Mosh — Mobile Shell for Roaming and Intermittent Connectivity

Introduction

Mosh (Mobile Shell) is a remote terminal application designed to replace SSH for interactive use on unreliable or mobile networks. It uses UDP instead of TCP, provides speculative local echo for responsive typing, and maintains sessions across IP changes, network switches, and device sleep cycles.

What Mosh Does

• Maintains persistent sessions that survive network changes, roaming, and hibernation
• Provides instant local echo by predicting server responses for keystrokes
• Uses UDP-based protocol (SSP) that adapts to network conditions without TCP head-of-line blocking
• Authenticates via SSH for initial connection then hands off to its own encrypted protocol
• Displays an underline indicator for characters not yet confirmed by the server

Architecture Overview

Mosh splits into two components: a client that handles local display and prediction, and a server process spawned via SSH. After SSH authentication, the server opens a UDP port and sends connection details back to the client. From that point, communication uses the State Synchronization Protocol (SSP) over UDP, which transmits the current terminal state rather than a stream of bytes. This means the connection can resume after any interruption because both sides simply re-synchronize to the latest state. The protocol uses AES-128-OCB for encryption with a key negotiated during the SSH handshake.

Self-Hosting & Configuration

• Install mosh on both client and server machines via package manager
• Ensure the server firewall allows UDP ports 60000-61000 (configurable range)
• Connect with mosh hostname which handles SSH auth and UDP handoff automatically
• Use mosh --port=PORT to specify a fixed UDP port for restricted firewall environments
• Set MOSH_SERVER_NETWORK_TMOUT on the server to control idle disconnection timeout

Key Features

• Roaming support lets you change Wi-Fi networks, switch to cellular, or close laptop lids without losing the session
• Speculative local echo makes typing feel instant even on high-latency connections
• Graceful degradation shows a progress bar when the connection is interrupted rather than freezing
• No root or daemon required on the server, just the mosh-server binary in PATH
• Works with any shell and terminal application, transparent to programs running inside

Comparison with Similar Tools

• SSH — stream-based TCP protocol that freezes on packet loss; Mosh uses UDP state sync for resilience
• tmux/screen — terminal multiplexers that persist sessions on the server; Mosh provides network resilience at the transport level (and pairs well with tmux)
• Eternal Terminal (et) — similar reconnection goals using TCP; Mosh uses UDP for better latency and local echo
• Tailscale SSH — stable connections via mesh VPN; Mosh works without VPN infrastructure on any network
• WireGuard + SSH — stable tunnel approach; Mosh operates at the application layer without kernel modules

FAQ

Q: Is Mosh secure? A: Yes. Initial authentication uses SSH (supporting all SSH auth methods including keys and 2FA). The subsequent UDP session is encrypted with AES-128-OCB. Mosh does not support port forwarding or agent forwarding by design to reduce attack surface.

Q: Can Mosh forward ports like SSH? A: No. Mosh is designed exclusively for interactive terminal sessions. For port forwarding, X11 forwarding, or SOCKS proxying, use SSH alongside or within a Mosh session.

Q: Does Mosh work through corporate proxies? A: Mosh requires direct UDP connectivity between client and server. If UDP is blocked, you can tunnel Mosh over a TCP connection using tools like ssf or use standard SSH as fallback.

Q: Why does Mosh need open UDP ports? A: Mosh uses UDP for its state synchronization protocol which provides the latency and roaming benefits. The server listens on a UDP port (default range 60000-61000) for the duration of the session.

Sources

• https://github.com/mobile-shell/mosh
• https://mosh.org