{"id":1360,"date":"2018-02-07T08:29:26","date_gmt":"2018-02-07T08:29:26","guid":{"rendered":"https:\/\/blog.ssdnodes.com\/blog\/?p=1360"},"modified":"2025-07-16T15:06:20","modified_gmt":"2025-07-16T15:06:20","slug":"tutorial-ditch-ssh-get-started-mosh","status":"publish","type":"post","link":"https:\/\/www.ssdnodes.com\/blog\/tutorial-ditch-ssh-get-started-mosh\/","title":{"rendered":"Tutorial: Ditch SSH, get started with Mosh"},"content":{"rendered":"
\n
\n
\n

Secure Shell (SSH) is a fundamental component to virtual private servers (VPSs) and, generally speaking, Linux administration. The ability to connect two machines over a secure channel is invaluable, particularly when appropriately done with public keys<\/a>, and many talented developers have bootstrapped SSH to build excellent tools like rsync.<\/p>\n

But SSH isn\u2019t perfect. And there\u2019s room for other tools with slightly different goals, or tools that aim to push SSH\u2019s key benefits even further. Enter Mosh<\/a>, the \u201cmobile shell,\u201d which, according to its developers, \u201callows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.\u201d<\/p>\n

\"mosh\"<\/strong><\/p>\n

Mosh is meant to be a complete replacement for SSH, and focuses on providing a more robust connection, particularly over spotty internet connections. If you want to get started with the tutorial part of this post right away, hop down to the first step<\/a>.<\/p>\n<\/div>\n

<\/div>\n
\n

What\u2019s wrong with SSH, again?<\/h2>\n

It\u2019s not graceful on spotty connections<\/strong>. Well, sometimes SSH is terrible even when you\u2019re using extremely reliable internet. That\u2019s because when the connection between client and server falters, even momentarily, it can stall entirely, forcing you to kill it and reconnect. This process is annoying once, but after dozens of repetitions, it\u2019s a real annoyance and leech on your time.<\/p>\n

SSH has a few security vulnerabilities<\/strong>. No piece of software is infallible, and SSH is no different\u2014over the last two decades, security experts have discovered a few vulnerabilities<\/a> in the SSH protocol, including a little something the NSA worked up. Despite these, SSH remains the most popular and respected method of connecting<\/p>\n

Network latency leads to lackluster typing performance<\/strong>. When you type into a terminal running an SSH connection, the client sends data about each keystroke to the remote server, which responds in kind. Only once the data has traveled to the server and back will your local terminal show the keys you typed. The inherent latency in network connections creates a noticeable delay between you pressing a key and seeing it on your screen. There\u2019s nothing wrong<\/em> with this delay, but it doesn\u2019t make for a stellar user experience.<\/p>\n

How does Mosh do those things better?<\/h2>\n

Using states for more reliability<\/strong>. Mosh uses what it calls the State Synchronization Protocol (SSP), which is responsible for synchronizing two snapshots of the current screen state, one on the server, and another on the client. This UDP-based protocol is aimed at showing the client the most recent server-side state, and is designed to use datagrams<\/a>\/\u201cheartbeats\u201d to maintain the connection, even through roaming between Wifi hotspots or between different IP addresses.<\/p>\n

A more \u2018conservative design\u2019 on security<\/strong>. The developers of Mosh are quick to admit that vulnerabilities both added to inadvertently and discovered within OpenSSH\/OpenSSL are primarily due to the decades-long lifespan of each, and just how popular they are. The subtext is that Mosh might have better security solely through obscurity<\/a>.<\/p>\n

Still, Mosh\u2019s SSP authenticates every \u201cdatagram,\u201d which prevents some of the potential vulnerabilities in SSH. As of July 2017, no security vulnerabilities have ever been<\/p>\n

Significant improvements in latency for better real-world productivity.<\/strong> Because SSP synchronizes two states instead of waiting for data to transfer back and forth, Mosh can make changes to the user interface much faster. According to a study they completed, the median keystroke response time for SSH was 503ms, and only 5ms<\/strong> for Mosh.<\/p>\n

Is Mosh perfect?<\/strong> Certainly not. Common criticisms are having to open up a handful of UDP ports, and that it still relies on SSH to create the initial connection. Of course, screen<\/code> and tmux<\/code> also take care of the reliability\/persistence issue without<\/em> opening new ports.<\/p>\n

Still, all this adds up to a compelling picture: Mosh might not be perfect for everyone, but it\u2019s definitely worth a test. Let\u2019s get to the installation.<\/p>\n

Installing Mosh, Step 1: Installing mosh-server<\/h2>\n

As with SSH, Mosh uses one version of its application on the remote server and another on the local client. Installing on our OS options (Ubuntu, Debian, and CentOS) is a cinch\u2014just use the package manager to install mosh<\/code>.<\/p>\n

$ sudo apt-get install mosh    # Ubuntu\/Debian\n$ sudo yum install mosh        # CentOS\n<\/code><\/pre>\n
You don\u2019t need to configure anything\u2014you\u2019re good to go on the server front.<\/p>\n
Step 2: Installing mosh-client<\/h2>\n
Client-side installation depends entirely on the operating system of the machine you\u2019re reading this on right now. The Mosh team has built clients for OS X, Windows (via Cygwin), plenty of Linux distributions, Chrome, *BSD, and more.<\/p>\n
To find them all, visit the Getting Mosh<\/strong><\/a> section on the Mosh homepage.<\/p>\n
Step 3 (optional): Configure your server\u2019s firewall<\/h2>\n
If your server is configured with a firewall like iptables<\/code>, you will need to open specific ports to allow SSP to synchronize between sever and client. With iptables<\/code>, you can issue the following command to open these UDP ports.<\/p>\n
$ sudo iptables -I INPUT 1 -p udp --dport 60000:61000 -j ACCEPT\n<\/code><\/pre>\n
You don\u2019t have<\/em> to open all 1,000 ports\u2014Mosh only needs 1 open port per connection. If you only need a few concurrent connections, you can open far fewer ports, like 60000:60020<\/code>.<\/p>\n
Keep in mind that this iptables<\/code> rule is not persistent<\/strong>, in that if the server reboots, the rule will disappear. You need to save this rule. There are multiple ways to do this, including iptables-save<\/code> and iptables-persistent<\/code>. Here\u2019s how to do so using iptables-save<\/code>, which you\u2019ll need to execute after escalating your privileges using sudo -i<\/code>.<\/p>\n
# iptables-save > \/etc\/iptables\/rules.v4            # Ubuntu\/Debian\n# iptables-save > \/etc\/sysconfig\/iptables           # CentOS\n<\/code><\/pre>\n
Step 4: Your first connection<\/h2>\n
Once you have Mosh installed on both the server and client, you can try out your first connection. The syntax is mostly the same as with SSH:<\/p>\n
$ mosh USER@YOUR-IP-ADDRESS\n<\/code><\/pre>\n
So, for example, if you type in ssh person@somedomain.xyz<\/code> to connect to your VPS via SSH right now, you can type in mosh person@somedomain.xyz<\/code> instead, or use the IP address you\u2019ll find in the SSD Nodes dashboard<\/a>.<\/p>\n
You\u2019ll be asked to authenticate using SSH, but as soon as that completes, you\u2019ll be transferred over to the Mosh connection.<\/p>\n
If you have a less common case, such as an SSH server running on a port other than the standard 22, or you want to specify a particular Mosh UDP port, be sure to check out the usage area<\/a> on Mosh\u2019s homepage.<\/p>\n
Ending the connection is just as easy as getting it started. As with SSH, you can type logout<\/code> or exit<\/code> to close the session. If you need or want to force close the connection, Mosh uses the Ctrl-^<\/code> escape sequence. On most keyboards, that means typing Ctrl-Shift-6<\/code>, followed by a period.<\/p>\n
Stay in touch!<\/h2>\n
When I first started using Mosh, I was amazed at how suddenly fast and responsive my remote connections felt. There\u2019s always a place for SSH when it comes to one-off connections to remote servers, but for those I know I\u2019m going to spend lots of time on, Mosh seems like a keeper. Once I start combining it with tmux<\/code><\/a> for more flexibility with panes, I feel like I\u2019ll finally be on the right track toward some real productivity on the remote command line.<\/p>\n
If you have tips on using Mosh more productively, or just want to chat terminals, you can find me at joel@ssdnodes.com<\/a>. Happy Moshing!<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
SSH is super powerful, but it’s definitely not perfect. Why not give Mosh, which promises better reliability and speed, a try?<\/p>\n","protected":false},"author":20,"featured_media":1370,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[18,30],"tags":[],"class_list":["post-1360","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","category-tutorials"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/1360","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/comments?post=1360"}],"version-history":[{"count":5,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/1360\/revisions"}],"predecessor-version":[{"id":13509,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/1360\/revisions\/13509"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/media\/1370"}],"wp:attachment":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/media?parent=1360"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/categories?post=1360"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/tags?post=1360"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}