If you experience any difficulty in accessing content on our website, please contact us at 1-866-333-8917 or email us at support@hudsonvalleyhost.com and we will make every effort to assist you.
As a seasoned Linux Administrator, SSH has been your best friend for years. Times have changed, you are no longer constrained to a desktop in a windowless room surrounded by server racks. You are on the move and it is time you moved to the next generation in remote shell. This article talks about MOSH (Mobile Shell) and how you can install it on your servers for seamless server management
Released in 2012, MOSH was created to provide a way for SSH connections to remote servers to be persistent across networks. You could connect to a session and move across networks (home WiFi to mobile 4G) without skipping a beat. MOSH uses UDP vs TCP, which SSH uses, allowing sessions to remain active. It is built to withstand packet loss using State-Synchronization Protocol (SSP). So much so that it even saved a man stuck in an elevator with barely sufficient phone network to moshinto the SDF MetaArray and email his way to a rescue.In a nutshell, MOSH works by synchronizing the “screen” at the server and the “client”. SSP operates via datagrams over UDP and MOSH has the distinction of being the first application out in the wild that implements SSP.
MOSH attempts to overcome the vulnerabilities that are present in SSH as each datagram is encrypted using AES-128 in the Offset Codebook mode. Authentication of each datagram is based on an incrementing sequence at client and server end. This prevents any attacker from closing a terminal as the next packet from the client will reconnect the end-points. The MOSH protocol also has a smaller attack surface (it uses SSH only for the initial connection and then hands-off connectivity to the mosh-server over UDP)
MOSH also features the ability to predict user strokes allowing the user to see his/her input on the screen almost instantly. MOSH also goes a step further and predicts what the effect of a key sequence would be and makes the change on the screen. The authors of MOSH say this brings down the median keystroke time by a factor of 100
Mosh is available for a wide variety of platforms and must be installed both at the client and server side. On the server side, install it using one of the following commands
sudo apt-get install mosh # Ubuntu/Debian
sudo yum install mosh # Centos
sudo dnf install mosh # Fedora
sudo zypper in mosh # OpenSUSE
Homebrew:
brew install mosh
Windows:
Install the MOSH chrome extension from theChrome store
Since MOSH is built to handle slow & laggy connections, you can install these clients on your smartphone
Android:
iOS:
You are all set, invoke MOSH from your client as
mosh user@servername
You will initially be asked for the password used for SSH and then the connection begins. To exit, use logoutor exit. To force close a connection, use the Ctrl-^escape sequence.
If your server is running a firewall, you may need to open the ports 60000-61000 for
UDP traffic. If you are using iptables, here is how to do this
sudo iptables -I INPUT 1 -p udp –dport 60000:61000 -j ACCEPT
Note that iptablesis not persistent across server reboots which means you need to save the rule via the iptables-savecommand
iptables-restore < /etc/iptables/rules.v4 # Ubuntu/Debian
iptables-restore < /etc/sysconfig/iptables # Centos
If you are using firewalld, you can add the port range as below
sudo firewall-cmd –zone=public –permanent –add-port=60000-61000/udp
By default, when starting the connection, MOSH uses port 22 to SSH to the server. If you are running SSH on a different port, you can specify this when invoking the command
mosh user@servername –ssh=”ssh -p 4022”
You can also connect to a specific UDP port while starting mosh
mosh –p 60237 user@servername
Troubleshooting
Here are some common errors you may face
Nothing received from the server on UDP port 60004
This is usually a firewall problem. The initial SSH worked and mosh-server is running, but the firewall on the server is preventing UDP packets transmission. See the steps above to add UDP connectivity for mosh
mosh requires a UTF-8 locale
MOSH requires that both the client & server use UTF-8 locale. Run localecommand at the client end and SSH to the server and run the same command. Both commands must show something like this LC_CTYPE=”en_US.UTF-8”
mosh server not found
MOSH server is required to be on the server’s default PATH. If the mosh-server is in a different location, connect to the server with the location of the mosh-server binary like so
mosh –server=/path/to/mosh/bin/mosh-server servername
If you are still facing an issue, you can join the developers in the #moshchannel on Freenode IRC
MOSH is a great tool to have on your machine, but no post would be complete without playing the devil’s advocate. Compared to SSH, MOSH has the following downsides
i. Installation of additional software:
MOSH works by running a terminal emulator on your server. This means that you need to install mosh(as we described above) on both your server and as a client. There is no direct Windows support (only a Chrome Extension), which might discourage a number of users.
ii. Opening a wide range of ports for mosh access:
MOSH uses the first available free port in the range 60001-60999. This means you need to open you firewall to a wider range than the typical port 22 (or the random port you choose in your sshd_configfile)
iii. No scrollback feature
Because MOSH works by synchronizing visible screen datagrams, you can’t scrollback to view output from previous commands or from a single command that displays pages of output. The creators are tracking this issue and looking for a way to implement scrollback, in the meanwhile, the recommendation is to use screenor tmux
We hope you give mosha spin and write back to us with your thoughts and feedback.
https://security.stackexchange.com/questions/13714/dangers-of-opening-up-a-wide-range-of-ports-mosh
https://www.linux.com/learn/mosh-pit-mobile-shell-replacement-ssh
