[lugm.org] The buzz about mosh
Loganaden Velvindron
gnukid1 at yahoo.co.uk
Wed Apr 11 20:21:37 UTC 2012
Hello,
Some BSD users sent me a link about mosh (The ``OpenSSH killer").
It has some nice features: better response time & (local character echo-ing).
The latter is a pretty weird idea. local character echoing should be integrated into a shell,
but they chose otherwise.
It also does not require any privileges (binding to port 22 runs as root !?).
I was initially impressed by some of their design ideas. However, when I had a quick look
at the code, I couldn't help but notice questionable practices (getenv(), threads, etc..) which are susceptible
to timing attacks.
Also, they claim do to fix bugs that OpenSSH doesn't fix (UTF-8). Those issues were present in older versions
of OpenSSH released around 2006.
Last but not least, I see that they used GPLv3 and asked Richard Stallman for technical expertise. No comments about
a 10-page license and RMS's security expertise :-)
I'm not bashing mosh because I contribute to OpenSSH, but I think it still has a long way to go before it can be considered
a comparable replacement :-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20120411/0b885656/attachment.html>
More information about the Discuss
mailing list