![]() One way to reduce attack surface is to use proxies or jumper machines: Your server ignores all packets to your SSH port that do not come from one of the jumper machines. SSH servers are traditional targets for scripted attacks. Using a proxy for the initial SSH connection You can configure mosh to use different ports, of course, if that makes it easier. This is the range your firewall needs to allow. The UDP connection and Firewallsįor the UDP packets, Mosh regularly uses the port range 60000-61000, from which it chooses one port to listen on and send packets from. Voila! You’ve a secure shell on your machine that is robust against intermittent internet problems. You can now connect to this server using the mosh-client command: MOSH_KEY=EPZ2sM6Alaaaad4AxWRIqg mosh-client myserver 60001 The “MOSH CONNECT” line reveals the port that the server is listening on for UDP packets and the secret key to encrypt and authenticate UDP packets. There is NO WARRANTY, to the extent permitted by law. This is free software: you are free to change and redistribute it. License GPLv3+: GNU GPL version 3 or later. You’ll see something like this: MOSH CONNECT 60001 EPZ2sM6Alaaaad4AxWRIqg No need to be root, any unprivileged user is good. You can do this step manually, too: SSH to a server and run “mosh-server” in the shell. The Mosh server then starts listening on a UDP port in the allowed range. ![]() What does the Mosh client do exactly on setup? After SSHing to the target server, it runs the command “mosh-server”. (That is, unless a firewall is in the way. If you would normally connect to the server using ssh myserver, then “mosh myserver” should work fine. ![]() To get mosh to work, you install Mosh on both your computer and the server, for example with ”apt install mosh”. Mosh directly connects to the target server That is why Mosh is so robust against connection failures and bad internet. Afterwards, your computer and the server communicate via encrypted UDP. Mosh works in two phases: First, the mosh client uses normal SSH to establish a connection securely. In this article, I focus on how the connections work, and how they can be tunneled over proxy machines to accommodate IP-based firewalls. For example mosh client predicts traditional shell behavior for faster typing response, and mosh server only transmits buffered screen diffs to transfer less crap for commands with huge output and to keep `Ctrl-C` working. In contrast to SSH though, mosh is optimized for flaky internet: The connection keeps working even if your WiFi network changes and even if you decide to suspend your computer because you need to move nearer to the coffee machine. It allows you to access any server on the command-line that you have SSH access to. Mosh, short for “mobile shell”, is a “remote terminal application”.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |