قالب وردپرس درنا توس
Home / Tips and Tricks / What is the Mosh scale and how do you use it? – CloudSavvy IT

What is the Mosh scale and how do you use it? – CloudSavvy IT



  Mosh Site.

Mosh or "Mobile Shell" is designed to replace SSH, especially for mobile devices or laptops with slow connections. Mosh works over UDP and keeps your connection alive even if you change WiFi network or experience fluctuating cell signal.

What is Mosh?

Mosh & # 39; s UDP based transfer system makes it more stable than traditional SSH, because it handles packet loss much more effectively. If your connection drops for a moment, Mosh will reconnect you as soon as it comes back, while your commands remain while you were typing.

It also significantly reduces latency; if you've ever tried to send SSH to a slow server, you'll find that even your keystrokes get slow and become unresponsive. This is because the SSH client is waiting for a TCP response from the server before showing your type, in case the server intercepts it for some reason. Mosh is more intelligent and displays your typing in real time. It even gives underlined type predictions, which is also useful.

If long term persistence is all you are looking for, you can use tmux on your server via SSH instead. Tmux divides your terminal into multiple panels, each with multiple tabs, all of which remain on the server during SSH sessions. The advantage here is that if your SSH session is broken, it will not affect what happens on the server, just like with Mosh.

But Mosh and tmux also play well together, because Mosh will automatically reconnect you to your tmux session if your connection drops, without you ssh and tmux -at [name] need to run all over again.

How safe is Mosh?

Mosh makes the first connection over SSH, so the authentication is about as secure as SSH is. It uses AES-1

28 encryption for traffic sent over UDP, so your traffic cannot be sniffed.

The main problem with Mosh is that it requires many gates to be open. Mosh can use any port between 60000-61000 depending on the IP address of the connection. And although you usually use the same port for the duration of the connection, it is not guaranteed. This is not a major problem, but opening 1000 ports is not really a good security practice.

If you use a firewall as iptables, you have to open these ports manually:

  sudo iptables -I INPUT 1 -p udp --dport 60000: 61000 -j ACCEPT 

And if you have a server on a service if using AWS, you must also open the ports through their firewall. If you wanted it to be more secure, you could use port knocking to close these addresses and only open them when Mosh knocks, but this is also not ideal if the port changes during your session.

Bottom line, if you & # 39; If you use Mosh and are concerned about security, you should probably have it listen on your private network and use a VPN.

Install Mosh Server and get a Mosh Client

For Mosh to work, the server must have Mosh Binaries installed. This does not run a daemon like sshd ; rather, it is the first command that your Mosh client executes when connecting via SSH. When the connection is lost, the server terminates the active Mosh server.

The installation is quite easy, as it is available on most package managers. For Debian based systems like Ubuntu it would be:

  sudo apt-get install mosh 

This installs the client and the server, so you install the same package on both. For server-oriented installations, simply replace apt-get with your distro's package manager.

For Windows you need to install the client for Chrome. There is no binary program for Windows yet.

For macOS, you can install the package directly or install it with Homebrew:

  brew install mosh 

For iOS, you can use an app like Termius or Blink Shell. [19659005] And for Android, you can use an app like Termux or JuiceSSH.

You connect at least as you would with SSH:

  mosh user @ server 

This connects with a username and password. If this is not ideal for you, you can also manually specify new SSH options with the parameter - ssh :

  mosh --ssh = "~ / bin / ssh -i ~ / ssh / id_rsa "user @ port 

This command uses your private key instead of a password. Note that the server must be configured to accept this private key, especially if it is a new key from a phone or other device.


Source link