Mosh

I have to ssh proxy to get to my main machine, everything is filtered on the network my machine is on, apart from the ssh access box. This makes using mosh a little troublesome.

                          +-------+           
+------+                  |ssh    |          +-----------+ 
|laptop|-------ssh------->|gateway|--ssh---->|           | 
+------+<--               +-------+          |dev machine| 
           \---------mosh------------------->|           | 
                                             +-----------+

dev can only be reached via an ssh proxy, but thankfully there is an open UDP port range that works. Mosh seems to have trouble figuring out the correct ip/port pair to select in this setup, mosh is quite simple so it is easy to deal with.

Host dev
Hostname dev.domain.tld
User tj
ProxyCommand ssh -w 30 -q gateway.domain.tld nc %h 22

The mosh command is just a shell script, it sshs to the remote machine and runs mosh-server. Mosh server generates an AES session key and starts the mosh server process on the machine. mosh-client takes the session key via an environmental variable, ip address and port the server is listening on.

With that we can run mosh by hand:

[laptop] $ ssh dev
[dev] $ mosh-server
  setsockopt( IP_RECVTOS ): Invalid argument

  MOSH CONNECT 40001 pv2jeN0MJ1N4gCd1V0i21g

  mosh-server (mosh 1.2.5) [build mosh 1.2.5]
  Copyright 2012 Keith Winstein <mosh-devel@mit.edu>
  License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.

  [mosh-server detached, pid = 19100]

  Warning: termios IUTF8 flag not defined.
  Character-erase of multibyte character sequence
  probably does not work properly on this platform.
[dev] $ exit
[laptop] $ MOSH_KEY="pv2jeN0MJ1N4gCd1V0i21g"
[laptop] $ mosh-client 143.100.67.5 40001

Once you know how to do mosh by hand there are other things we can try. I don't think it would be impossible to work around certain types of NAT using nc. It requires a third party box, but a lot of STUN can be done with just UDP packets.


Reading: Little Brother, Transmetropolitan

I am sure I have written this down before, google couldn't find it.