Re: [PLUG] MOSH - MIT's Interactive Remote Shell for mobile clients ( ssh replacement )

[Sam Gleske <sam.mxracer@gmail.com>]

On Mon, Jul 9, 2012 at 10:48 PM, Lee H. Marzke <lee@marzke.net> wrote:

The video says that you need one additional port per concurrent
session open.  So for small instances,  you may only need 10 ports.

Yes SSH is used for initial auth only.  I'll also have to try this soon.


Lee

Apparently the author is asking for a cryptographic review of the software according to one of the replies (bottom) linked by JP.  I would agree with that commenter that I am not letting mosh anywhere near a server that is of any importance (and that would include blogs about cheese sandwiches) until the software is more thoroughly reviewed.  Also, it opens up several vulnerability vectors which may not have been discovered yet (i.e. you're opening several ports for just SSH rather than a single port).

Sure it might be fun to play with to see what it's like but I'm not putting this on any system I have responsibility for.  Though the author stated in the youtube video that what they're really showing off is their protocol SSP and that mosh is simply a proof of concept of their protocol.  Which is pretty neat.

SAM

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug