen has worked fine for me for years. Why would I want to switch to something with a much shorter track record for security?
(By the way: if you want a line-buffered ssh for use over bad connections, run ssh inside Emacs with M-x shell.)
Unfortunately we have very little chance of having an impact on how ip is implemented in mobile network, but we do have the possibility to change our softwares to accommodate deficiencies. Much like HTTP over SPDY is highly similar to HTTP over SCTP, but we have much more chance in making SPDY a reality rather than SCTP.
> Combining regular ssh with screen has worked fine for me for years.
I guess the real novelty (and it's too bad it isn't presented in greater depths) is SSP, the synchronization protocol. It can be an inspiration for other network programs.
Does anyone know how to fix this?
(don't usually ask SO questions on HN but this has been bugging me for years)
It seemed to me as if the mobile browser kept redoing a whole lot of work, ie. essentially re-requesting web sites from scratch. I'd like to make a single request to a web site, have my proxy host complete the request and deliver the bytes piecemeal to the browser as I go in and out of range.
I think it's possible to do this transparently to the browser, but I think you might need a proxy host with a reliable connection as well as a proxy software running on the mobile device that can deal with the situation by telling the reliable host: I'm back, here's a list of running requests and the last byte I received, please continue.
> I generally do not connect to web sites from my own machine, aside from a few sites I have some special relationship with. I fetch web pages from other sites by sending mail to a program (see git://git.gnu.org/womb/hacks.git) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly.
A lot of the problems with mobile networking are the results of connections literally being cut off. On trains I often end up without coverage (tunnels, in the middle of nowhere) exactly for that reason; the connection broke. I don't think that hacking a system based on connections to pretend that this never happens is a particularly good idea.
The major problem with it is that existing protocols need to be reinvented once again to fit new way of communicating. Of course you could encapsulate TCP/IP over it, but then you're losing all nice properties of the protocol.
This doesn't work for me because I use emacs over X11 over a tunnel.
mosh doesn't work because I feel required to use ssh-agent. That is, I feel required to use a password on my ssh private key and not using ssh-agent is too high a burden.
What do you think about Multi-path? I think Apple is already using it for Siri.
I look forward to using regular SSH to connect to my servers hosted in the floating city of New Chicago!
I, for one, look forward to communicating with a deceased person's gallbladder.
Perhaps replying with a non-sequitor is why you were downvoted?
ISPs like Verizon Mobile are NATing everything -- even IPv6 IPs, and running through proxy servers to enable rate-limiting and other things.
As far as mosh is concerned, it feels like it's an extremely overengineered solution to the "I wish I had started this process in a screen session" problem, except you need to be thinking even further ahead than you would normally (installing and connecting via a mosh service, as opposed to remembering to connect to a screen session that can be run with very little prior setup and no client modification).
Where mosh really shines is when your IP is changing too frequently (a mobile problem when you are on the move) and when you are dealing with high latency connections.
When you have to ssh in somewhere over a shitty, barely working mobile data connection - mosh is a lifesaver. It makes an otherwise unusable situation comfortable and productive.
Sure, it's handy for jumping between connections, on/off wifi and so on - but that's easy to achieve many other ways with tools that have been around for a decade or two at this point.
Not necessarily. When I'm thethering my phone's data connection to my laptop I use mosh to ssh into my server because it resists way better to bad connectivity. No matter if I used screen or not, I would still have to kill the ssh process and connect again and reopen screen if I didn't use mosh.
But if I lost connectivity - my SSH session won't be auto-resumed from local machine in first place, I think thats one of the things `mosh` solves.
It promises lower latency etc, but I am just perhaps too slow to notice such things (or both SSH/Mosh feel equally laggy if remote connection is slow enough).
While true, it just seems (to me) that if that's the only problem you're solving (which is to say, not needing to type the command "ssh host" and let your key log you in) and it's at the expense of not being able to properly ForwardAgent (which I require very heavily in my line of work), then it's a lot of work for negative return.
But, again, to each their own. As mentioned below, if your latency over a phone connection is so bad that this helps you, then by all means, use it. :) I'm just noting that for pretty much everyone I work with, this would be a step backwards.
> you could just add a "/bin/screen -DR; exit" to your
> remote .bashrc and the screen integration would be
> completely invisible after the initial instantiation.
- SSH to remote
- on remote, run "screen"
- get disconnected from remote
- SSH to remote, .bashrc runs "screen -DR" and you resume from where you left off
You only have to create the initial screen session once, and it persists until you explicitly shut it down or restart the remote machine.
And what happens if I want to have two terminal tabs on my end logged into the same remote machine? (Which is basically 100% of the time for me.) It seems like that would be a case where mosh would be much smoother...
(Disclaimer: Once upon a time I used screen, but I stopped ages ago. mosh is intriguing, but as long as I'm working from home just plain vanilla ssh is all I really need...)
Multiple terminals in one session was more critical back when we were using dumb terminals and whatnot - where you couldn't multiplex locally.
Don't do that. Open a new window in your screen instead.
Then start giving windows descriptive names. Then start giving them automatic names. Marvel at most fast you've gotten using the window selector (with type-ahead-find).
You can use 'screen -x' to attach multiple times to the same session.
Why is everyone here assuming all programs can be run in a screen session? I run emacs over X11 through a tunnel. This is far superior to emacs in a screen session.
Because that's what mosh is designed for. Graphical programs are off-topic.
By the way, we have used xpra ("screen for X") with success in the past: https://www.xpra.org/
I've solved this by buying FastX from StarNet. I run a server on Linux and display my X programs on my desktop at work. When I get home, where I run the client on my home desktop, I can connect to the same server and disconnect my work clients and reconnect them to my home machine. It's the perfect solution for me.
Alternatively, consider Kerberos and kinit.
I love the idea of mosh, but I find the implementation to be lacking... or I am doing it wrong. :)
I haven't used the agent forwarding patch myself, though. The patch is rather large, which may be the reason it was never merged.
The author (rinne) is the former CTO of ssh.com, by the way.
One of the greatness of ssh is its lean network requirements (it can even be considered https if seen from intermediate proxies, hence whitelisted) and this extra udp port is quite a burden in some environments.
I still agree that mosh is a fine tool for mobile users. I'm just a tad worried about its security layer implementation being less audites than openssh for instance (as mosh isn't as widely used)...
That said, it has never been audited.
Also, as far as I was aware, ssh provided no scrollback either. Any such scrollback is a property of the (local) terminal you're using, not ssh itself.
The Mosh client is also a terminal emulator (similar to screen); part of the reason it can be so efficient is that it isn't just another layer in the network stack over which standard lines of text travel, it is a remote console viewer (like VNC is for graphical desktops, only sending parts of the desktop that have changed; and if there is a massive wall of text spamming the screen, it will just show you the end result rather than sending it all)
Though after doing some research, it seems mosh skips some intermediate states when large amounts of lines are printed, causing them not to be sent to the client. This would cause the observed behaviour of no scrollback in the local terminal.
I've never had this experience! And I've used mosh for some time extensively on all sorts of connections ranging from abysmal to horrible. Maybe you used an older version?
A few years ago I spent a summer at a remote field site, sharing a flaky T1 with 100 other people over equally flaky site-wide wireless network. (Many of those people were undergraduates who had been politely asked not to use the research network to access facebook, but, well, you know.) Not only was packet loss common, but latencies to an outside host varied whimsically from 50ms to 2000ms. In those conditions ssh was unusable, tmux or not. I was able to do work on remote servers only because of mosh.
The other security issue is the whole 'seamless reconnect' - it's probably been thought of, but does anyone have any links to how they've mitigated the massive MITM risk this opens users to?
test -z "$BASHPROFILEREAD" || return
(to avoid double-sourcing) and there's no good way to fix them. I haven't tested ksh93/zsh yet, but I suspect similar issues. I suspect the developers do little more with their shell initialization than set a few aliases and variables so it's not an issue for them, but fixing it for myself is far more work than worth it. It's too bad, everything else works well for me with mosh.
> supports intermittent connectivity
That's all you need to say really..!
Now, you close your laptop, hop on your bike, enjoy a nice lunch somewhere, and head to a café for the afternoon. You open your laptop again.
Correct me if I'm wrong, but with your setup, you need to go to each pane and re-ssh to each host. But with mosh, I don't need to do anything except wait a few seconds. All of my connections are re-established, and (even without screen) my sessions are restored just as I left them.
I rarelly do anything like that anyway, because I don't like long standing connections. What are you doing with all those connections open anyway?
Configuring stuff? Why don't you clone your settings, and just push when done? (Or use puppy.)
Accessing local resources? Nope, if that was the case, losing the connection will disrupt your work anyway unless you script everything, in what case screen'll fit much better.
Waiting for a repply? Email and SMS are much better protocols for handling that.
Don't get me wrong. I see some value in automatically reconnecting to sessions (and when I care about a session, my computer does that). Also, handling bad connections (not intermitent) well is a feature. But those come at a cost - you are now tied to one client computer, and you can't script it as well as plain ssh, and some security concerns. I don't think it's worth that cost.
> What are you doing with all those connections open
What's a non-Unicode character, and where would you find one? Do you mean the crazy private use characters used to make fancy Vim status lines, or something else?
It also doesn't provide most of SSH functionality, and it doesn't support IPv6 yet, whereas SSH does.
Q: Has your secure datagram protocol been audited by experts?
No. Mosh is actively used and has been read over by security-
minded crypto nerds who think its design is reasonable, but any
novel datagram protocol is going to have to prove itself, and
SSP is no exception. We use the reference implementations of
AES-128 and OCB, and we welcome your eyes on the code. We think
the radical simplicity of the design is an advantage, but of
course others have thought that and have been wrong. We don't
doubt it will (properly!) take time for the security community
to get comfortable with mosh.
The reason mosh shows you current-state rather than playing catch up with every byte transmitted by the terminal is very deliberate, and desired.
...just to name a few examples.
Mosh is awesome, but also not something new.
https://news.ycombinator.com/item?id=6321474 was within a year, but I guess was borderline, so we'll leave the current post.
Mosh continues to be awesome, and definitely deserves to be more well known. It works wonders when you have a crappy connection.
Of course, this doesn't change anything in the project interest!