[sslh] Does SSLH support Mosh
Yves Rutschle
yves at rutschle.net
Tue Dec 8 21:02:52 UTC 2020
Hi all,
On Sun, Nov 08, 2020 at 09:12:06PM -0000, Sean Warner wrote:
> I just want to confirm if sslh does or does not support it? I suspect it doesn't because mosh seems to work over udp?
I had a look at Mosh, and it's going to be... interesting.
As I understand, what happens is:
- Mosh client connects to server using SSH
- Mosh client uses SSH connection to run Mosh server, which
binds to a UDP port
- Mosh server also generates an AES key
- Mosh client retrieves UDP port and AES key
- From there on, Mosh client talks to Mosh server using the
adequate UDP port, ciphering with AES key.
So, one UDP port per connection, and UDP packets are
encrypted so we can't really sort on them.
Probably the best we can do is set Mosh server to listen
from
a specific port (I haven't looked into whether that's
possible), make that port 443, and forward all unknown
incoming UDP there as the last probe: this means you can
still manage one Mosh connection through sslh.
The alternative would be to modify Mosh on both sides,
basically just adding an unencrypted session identifier in each packet (in place of the UDP port). Not very practical.
Y.
More information about the sslh
mailing list