The sys admin's daily grind: Mosh
Shell on the Beach
Dangling your legs in the sea while enjoying the Mediterranean sunshine can affect the prospect of a good Internet connection; fortunately, Charly knows what to do.
I am writing this column on the Costa Brava and currently dangling my feet in the Med. This stretch of coast is aptly named; "brava" can be translated as "wild, inhospitable." Unfortunately, this description also applies to Internet coverage beyond the tourist beaches – although WiFi is ubiquitous in hotels, campsites, and bars. At the moment, I'm using a network operated by the "Xiringuito" beach bar near the picturesque ruins of the ancient Greek trading exclave of Empúries, and the connection is pretty brava.
This situation is not going to spoil the sunny afternoon for me, however, because I still have Mosh  stashed away as an ace in my beach bag. The SSH replacement consists of a client component and a server component along with a wrapper script. Initially, Mosh connects the client and server via SSH on port 22 in the normal way. Then, the server hands the client a key, with which it identifies itself henceforth, and Mosh drops the TCP connection.
At this point, the client and server talk only on UDP, using a port in the range between 60000 and 61000 by default. I can use the
--port=<Portnumber> parameter to force Mosh to prefer a specific port. UDP connections are very robust; they even survive client suspend phases.
What's even better is that, because the client uses the key initially received from the server to identify itself, it can even switch IP addresses. So, if the beach cafe network collapses and I swap to smartphone tethering, my Mosh session continues unfazed, and my seaside reverie is undisturbed.
Token of Appreciation
If the only available connection is unstable, this can lead to the known issue that SSH does not show you what you typed at the terminal until the TCP connection recovers. Although Mosh can't work miracles in this case, it is clever enough to guess what the terminal should be displaying, and it sends the characters for output just in case. Synchronization via UDP continues to run in the background. Thanks to Mosh's predictive mechanism, working at the command line is a much smoother experience for me than using SSH.
Mosh also doesn't leave you in the dark about what has actually been transferred and what bytes are just predicted: The characters that the Mobile Shell predicts are underlined (Figure 1). So, if I only want to see the whole truth, I can disable the prediction function by issuing
--predict=never. Equally, I can force prediction using
--predict=always. The default behavior is a compromise: Mosh measures the latency of UDP connection in the background and switches on the predictive function if the connection quality deteriorates.
Mosh has become indispensable for me on the road. It cannot completely replace SSH, because it currently does not support X11 or port forwarding and only speaks IPv4. However, the developers are working on IPv6 as well as on an app for Android mobile phones, which is due for release on some other sunny day.
- Mosh: http://mosh.mit.edu
Buy this article as PDF
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.