Last modified: 2014-10-17 09:17:34 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T54693, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 52693 - Allow login using mosh as an alternative to plain ssh on bastion
Allow login using mosh as an alternative to plain ssh on bastion
Status: NEW
Product: Wikimedia Labs
Classification: Unclassified
Infrastructure (Other open bugs)
unspecified
All All
: Unprioritized enhancement
: ---
Assigned To: Yuvi Panda
: upstream
: 49454 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-10 06:45 UTC by Daniel Kinzler
Modified: 2014-10-17 09:17 UTC (History)
10 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Daniel Kinzler 2013-08-10 06:45:10 UTC 
ssh is quite painful over a slow and/or lossy connection. mosh uses ssh for authentication and then changes to it's own robust, udp based protocol. Quoting from the man page:

mosh  (mobile  shell) is a remote terminal application that supports intermittent connectivity, allows roaming, and pro‐
vides speculative local echo and line editing of user keystrokes.

Compared with ssh, mosh is more robust — its connections stay up across sleeps and changes in the client's IP address  —
and  more  responsive,  because  the protocol is tolerant of packet loss and the client can echo most keystrokes immedi‐
ately, without waiting for a network round-trip.

mosh uses ssh to establish a connection to the remote host  and  authenticate  with  existing  means  (e.g.,  public-key
authentication  or a password). mosh executes the unprivileged mosh-server helper program on the server, then closes the
SSH connection and starts the mosh-client, which establishes a long-lived datagram connection over UDP.
Comment 1 Sam Reed (reedy) 2013-08-10 07:04:11 UTC 
(In reply to comment #0)
> ssh is quite painful over a slow and/or lossy connection. mosh uses ssh for
> authentication and then changes to it's own robust, udp based protocol.

Robust and udp in the same sentence sounds funny
Comment 2 Daniel Kinzler 2013-08-10 07:06:40 UTC 
Just found out that mosh already works for tools-login, just not for bastion. would still be nice to have that, too.
Comment 3 Marc A. Pelletier 2013-08-11 01:41:52 UTC 
This is supported on tools, but adding it to the general bastions would be a good idea.
Comment 4 Tim Landscheidt 2013-08-11 18:30:07 UTC 
JFTR, on Tools mosh-server processes eat up to 25 MBytes RSS each; sshds usually are much lighter, even if you add screen.  Labs bastions could certainly handle that but it's something to keep in mind.
Comment 5 Yuvi Panda 2013-09-12 18:37:41 UTC 
*** Bug 49454 has been marked as a duplicate of this bug. ***
Comment 6 Gerrit Notification Bot 2013-09-12 18:38:26 UTC 
Change 84024 had a related patch set uploaded by Yuvipanda:
Add mosh to bastion hosts

https://gerrit.wikimedia.org/r/84024
Comment 7 Yuvi Panda 2013-09-12 18:39:29 UTC 
https://gerrit.wikimedia.org/r/#/c/84024/ perhaps? Not sure if we need to open up any ports or just installing the package is enough?
Comment 8 Gerrit Notification Bot 2013-09-12 23:23:22 UTC 
Change 84024 merged by coren:
Add mosh to bastion hosts

https://gerrit.wikimedia.org/r/84024
Comment 9 Gerrit Notification Bot 2013-09-12 23:43:21 UTC 
Change 84105 had a related patch set uploaded by Yuvipanda:
Add mosh to labs bastions

https://gerrit.wikimedia.org/r/84105
Comment 10 Gerrit Notification Bot 2013-09-16 18:19:11 UTC 
Change 84105 merged by Akosiaris:
Add mosh to labs bastions

https://gerrit.wikimedia.org/r/84105
Comment 11 Yuvi Panda 2013-09-25 19:22:31 UTC 
We now have mosh installed on the labs bastions (and Coren graciously opened up the relevant ports), and can mosh to the bastions!

However....

Because of mosh's lack of support for proxycommand or equivalent, we can't really use bastions to access the rest of labs. So we can mosh to the bastion, and... that is pretty much it. Quite useless, IMO :(
Comment 12 Marc A. Pelletier 2013-09-25 19:31:23 UTC 
mosh is indeed only reasonably useful for instances with a public IP:  while you can proxycommand the mosh invocation itself, your local client won't be able to connect to the started mosh-server unless it is reachable.
Comment 13 Yuvi Panda 2013-09-26 06:29:54 UTC 
Yeah, and you want mosh in client -> bastion, since that is the flaky part. If you need mosh from bastion to target host, you've bigger problems...
Comment 14 Yuvi Panda 2013-09-26 10:27:29 UTC 
I checked out http://mailman.mit.edu/pipermail/mosh-devel/2013-May/000499.html and that actually works! So either that gets merged, or we make a patched package.

Hopefully the former :D
Comment 15 Yuvi Panda 2013-09-26 10:28:01 UTC 
Considering we are dealing with keys, *definitely* the former!
Comment 16 Yuvi Panda 2014-10-17 09:17:17 UTC 
Still not merged, so we can't really do much.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links