I now use Mosh exclusively over ssh. It's great on slow connections as well as on fast ones. For example, I can start an ssh connection at home on my laptop, drive to the office and resume like nothing ever happened. One of the best discoveries of the past year for me.
I haven't heard of Mosh before, so I can't comment (I'll try it soon), but I just watned to point out that ssh+screen (or ssh+tmux) gives you exactly the same, and is an apt-get/yum-install/pacman-S away.
From reading about mosh, it seems to require a UDP connection, thus non-trivial routing. I forward ssh connections through ssh tunnels (sometime multiple layers), and it works great. Can mosh do that?
It's not quite the same to use ssh + screen/tmux. mosh resumes automatically (no need to log in again), and it also will show your keystrokes as you type them, even if the remote machine hasn't yet received them and then sent back to your local machine the updated text. This "buffered" text is displayed with an underline and when your computer receives communication from the server, it gets updated to the correct text. This makes the terminal feel a lot more responsive, in my experience. mosh can also be installed with apt-get, at least in Ubuntu.
I'll try it for the predictive text ... but, what do you mean "you don't have to login again"? I use a public key login on ssh (so login is invisible), and you can set up your ssh command line in your config file to do so, e.g. I often use
ssh beagle3@remote.host -t 'screen -x || screen'
And it works beautifully. (I'm heavy screen user, so even if I switch to mosh, there will be screen underneath...)
Ah, but I don't want it detached! I often do pair programming or pair sysadminning through screen. Is there an equivalent that works with screen sharing ? ( -x )
I use mosh from our office in Sydney to work on a server on in Vancouver. The character prediction makes this much easier, even if you do see the occasional literal character in a vim session before the server responds. It's so much better than the alternative!
IMO terminal protocols are more suited to UDP than TCP and I use ssh over UDP all the time. There are three main advantages:
* There is no connection session, so you can close your laptop or put it to sleep and open it up again and the connection will still be there.
* You don't have the lag of sending and then responding, it appears locally immediately
* It is much easier to get UDP around firewalls and it can't be blocked easily in the same way most VPN protocols or SSH can. I have yet to find a network where I can't get my terminal UDP packets through.
The alternative to Mosh is setting up OpenVPN[1]. It is especially worthwhile if you have a network of public servers that you administer. It is easy to setup[2] and works on Windows, Mac, Linux, BSD etc.
The best tip is to add a second interface to all your machines and setup a private VLAN across them. This way if you are experiencing a DoS attack or high traffic you can still login and administer the machine (this also applies with standard ssh - you put it in a different range of IPs and on your public machines then only have 80 and 443 open).
EC2[3], Linode[4] et al all support adding a second network interface to each machine (or to just one of the machines, which is then used as a gateway to the remainder) which can be assigned an IP address in a different range. You then setup a separate hostname to this network, or even register a separate administrative domain name (eg. company-admin.com) which you keep on a different registrar, whois record, etc.
> It is much easier to get UDP around firewalls and it can't be blocked easily in the same way most VPN protocols or SSH can. I have yet to find a network where I can't get my terminal UDP packets through.
Err, not in my world. Many hotels block udp. Amtrak's on train internet does too (they block a lot of tcp ports as well, and proxy http to stop videos).
I haven't tried recently, but most guest networks (at conferences, companies I visited, etc) did not let UDP through.
I started using Mosh a month or two ago, and I can never, ever go back. The automatic connection resumption is pure gold! I can close my laptop at work, go home, open it back up and resume work. And if I switch between wifi and ethernet, that's no problem either. Flaky office network connections are no longer a bother.
I really can't say how much mosh has improved my work life. You owe it to yourself to give it a try.
This looks great, would love to use this instead of ssh for my AWS servers, but not so sure about opening firewall ports 60000-61000. Currently only 80, 443, and 22 are open, that's a big addition.
Is that SOP for mosh, or do you guys proxy through a mosh-only server to your actual servers, or something else?
You only need to open 1 udp port afaik. That's what I do anyways.
Opening a high port in the 60000s is less risky than 22. You should probably remap ssh to something else. Or you can use ec2 security groups to limit access to certain ips.
Except anyone on the machine can bind to a port above 1024 so if your mosh server process ever exits for any reason a compromised account could bind a backdoored version.
If they're trying to sell us on this free software, why don't they provide a diagram of the SSP packet instead of telling us about UTF-8 support? I can tell whether I'm seriously interested in this just from looking at how they've structured the packet. Do I have to go digging in the source code just to get a preview? I looked at the USENIX paper and nothing in there either. When I have time I'll take a look at the src.
It makes the connection appear completely lagless, since the Mosh client echos typed characters locally instead of waiting for a round-trip with the server.
It also buffers all command output server-side and doesn't send more output than the network connection allows. This means that even if you have a runaway process dumping lots of output, you can still immediately Ctrl+C it.
http://mosh.mit.edu/